Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17821 from woocommerce/fix/17820 

When custom attributes are created, they are decoded. Make the values match.
This commit is contained in:
Claudio Sanches 2017-11-21 10:57:26 -02:00 committed by GitHub
parent 8801279c10 2e08bfdb33
commit af6bfd22fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
includes/admin/meta-boxes/class-wc-meta-box-product-data.php
View File

@ -284,12 +284,18 @@ class WC_Meta_Box_Product_Data {
$attribute_key = sanitize_title( $attribute->get_name() );
if ( ! is_null( $index ) ) {
$value = isset( $_POST[ $key_prefix . $attribute_key ][ $index ] ) ? stripslashes( $_POST[ $key_prefix . $attribute_key ][ $index ] ) : '';
$value = isset( $_POST[ $key_prefix . $attribute_key ][ $index ] ) ? wp_unslash( $_POST[ $key_prefix . $attribute_key ][ $index ] ) : '';
} else {
$value = isset( $_POST[ $key_prefix . $attribute_key ] ) ? stripslashes( $_POST[ $key_prefix . $attribute_key ] ) : '';
$value = isset( $_POST[ $key_prefix . $attribute_key ] ) ? wp_unslash( $_POST[ $key_prefix . $attribute_key ] ) : '';
}
if ( $attribute->is_taxonomy() ) {
// Don't use wc_clean as it destroys sanitized characters.
$value = sanitize_title( $value );
} else {
$value = html_entity_decode( wc_clean( $value ), ENT_QUOTES, get_bloginfo( 'charset' ) ); // WPCS: sanitization ok.
}
$value = $attribute->is_taxonomy() ? sanitize_title( $value ) : wc_clean( $value ); // Don't use wc_clean as it destroys sanitized characters in terms.
$attributes[ $attribute_key ] = $value;
}
}

2
includes/class-wc-form-handler.php
View File

@ -887,7 +887,7 @@ class WC_Form_Handler {
// Don't use wc_clean as it destroys sanitized characters.
$value = sanitize_title( wp_unslash( $_REQUEST[ $taxonomy ] ) );
} else {
$value = wc_clean( wp_unslash( $_REQUEST[ $taxonomy ] ) ); // WPCS: sanitization ok.
$value = html_entity_decode( wc_clean( wp_unslash( $_REQUEST[ $taxonomy ] ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); // WPCS: sanitization ok.
}
// Allow if valid or show error.

2
includes/class-wc-order-item.php
View File

@ -258,7 +258,7 @@ class WC_Order_Item extends WC_Data implements ArrayAccess {
$meta->value = rawurldecode( (string) $meta->value );
$attribute_key = str_replace( 'attribute_', '', $meta->key );
$display_key = wc_attribute_label( $attribute_key, $product );
$display_value = $meta->value;
$display_value = sanitize_text_field( $meta->value );
if ( taxonomy_exists( $attribute_key ) ) {
$term = get_term_by( 'slug', $meta->value, $attribute_key );