Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added wp_unslash() to address fields on the checkout page (#16874) 

* Added wp_unslash() to address fields on the checkout page

* Cleaned up code indentation

* Added wp_unslash() function on remaining POST address fields on checkout
This commit is contained in:
Matt Miller 2017-09-21 09:37:27 -07:00 committed by Mike Jolley
parent 3063825c4d
commit a871d36380
1 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
includes/class-wc-ajax.php
View File

@ -284,31 +284,31 @@ class WC_AJAX {
WC()->session->set( 'chosen_shipping_methods', $chosen_shipping_methods );
WC()->session->set( 'chosen_payment_method', empty( $_POST['payment_method'] ) ? '' : $_POST['payment_method'] );
WC()->customer->set_props( array(
'billing_country' => isset( $_POST['country'] ) ? $_POST['country'] : null,
'billing_state' => isset( $_POST['state'] ) ? $_POST['state'] : null,
'billing_postcode' => isset( $_POST['postcode'] ) ? $_POST['postcode'] : null,
'billing_city' => isset( $_POST['city'] ) ? $_POST['city'] : null,
'billing_address_1' => isset( $_POST['address'] ) ? $_POST['address'] : null,
'billing_address_2' => isset( $_POST['address_2'] ) ? $_POST['address_2'] : null,
'billing_country' => isset( $_POST['country'] ) ? wp_unslash( $_POST['country'] ) : null,
'billing_state' => isset( $_POST['state'] ) ? wp_unslash( $_POST['state'] ) : null,
'billing_postcode' => isset( $_POST['postcode'] ) ? wp_unslash( $_POST['postcode'] ) : null,
'billing_city' => isset( $_POST['city'] ) ? wp_unslash( $_POST['city'] ) : null,
'billing_address_1' => isset( $_POST['address'] ) ? wp_unslash( $_POST['address'] ) : null,
'billing_address_2' => isset( $_POST['address_2'] ) ? wp_unslash( $_POST['address_2'] ) : null,
) );
if ( wc_ship_to_billing_address_only() ) {
WC()->customer->set_props( array(
'shipping_country' => isset( $_POST['country'] ) ? $_POST['country'] : null,
'shipping_state' => isset( $_POST['state'] ) ? $_POST['state'] : null,
'shipping_postcode' => isset( $_POST['postcode'] ) ? $_POST['postcode'] : null,
'shipping_city' => isset( $_POST['city'] ) ? $_POST['city'] : null,
'shipping_address_1' => isset( $_POST['address'] ) ? $_POST['address'] : null,
'shipping_address_2' => isset( $_POST['address_2'] ) ? $_POST['address_2'] : null,
'shipping_country' => isset( $_POST['country'] ) ? wp_unslash( $_POST['country'] ) : null,
'shipping_state' => isset( $_POST['state'] ) ? wp_unslash( $_POST['state'] ) : null,
'shipping_postcode' => isset( $_POST['postcode'] ) ? wp_unslash( $_POST['postcode'] ) : null,
'shipping_city' => isset( $_POST['city'] ) ? wp_unslash( $_POST['city'] ) : null,
'shipping_address_1' => isset( $_POST['address'] ) ? wp_unslash( $_POST['address'] ) : null,
'shipping_address_2' => isset( $_POST['address_2'] ) ? wp_unslash( $_POST['address_2'] ): null,
) );
} else {
WC()->customer->set_props( array(
'shipping_country' => isset( $_POST['s_country'] ) ? $_POST['s_country'] : null,
'shipping_state' => isset( $_POST['s_state'] ) ? $_POST['s_state'] : null,
'shipping_postcode' => isset( $_POST['s_postcode'] ) ? $_POST['s_postcode'] : null,
'shipping_city' => isset( $_POST['s_city'] ) ? $_POST['s_city'] : null,
'shipping_address_1' => isset( $_POST['s_address'] ) ? $_POST['s_address'] : null,
'shipping_address_2' => isset( $_POST['s_address_2'] ) ? $_POST['s_address_2'] : null,
'shipping_country' => isset( $_POST['s_country'] ) ? wp_unslash( $_POST['s_country'] ) : null,
'shipping_state' => isset( $_POST['s_state'] ) ? wp_unslash( $_POST['s_state'] ) : null,
'shipping_postcode' => isset( $_POST['s_postcode'] ) ? wp_unslash( $_POST['s_postcode'] ) : null,
'shipping_city' => isset( $_POST['s_city'] ) ? wp_unslash( $_POST['s_city'] ) : null,
'shipping_address_1' => isset( $_POST['s_address'] ) ? wp_unslash( $_POST['s_address'] ) : null,
'shipping_address_2' => isset( $_POST['s_address_2'] ) ? wp_unslash( $_POST['s_address_2'] ): null,
) );
}