Commit Graph

12876 Commits

Author SHA1 Message Date
Diego Zanella 1d3713922b Restored original WC_Gateway_PayPal class 2015-06-04 09:04:33 +01:00
Diego Zanella c0051da5c5 Added logic to copy the refund currency from parent order 2015-06-04 08:55:24 +01:00
Diego Zanella edd831db94 Merge remote-tracking branch 'upstream/master' 2015-06-04 08:45:27 +01:00
Claudio Sanches 4209901e39 Merge pull request #8282 from shivapoudel/editorconfig
EditorConfig - Matches multiple files with brace expansion notation
2015-06-03 20:30:01 -03:00
Justin Shreve 01a19cc0c7 Round the total_pages calculation up so we always display the right number of pages. 2015-06-03 23:05:52 +00:00
Shiva Poudel aa8e86ed59 EditorConfig - Matches multiple files with brace expansion notation 2015-06-04 03:56:49 +05:45
Mike Jolley e1ec9c60f9 Merge pull request #8273 from jobthomas/onboarding
Some edits in the copy of the second step of the onboarding wizard.
2015-06-03 22:13:08 +01:00
Claudio Sanches 9ed7bd9bea Added Argentinian provinces, closes #8277
Source: http://en.wikipedia.org/wiki/ISO_3166-2:AR#Current_codes
2015-06-03 17:10:27 -03:00
Claudio Sanches 65580cd967 Minify files for #8279 2015-06-03 17:02:19 -03:00
Claudio Sanches 729c63bbd1 Merge pull request #8279 from shivapoudel/fix-jshint
Fix jshint for Product Meta-Box
2015-06-03 17:02:22 -03:00
Claudio Sanches b9442f2ffa [2.3] Check if rating is enabled before check if rating is required to a review, closes #8281 2015-06-03 16:57:36 -03:00
Shiva Poudel 27186d235c Tweaks - JSHint fix for product meta-box 2015-06-03 21:38:34 +05:45
Shiva Poudel 9afffa0fd7 Tweaks - JSHint fix for product variation meta-box 2015-06-03 21:20:13 +05:45
Shiva Poudel 051964adc5 Remove undefined variable 2015-06-03 21:18:01 +05:45
Shiva Poudel 0e01ff90f3 Tweaks - Conding standard and JSHint fix 2015-06-03 21:17:40 +05:45
Mike Jolley a2f05dd368 Show notices before cat loops 2015-06-03 14:22:23 +01:00
Nicola Mustone 29e6082ab6 typo 2015-06-03 12:50:11 +02:00
Nicola Mustone 17eac9eaed added filter wc_tax_enabled 2015-06-03 12:49:10 +02:00
Job Thomas c20ebeb899 Some edits in the copy of the second step of the onboarding wizard.
** Setup (noun) > set up (verb)
** Singular "Customer" + plural verb -> Plural customers
** Notation of where to find settings options conform docs team standards
2015-06-03 12:09:48 +02:00
Claudio Sanches b331bf2cc9 Merge pull request #8270 from shivapoudel/check-array
Best practise to check array in expression
2015-06-02 14:35:43 -03:00
Shiva Poudel db107fac45 Check array in expression for json_search_* events 2015-06-02 22:58:52 +05:45
Shiva Poudel 27adbb2a0b Best practise to check array in expression :) 2015-06-02 22:55:02 +05:45
Claudio Sanches d5c5d5e394 Fixed unit tests for wc_get_price_thousand_separator() and wc_get_price_decimal_separator() 2015-06-01 11:03:19 -03:00
Mike Jolley 60dd4474db abstract email class should not exist ! legacy 2015-06-01 10:48:13 -03:00
Mike Jolley 2febc8f20a Add capability checks to ajax requests
Closes #15
2015-06-01 13:38:00 +01:00
Mike Jolley 1505424469 Define allowed_file_types
#13
2015-06-01 13:37:43 +01:00
Mike Jolley 527311d553 Validate file types when saving products. Closes #13
Handles 3 possible types of file;
  1. Relative path on server
  2. Absolute URL
  3. Shortcodes

URLs without extensions are not validated.
2015-06-01 13:37:39 +01:00
Claudio Sanches 95a4133bb7 Removed WooCommerce::fix_server_vars, closes #14 2015-06-01 13:37:33 +01:00
Mike Jolley 5b435024ea Use htmlspecialchars to ensure characters get encoded for select2
We cannot update to select2 4.0 until a major release. Closes #4
2015-06-01 13:37:26 +01:00
Mike Jolley c5bb4ad473 Fix tooltip implode 2015-06-01 13:37:21 +01:00
Mike Jolley cb2079deaa wc_send_frame_options_header
Prevent Clickjacking - prevent checkout and account pages from being
used in iFrames. Added via filter so this can be disabled.

Closes #8
2015-06-01 13:37:12 +01:00
Mike Jolley 3b45c0d46f Set nonce_user_logged_out to WC session ID, if set
Closes #9
2015-06-01 13:36:07 +01:00
Mike Jolley ed99be9aed Sanitize tooltips with htmlspecialchars and remove esc_attr usage
Part of #4
2015-06-01 13:36:03 +01:00
Claudio Sanches 51c8bbf87c wrong nonce verification 2015-06-01 13:33:51 +01:00
Mike Jolley ec5a693ad7 Use prepare for updating attributes
Closes #7
2015-06-01 13:29:02 +01:00
Claudio Sanches 9eb3b6ddf9 Changed all requests with wp_remote_* to wp_safe_remote_* 2015-06-01 13:28:55 +01:00
Alexander Concha c1db266e80 Explicitly cast as integer the rating comment meta.
On multisite this can contain arbitrary values.
2015-06-01 13:27:16 +01:00
Ben Bidner 27f1c15900 email templates can only be moved / deleted / edited if the user has `edit_themes` capabilities 2015-06-01 13:26:02 +01:00
Claudio Sanches 48094b9bf2 Added nonces and check capability when hide admin notices 2015-06-01 13:19:26 +01:00
Claudio Sanches 65608d3fd0 Added nonces and check capability to copy or delete email templates, closes #5 2015-06-01 13:12:25 +01:00
Claudio Sanches 5b00dee203 Implemented wp_safe_remote_* functions for webhooks requests #10 2015-06-01 13:09:21 +01:00
Claudio Sanches 166ec607c0 Escape columns 2015-06-01 13:08:33 +01:00
Alexander Concha f194330aeb Escape properly echoed values
The variables $base_slug/$structures may contain unsafe values due to
the use of urldecode. For example if the post slug is '%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E'
2015-06-01 12:59:03 +01:00
Alexander Concha f38bc86c5d Escape properly the metadata to be copied.
Fixes a SQL injection because the meta key can contain arbitrary values.
2015-06-01 12:58:56 +01:00
Alexander Concha 3c1b14d00d Escape properly the provided array of post codes
The callers only run wc_clean/esc_attr on the provided values which are
not functions meant to protect against SQL injections.
2015-06-01 12:58:51 +01:00
Ben Bidner 7d8db595f2 Fixes an (admin) SQLi when setting stock levels for product variations 2015-06-01 12:58:38 +01:00
Alexander Concha 7896b49684 fclose requires a resource, not a string. 2015-06-01 12:58:06 +01:00
Ben Bidner 2740db17c0 Merge conflict - esc customer data 2015-06-01 12:57:48 +01:00
Ben Bidner f46060a0dd Remove call to `wp_specialchars_decode()` in `wc_get_price_thousand_separator()` and `wc_get_price_decimal_separator()`.
Closes #6
2015-06-01 12:54:23 +01:00
Ben Bidner f3e3b5c209 add `$args` arguments to `WC_Product_Factory->get_product_class()` to allow `$product_type` to be overwritten by `$args['product_type']` 2015-06-01 12:54:18 +01:00