Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated the wc_setup_shipping_save() function to sanitize the flatrate cost input

This commit is contained in:
TimBHowe 2019-12-19 16:43:05 -05:00
parent 3b5e44ccf1
commit 8b71dc0abb
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
includes/admin/class-wc-admin-setup-wizard.php
View File

@ -1279,13 +1279,19 @@ class WC_Admin_Setup_Wizard {
// Save chosen shipping method settings (using REST controller for convenience).
if ( ! empty( $_POST['shipping_zones']['domestic'][ $domestic_method ] ) ) { // WPCS: input var ok.
// Sanitize the cost field.
$domestic_cost = wc_clean( wp_unslash( $_POST['shipping_zones']['domestic'][ $domestic_method ] ) );
$domestic_cost = str_replace( array( get_woocommerce_currency_symbol(), html_entity_decode( get_woocommerce_currency_symbol() ) ), '', $domestic_cost );
// Build and make a REST request to save the shipping zone and method set.
$request = new WP_REST_Request( 'POST', "/wc/v3/shipping/zones/{$zone_id}/methods" );
$request->add_header( 'Content-Type', 'application/json' );
$request->set_body(
wp_json_encode(
array(
'method_id' => $domestic_method,
'settings' => wc_clean( wp_unslash( $_POST['shipping_zones']['domestic'][ $domestic_method ] ) ),
'settings' => $domestic_cost,
)
)
);
@ -1297,13 +1303,19 @@ class WC_Admin_Setup_Wizard {
if ( $setup_intl ) {
// Save chosen shipping method settings (using REST controller for convenience).
if ( ! empty( $_POST['shipping_zones']['intl'][ $intl_method ] ) ) { // WPCS: input var ok.
// Sanitize the cost field.
$intl_cost = wc_clean( wp_unslash( $_POST['shipping_zones']['intl'][ $intl_method ] ) );
$intl_cost = str_replace( array( get_woocommerce_currency_symbol(), html_entity_decode( get_woocommerce_currency_symbol() ) ), '', $intl_cost );
// Build and make a REST request to save the shipping zone and method set.
$request = new WP_REST_Request( 'POST', '/wc/v3/shipping/zones/0/methods' );
$request->add_header( 'Content-Type', 'application/json' );
$request->set_body(
wp_json_encode(
array(
'method_id' => $intl_method,
'settings' => wc_clean( wp_unslash( $_POST['shipping_zones']['intl'][ $intl_method ] ) ),
'settings' => $intl_cost,
)
)
);