Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,184 Commits 1,431 Branches 772 Tags 967 MiB
Commit Graph

4823 Commits

Author SHA1 Message Date
Mike Jolley f3951a7490 [2.3] Fallback to serialized data if safe. 2015-06-10 18:28:34 +01:00
Mike Jolley aaaef5bfcf [2.3] Incorrect wc_product_total_stock_ transient 
Closes #8337
 2015-06-10 18:28:34 +01:00
Mike Jolley 21773ff9ba [2.3] JSON encode/decode PayPal response 2015-06-10 18:28:33 +01:00
Claudio Sanches 157a22a79c Merge pull request #8345 from justinshreve/product-api-download-url-8335 
[2.3] Run URLs through esc_url_raw instead of wc_clean in the Products API (#8335)
 2015-06-10 13:24:23 -03:00
Justin Shreve 66ccc8a75c Only run the file URL through esc_url_raw if it looks like an absolute URL, otherwise if it is a shortcode or relative URL, continue to use wc_clean. 2015-06-10 16:12:10 +00:00
Justin Shreve 7c3774e65f For file URLs and images, run the URL through esc_url_raw rather than wc_clean (which removes/strips things like entities). 2015-06-10 15:34:36 +00:00
Claudio Sanches fa026ea49d Normalize the "Order #" #8305 2015-06-10 12:09:18 -03:00
Claudio Sanches c9c3be6d3e [API] Use settings to auto generate passwords or not, closes #8342 2015-06-10 10:56:25 -03:00
Patrick Rauland 2d69a0d9c9 removing references to the community forum 2015-06-09 13:55:05 -06:00
Claudio Sanches eefd9a24f1 Merge pull request #8330 from justinshreve/api-tax-rounding-8328 
Stop using the frontend display setting for tax rounding in the API (#8328)
 2015-06-09 13:09:46 -03:00
Claudio Sanches f333bb68b2 Improved js for widget layered nav #8332 2015-06-09 13:06:50 -03:00
Claudio Sanches 16ddd24887 [2.3] Fixed & and , for layered nav dropdowns, closes #8332 2015-06-09 12:49:57 -03:00
Claudio Sanches c02052a206 [API] Stop undefined index erros for variations in orders endpoint 
@justinshreve
 2015-06-09 12:39:37 -03:00
Mike Jolley a148e867b0 [2.3] Fix sale item exclusion logic for variations 
Closes #8324
 2015-06-09 16:10:46 +01:00
Justin Shreve 1d8b6a58d6 Avoid rounding subtotal_tax and total_tax. Don't call wc_round_tax_total for subtotal, and avoid the call to get_line_tax directly which also calls wc_round_tax_total. 2015-06-09 15:06:30 +00:00
Mike Jolley 922ca47cc1 [2.3] woocommerce_downloadable_file_exists filter 2015-06-09 15:27:28 +01:00
Claudio Sanches db8b343532 Merge pull request #8322 from justinshreve/api-product-variation-7951 
Take product variation into account when creating orders from the API (fixes #7951)
 2015-06-09 11:20:44 -03:00
Mike Jolley 9009b334e7 Merge branch 'test-price-filter' 2015-06-09 15:15:15 +01:00
Mike Jolley fe58e1b5e9 Account for tax classes 2015-06-09 14:58:27 +01:00
Justin Shreve 651b65f28e Add a unit test for get_variation_id so we know we are getting back the IDs that we want 2015-06-09 13:02:02 +00:00
Justin Shreve 937f93faa6 Clean up some naming and add a clarifying comment for the attribute & pa_ stripping. 2015-06-09 12:41:06 +00:00
Justin Shreve 251636c02e First pass at figuring out what the variation ID is based on variation information being passed in via the API. 2015-06-09 12:41:06 +00:00
Justin Shreve a7891750b7 Switch the permissions check for json_search_products to use the read_product capability. 2015-06-09 12:35:33 +00:00
Justin Shreve 3233eb471e Switch the json_search_products and json_search_downloadable_products_and_variations ajax functions to check for the `edit_shop_orders` cap instead of `edit_products`. 2015-06-09 12:35:33 +00:00
Mike Jolley eb4b9a7cd1 Merge pull request #8304 from krautnerds/quick-fix-variation-admin-stock-display 
Quick fix stock display for product variations
 2015-06-09 12:24:55 +01:00
Mike Jolley 6c557c21e5 woocommerce_duplicate_product_exclude_children, woocommerce_duplicate_product_exclude_meta, woocommerce_duplicate_product_exclude_taxonomies 
Closes #8271
 2015-06-09 12:07:29 +01:00
Mike Jolley 34f8536b20 Merge pull request #8306 from krautnerds/fix-customer-rest-api-pagination 
Fixed pagination headers for customer REST API
 2015-06-09 11:43:27 +01:00
Mike Jolley 5771969c2c Prevent notices in get_children 2015-06-09 10:32:40 +01:00
Claudio Sanches 1623ffd6ee Merge pull request #8326 from woothemes/api-tweaks 
API Keys tweaks
 2015-06-08 20:24:44 -03:00
Claudio Sanches 4698111dd2 Hide api key fields when generate a new keys 2015-06-08 20:22:49 -03:00
Claudio Sanches 151499db49 Fixed wc-api-keys script load 2015-06-08 20:14:46 -03:00
Claudio Sanches 61c6e21f6c Added wc_api_hash() int he consumer_key on update for 2.4 2015-06-08 20:06:04 -03:00
Claudio Sanches 7ee65c0256 Improved the woocommerce_api_keys table 2015-06-08 20:04:29 -03:00
Claudio Sanches 91bb8c7ba9 Updated the api authentication 2015-06-08 19:58:38 -03:00
Claudio Sanches 51c5ef6b20 Removed extra <p> 2015-06-08 19:45:14 -03:00
Claudio Sanches 89ddda9ff6 Added new api key generation methods 2015-06-08 19:41:35 -03:00
Claudio Sanches 55efdc5077 Escaped js/url in widget layered nav when use the dropdown option, closes #8320 2015-06-08 13:10:23 -03:00
Claudio Sanches 3f45c874fe Created wc_api_hash() 2015-06-08 12:57:19 -03:00
Claudio Sanches 3697ad9de2 Improved the API keys entropy 2015-06-08 12:01:54 -03:00
Claudio Sanches ef0f527b40 Created new woocommerce_validate_postcode filter 
And added PT postcode validation

closes #8319
 2015-06-08 11:50:21 -03:00
Sergey cfecd0af2d add woocommerce_get_product_terms filter 2015-06-08 16:41:11 +03:00
Mike Jolley 68974655d6 Tweak visible child product query and cache 2015-06-08 13:18:23 +01:00
Mike Jolley bb4c303c39 get_type has no args 2015-06-08 12:22:26 +01:00
Mike Jolley 983041209b Use get_type() in post_class function 2015-06-08 12:20:51 +01:00
Mike Jolley 3c87e39ce6 Product get_type() method 2015-06-08 12:20:39 +01:00
Claudio Sanches 0b861d6587 Fixed filetype check for digital downloads, closes #8316 
@mikejolley
 2015-06-07 22:39:32 -03:00
Florian Ludwig 994e4104e9 Fixed pagination headers for customer REST API 
The old code didn’t ever work in my opinion, because WP_User_Query has
no attributes page and total_pages
 2015-06-05 19:28:58 +02:00
Florian Ludwig 2b4e19d0b4 Quick fix stock display for product variations 
This fixes bug #8302 in a very ugly way (in my opinion)
 2015-06-05 19:22:32 +02:00
Justin Shreve 0fb9851164 When upgrading to WooCommerce 2.4, make sure that the order.updated webhook fires for woocommerce_order_edit_status as well. 2015-06-05 17:09:46 +00:00
Justin Shreve e88c1bfb9e When the status is changed via bulk actions or by the status button, execute order.updated. 2015-06-05 16:43:24 +00:00
Claudio Sanches 6fee82b377 [API] Added display and image info in product category endpoint, closes #8298 2015-06-05 11:37:46 -03:00
Mike Jolley 716302d76e Revised API endpoint 
- Trigger an generic action on all API requests
- Set status header based on whether or not the API endpoint is
actually valid/being listened for
- No cache headers
- No longer try to init unknown class
- Init gateways before the request so their listeners are registered

cc @claudiosmweb
 2015-06-05 14:36:50 +01:00
Mike Jolley 79629c5928 Merge pull request #8287 from aelia-co/master 
Ensured that refunds have parent order's currency
 2015-06-05 13:54:00 +01:00
Mike Jolley 541edc3570 Merge pull request #8274 from SiR-DanieL/patch-5 
Filter wc_tax_enabled
 2015-06-05 13:53:33 +01:00
Mike Jolley a4c2a73050 Max array keys 2015-06-05 13:37:45 +01:00
Mike Jolley 71673684fb [2.3] get_discounted_price needs to check if taxes are enabled 
Closes #8267
 2015-06-05 11:24:59 +01:00
Claudio Sanches b433f5e2ce Removed duplicated code in WC_AJAX::increase_order_item_stock() 2015-06-04 21:02:03 -03:00
Claudio Sanches 2d5c53942b Removed duplicated code in WC_AJAX::reduce_order_item_stock() 2015-06-04 20:57:43 -03:00
Diego Zanella 1d3713922b Restored original WC_Gateway_PayPal class 2015-06-04 09:04:33 +01:00
Diego Zanella c0051da5c5 Added logic to copy the refund currency from parent order 2015-06-04 08:55:24 +01:00
Diego Zanella edd831db94 Merge remote-tracking branch 'upstream/master' 2015-06-04 08:45:27 +01:00
Justin Shreve 01a19cc0c7 Round the total_pages calculation up so we always display the right number of pages. 2015-06-03 23:05:52 +00:00
Claudio Sanches b9442f2ffa [2.3] Check if rating is enabled before check if rating is required to a review, closes #8281 2015-06-03 16:57:36 -03:00
Mike Jolley a2f05dd368 Show notices before cat loops 2015-06-03 14:22:23 +01:00
Nicola Mustone 29e6082ab6 typo 2015-06-03 12:50:11 +02:00
Nicola Mustone 17eac9eaed added filter wc_tax_enabled 2015-06-03 12:49:10 +02:00
Shiva Poudel db107fac45 Check array in expression for json_search_* events 2015-06-02 22:58:52 +05:45
Shiva Poudel 27adbb2a0b Best practise to check array in expression :) 2015-06-02 22:55:02 +05:45
Mike Jolley 60dd4474db abstract email class should not exist ! legacy 2015-06-01 10:48:13 -03:00
Mike Jolley 2febc8f20a Add capability checks to ajax requests 
Closes #15
 2015-06-01 13:38:00 +01:00
Mike Jolley 1505424469 Define allowed_file_types 
#13
 2015-06-01 13:37:43 +01:00
Mike Jolley 527311d553 Validate file types when saving products. Closes #13 
Handles 3 possible types of file;
  1. Relative path on server
  2. Absolute URL
  3. Shortcodes

URLs without extensions are not validated.
 2015-06-01 13:37:39 +01:00
Mike Jolley 5b435024ea Use htmlspecialchars to ensure characters get encoded for select2 
We cannot update to select2 4.0 until a major release. Closes #4
 2015-06-01 13:37:26 +01:00
Mike Jolley c5bb4ad473 Fix tooltip implode 2015-06-01 13:37:21 +01:00
Mike Jolley cb2079deaa wc_send_frame_options_header 
Prevent Clickjacking - prevent checkout and account pages from being
used in iFrames. Added via filter so this can be disabled.

Closes #8
 2015-06-01 13:37:12 +01:00
Mike Jolley 3b45c0d46f Set nonce_user_logged_out to WC session ID, if set 
Closes #9
 2015-06-01 13:36:07 +01:00
Mike Jolley ed99be9aed Sanitize tooltips with htmlspecialchars and remove esc_attr usage 
Part of #4
 2015-06-01 13:36:03 +01:00
Claudio Sanches 51c8bbf87c wrong nonce verification 2015-06-01 13:33:51 +01:00
Mike Jolley ec5a693ad7 Use prepare for updating attributes 
Closes #7
 2015-06-01 13:29:02 +01:00
Claudio Sanches 9eb3b6ddf9 Changed all requests with wp_remote_* to wp_safe_remote_* 2015-06-01 13:28:55 +01:00
Alexander Concha c1db266e80 Explicitly cast as integer the rating comment meta. 
On multisite this can contain arbitrary values.
 2015-06-01 13:27:16 +01:00
Ben Bidner 27f1c15900 email templates can only be moved / deleted / edited if the user has `edit_themes` capabilities 2015-06-01 13:26:02 +01:00
Claudio Sanches 48094b9bf2 Added nonces and check capability when hide admin notices 2015-06-01 13:19:26 +01:00
Claudio Sanches 65608d3fd0 Added nonces and check capability to copy or delete email templates, closes #5 2015-06-01 13:12:25 +01:00
Claudio Sanches 5b00dee203 Implemented wp_safe_remote_* functions for webhooks requests #10 2015-06-01 13:09:21 +01:00
Claudio Sanches 166ec607c0 Escape columns 2015-06-01 13:08:33 +01:00
Alexander Concha f194330aeb Escape properly echoed values 
The variables $base_slug/$structures may contain unsafe values due to
the use of urldecode. For example if the post slug is '%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E'
 2015-06-01 12:59:03 +01:00
Alexander Concha f38bc86c5d Escape properly the metadata to be copied. 
Fixes a SQL injection because the meta key can contain arbitrary values.
 2015-06-01 12:58:56 +01:00
Alexander Concha 3c1b14d00d Escape properly the provided array of post codes 
The callers only run wc_clean/esc_attr on the provided values which are
not functions meant to protect against SQL injections.
 2015-06-01 12:58:51 +01:00
Ben Bidner 7d8db595f2 Fixes an (admin) SQLi when setting stock levels for product variations 2015-06-01 12:58:38 +01:00
Alexander Concha 7896b49684 fclose requires a resource, not a string. 2015-06-01 12:58:06 +01:00
Ben Bidner 2740db17c0 Merge conflict - esc customer data 2015-06-01 12:57:48 +01:00
Ben Bidner f46060a0dd Remove call to `wp_specialchars_decode()` in `wc_get_price_thousand_separator()` and `wc_get_price_decimal_separator()`. 
Closes #6
 2015-06-01 12:54:23 +01:00
Ben Bidner f3e3b5c209 add `$args` arguments to `WC_Product_Factory->get_product_class()` to allow `$product_type` to be overwritten by `$args['product_type']` 2015-06-01 12:54:18 +01:00
Ben Bidner 7b9a22208e readds the `$the_product` global variable 2015-06-01 12:54:14 +01:00
Ben Bidner f066a7bb21 pass correct number of arguments to `wc_lostpassword_url()`, `wc_nav_menu_items()`, `wc_nav_menu_item_classes()`, and `wc_change_term_counts()` 2015-06-01 12:53:51 +01:00
Ben Bidner 32e37b57d0 fixes too many arguments in function or method call: WC_Shortcode_My_Account::add_payment_method($wp->query_vars['add-payment-method']) 2015-06-01 12:52:10 +01:00
Ben Bidner 1aa020ca57 fixes undefined constant ('error_code' > '$error' typo) 2015-06-01 12:52:01 +01:00
Ben Bidner 5e22e13975 set default currency position format string (in case of missing or invalid `woocommerce_currency_pos` option value) 2015-06-01 12:51:56 +01:00
Mike Jolley 3d049ff379 [2.3] Clear expired transients on update 2015-06-01 11:39:03 +01:00