Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed the sanitization for text-based default attributes

This commit is contained in:
Claudio Sanches 2015-07-22 21:40:06 -03:00
parent aa263ddc1e
commit 948c5c9cfc
3 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
includes/api/class-wc-api-products.php
View File

@ -1518,11 +1518,15 @@ class WC_API_Products extends WC_API_Resource {
$_attribute = $attributes[ $taxonomy ];
if ( $_attribute['is_variation'] ) {
// Don't use wc_clean as it destroys sanitized characters
$value = '';
if ( isset( $default_attr['option'] ) ) {
if ( $_attribute['is_taxonomy'] ) {
// Don't use wc_clean as it destroys sanitized characters
$value = sanitize_title( trim( stripslashes( $default_attr['option'] ) ) );
} else {
$value = '';
$value = wc_clean( trim( stripslashes( $default_attr['option'] ) ) );
}
}
if ( $value ) {

8
includes/api/v2/class-wc-api-products.php
View File

@ -1518,11 +1518,15 @@ class WC_API_Products extends WC_API_Resource {
$_attribute = $attributes[ $taxonomy ];
if ( $_attribute['is_variation'] ) {
// Don't use wc_clean as it destroys sanitized characters
$value = '';
if ( isset( $default_attr['option'] ) ) {
if ( $_attribute['is_taxonomy'] ) {
// Don't use wc_clean as it destroys sanitized characters
$value = sanitize_title( trim( stripslashes( $default_attr['option'] ) ) );
} else {
$value = '';
$value = wc_clean( trim( stripslashes( $default_attr['option'] ) ) );
}
}
if ( $value ) {

7
includes/class-wc-ajax.php
View File

@ -2875,12 +2875,15 @@ class WC_AJAX {
foreach ( $attributes as $attribute ) {
if ( $attribute['is_variation'] ) {
$value = '';
// Don't use wc_clean as it destroys sanitized characters
if ( isset( $_POST[ 'default_attribute_' . sanitize_title( $attribute['name'] ) ] ) ) {
if ( $attribute['is_taxonomy'] ) {
// Don't use wc_clean as it destroys sanitized characters
$value = sanitize_title( trim( stripslashes( $_POST[ 'default_attribute_' . sanitize_title( $attribute['name'] ) ] ) ) );
} else {
$value = '';
$value = wc_clean( trim( stripslashes( $_POST[ 'default_attribute_' . sanitize_title( $attribute['name'] ) ] ) ) );
}
}
if ( $value ) {