Merge pull request #4590 from toddlahman/master

Removed urldecode from $_GET and $_REQUEST and Removed (document).ready from wc_print_js()
This commit is contained in:
Mike Jolley 2014-01-28 09:58:59 -08:00
commit ad17813e70
8 changed files with 29 additions and 29 deletions

View File

@ -28,8 +28,8 @@ class WC_Admin_Reports {
public function output() {
$reports = $this->get_reports();
$first_tab = array_keys( $reports );
$current_tab = ! empty( $_GET['tab'] ) ? sanitize_title( urldecode( $_GET['tab'] ) ) : $first_tab[0];
$current_report = isset( $_GET['report'] ) ? sanitize_title( urldecode( $_GET['report'] ) ) : current( array_keys( $reports[ $current_tab ]['reports'] ) );
$current_tab = ! empty( $_GET['tab'] ) ? sanitize_title( $_GET['tab'] ) : $first_tab[0];
$current_report = isset( $_GET['report'] ) ? sanitize_title( $_GET['report'] ) : current( array_keys( $reports[ $current_tab ]['reports'] ) );
include_once( 'reports/class-wc-admin-report.php' );
include_once( 'views/html-admin-page-reports.php' );

View File

@ -125,8 +125,8 @@ class WC_Admin_Settings {
self::get_settings_pages();
// Get current tab/section
$current_tab = empty( $_GET['tab'] ) ? 'general' : sanitize_text_field( urldecode( $_GET['tab'] ) );
$current_section = empty( $_REQUEST['section'] ) ? '' : sanitize_text_field( urldecode( $_REQUEST['section'] ) );
$current_tab = empty( $_GET['tab'] ) ? 'general' : sanitize_text_field( $_GET['tab'] );
$current_section = empty( $_REQUEST['section'] ) ? '' : sanitize_text_field( $_REQUEST['section'] );
// Save settings if data has been posted
if ( ! empty( $_POST ) )
@ -134,10 +134,10 @@ class WC_Admin_Settings {
// Add any posted messages
if ( ! empty( $_GET['wc_error'] ) )
self::add_error( urldecode( stripslashes( $_GET['wc_error'] ) ) );
self::add_error( stripslashes( $_GET['wc_error'] ) );
if ( ! empty( $_GET['wc_message'] ) )
self::add_message( urldecode( stripslashes( $_GET['wc_message'] ) ) );
self::add_message( stripslashes( $_GET['wc_message'] ) );
self::show_messages();

View File

@ -1306,7 +1306,7 @@ class WC_AJAX {
$this->json_headers();
$term = (string) wc_clean( urldecode( stripslashes( $_GET['term'] ) ) );
$term = (string) wc_clean( stripslashes( $_GET['term'] ) );
if (empty($term)) die();
@ -1409,7 +1409,7 @@ class WC_AJAX {
$this->json_headers();
$term = wc_clean( urldecode( stripslashes( $_GET['term'] ) ) );
$term = wc_clean( stripslashes( $_GET['term'] ) );
if ( empty( $term ) )
die();
@ -1449,7 +1449,7 @@ class WC_AJAX {
* @see WC_AJAX::json_search_products()
*/
public function json_search_downloadable_products_and_variations() {
$term = (string) wc_clean( urldecode( stripslashes( $_GET['term'] ) ) );
$term = (string) wc_clean( stripslashes( $_GET['term'] ) );
$args = array(
'post_type' => array( 'product', 'product_variation' ),
@ -1484,7 +1484,7 @@ class WC_AJAX {
public function json_search_customer_name( $query ) {
global $wpdb;
$term = wc_clean( urldecode( stripslashes( $_GET['term'] ) ) );
$term = wc_clean( stripslashes( $_GET['term'] ) );
$query->query_from .= " LEFT JOIN {$wpdb->usermeta} as meta2 ON ({$wpdb->users}.ID = meta2.user_id) ";
$query->query_from .= " LEFT JOIN {$wpdb->usermeta} as meta3 ON ({$wpdb->users}.ID = meta3.user_id) ";

View File

@ -27,10 +27,10 @@ class WC_Download_Handler {
global $wpdb;
$product_id = (int) urldecode($_GET['download_file']);
$order_key = urldecode( $_GET['order'] );
$email = sanitize_email( str_replace( ' ', '+', urldecode( $_GET['email'] ) ) );
$download_id = isset( $_GET['key'] ) ? preg_replace( '/\s+/', ' ', urldecode( $_GET['key'] ) ) : '';
$product_id = (int) $_GET['download_file'];
$order_key = $_GET['order'];
$email = sanitize_email( str_replace( ' ', '+', $_GET['email'] ) );
$download_id = isset( $_GET['key'] ) ? preg_replace( '/\s+/', ' ', $_GET['key'] ) : '';
$_product = get_product( $product_id );
if ( ! is_email( $email) )

View File

@ -227,7 +227,7 @@ class WC_Form_Handler {
ob_start();
// Pay for existing order
$order_key = urldecode( $_GET['key'] );
$order_key = $_GET['key'];
$order_id = absint( $wp->query_vars['order-pay'] );
$order = new WC_Order( $order_id );
@ -465,12 +465,12 @@ class WC_Form_Handler {
public function cancel_order() {
if ( isset( $_GET['cancel_order'] ) && isset( $_GET['order'] ) && isset( $_GET['order_id'] ) ) {
$order_key = urldecode( $_GET['order'] );
$order_key = $_GET['order'];
$order_id = absint( $_GET['order_id'] );
$order = new WC_Order( $order_id );
$user_can_cancel = current_user_can( 'cancel_order', $order_id );
$order_can_cancel = in_array( $order->status, apply_filters( 'woocommerce_valid_order_statuses_for_cancel', array( 'pending', 'failed' ) ) );
$redirect = urldecode( $_GET['redirect'] );
$redirect = $_GET['redirect'];
if ( $user_can_cancel && $order_can_cancel && $order->id == $order_id && $order->order_key == $order_key && wp_verify_nonce( $_GET['_wpnonce'], 'woocommerce-cancel_order' ) ) {

View File

@ -89,7 +89,7 @@ class WC_Query {
* Get any errors from querystring
*/
public function get_errors() {
if ( ! empty( $_GET['wc_error'] ) && ( $error = sanitize_text_field( urldecode( $_GET['wc_error'] ) ) ) && ! wc_has_notice( $error, 'error' ) )
if ( ! empty( $_GET['wc_error'] ) && ( $error = sanitize_text_field( $_GET['wc_error'] ) ) && ! wc_has_notice( $error, 'error' ) )
wc_add_notice( $error, 'error' );
}

View File

@ -78,7 +78,7 @@ class WC_Shortcode_Checkout {
if ( isset( $_GET['pay_for_order'] ) && isset( $_GET['key'] ) && $order_id ) {
// Pay for existing order
$order_key = urldecode( $_GET[ 'key' ] );
$order_key = $_GET[ 'key' ];
$order = new WC_Order( $order_id );
$valid_order_statuses = apply_filters( 'woocommerce_valid_order_statuses_for_payment', array( 'pending', 'failed' ), $order );

View File

@ -315,7 +315,7 @@ function wc_print_js() {
if ( ! empty( $wc_queued_js ) ) {
echo "<!-- WooCommerce JavaScript-->\n<script type=\"text/javascript\">\njQuery(document).ready(function($) {";
echo "<!-- WooCommerce JavaScript -->\n<script type=\"text/javascript\">\njQuery(function($) {";
// Sanitize
$wc_queued_js = wp_check_invalid_utf8( $wc_queued_js );