17eac9eaed
added filter wc_tax_enabled
2015-06-03 12:49:10 +02:00
db107fac45
Check array in expression for json_search_* events
2015-06-02 22:58:52 +05:45
27adbb2a0b
Best practise to check array in expression :)
2015-06-02 22:55:02 +05:45
60dd4474db
abstract email class should not exist ! legacy
2015-06-01 10:48:13 -03:00
2febc8f20a
Add capability checks to ajax requests
...
Closes #15
2015-06-01 13:38:00 +01:00
1505424469
Define allowed_file_types
...
#13
2015-06-01 13:37:43 +01:00
527311d553
Validate file types when saving products. Closes #13
...
Handles 3 possible types of file;
1. Relative path on server
2. Absolute URL
3. Shortcodes
URLs without extensions are not validated.
2015-06-01 13:37:39 +01:00
5b435024ea
Use htmlspecialchars to ensure characters get encoded for select2
...
We cannot update to select2 4.0 until a major release. Closes #4
2015-06-01 13:37:26 +01:00
c5bb4ad473
Fix tooltip implode
2015-06-01 13:37:21 +01:00
cb2079deaa
wc_send_frame_options_header
...
Prevent Clickjacking - prevent checkout and account pages from being
used in iFrames. Added via filter so this can be disabled.
Closes #8
2015-06-01 13:37:12 +01:00
3b45c0d46f
Set nonce_user_logged_out to WC session ID, if set
...
Closes #9
2015-06-01 13:36:07 +01:00
ed99be9aed
Sanitize tooltips with htmlspecialchars and remove esc_attr usage
...
Part of #4
2015-06-01 13:36:03 +01:00
51c8bbf87c
wrong nonce verification
2015-06-01 13:33:51 +01:00
ec5a693ad7
Use prepare for updating attributes
...
Closes #7
2015-06-01 13:29:02 +01:00
9eb3b6ddf9
Changed all requests with wp_remote_* to wp_safe_remote_*
2015-06-01 13:28:55 +01:00
c1db266e80
Explicitly cast as integer the rating comment meta.
...
On multisite this can contain arbitrary values.
2015-06-01 13:27:16 +01:00
27f1c15900
email templates can only be moved / deleted / edited if the user has `edit_themes` capabilities
2015-06-01 13:26:02 +01:00
48094b9bf2
Added nonces and check capability when hide admin notices
2015-06-01 13:19:26 +01:00
65608d3fd0
Added nonces and check capability to copy or delete email templates, closes #5
2015-06-01 13:12:25 +01:00
5b00dee203
Implemented wp_safe_remote_* functions for webhooks requests #10
2015-06-01 13:09:21 +01:00
166ec607c0
Escape columns
2015-06-01 13:08:33 +01:00
f194330aeb
Escape properly echoed values
...
The variables $base_slug/$structures may contain unsafe values due to
the use of urldecode. For example if the post slug is '%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E'
2015-06-01 12:59:03 +01:00
f38bc86c5d
Escape properly the metadata to be copied.
...
Fixes a SQL injection because the meta key can contain arbitrary values.
2015-06-01 12:58:56 +01:00
3c1b14d00d
Escape properly the provided array of post codes
...
The callers only run wc_clean/esc_attr on the provided values which are
not functions meant to protect against SQL injections.
2015-06-01 12:58:51 +01:00
7d8db595f2
Fixes an (admin) SQLi when setting stock levels for product variations
2015-06-01 12:58:38 +01:00
7896b49684
fclose requires a resource, not a string.
2015-06-01 12:58:06 +01:00
2740db17c0
Merge conflict - esc customer data
2015-06-01 12:57:48 +01:00
f46060a0dd
Remove call to `wp_specialchars_decode()` in `wc_get_price_thousand_separator()` and `wc_get_price_decimal_separator()`.
...
Closes #6
2015-06-01 12:54:23 +01:00
f3e3b5c209
add `$args` arguments to `WC_Product_Factory->get_product_class()` to allow `$product_type` to be overwritten by `$args['product_type']`
2015-06-01 12:54:18 +01:00
7b9a22208e
readds the `$the_product` global variable
2015-06-01 12:54:14 +01:00
f066a7bb21
pass correct number of arguments to `wc_lostpassword_url()`, `wc_nav_menu_items()`, `wc_nav_menu_item_classes()`, and `wc_change_term_counts()`
2015-06-01 12:53:51 +01:00
32e37b57d0
fixes too many arguments in function or method call: WC_Shortcode_My_Account::add_payment_method($wp->query_vars['add-payment-method'])
2015-06-01 12:52:10 +01:00
1aa020ca57
fixes undefined constant ('error_code' > '$error' typo)
2015-06-01 12:52:01 +01:00
5e22e13975
set default currency position format string (in case of missing or invalid `woocommerce_currency_pos` option value)
2015-06-01 12:51:56 +01:00
3d049ff379
[2.3] Clear expired transients on update
2015-06-01 11:39:03 +01:00
1ce272b385
[2.3] Tweak transient clear SQL
2015-06-01 11:38:43 +01:00
b9708c4df9
Show refunded total shipping and taxes
...
Closes #8222
2015-06-01 11:06:11 +01:00
bd7624e5b7
Check template code isset
2015-05-29 17:40:53 +01:00
1e3fcd0e6d
[2.3] Avoid initialising classes when saving
2015-05-29 17:38:25 +01:00
803f4a9e85
[2.3] Delete correct transient when linking variations
...
Closes #8241
2015-05-29 15:34:27 +01:00
3222d1473e
Merge pull request #8242 from n-dawson/master
...
Add a filter to override needs_shipping_address order method.
2015-05-29 15:28:49 +01:00
a7a290e12a
Merge pull request #8250 from kilbot/patch-1
...
Add capability_type to product_variation
2015-05-29 15:27:41 +01:00
0a3defd798
Move tax enabled check
2015-05-29 14:55:57 +01:00
b2711f3d64
[API] Fixed products tags in write-mode
2015-05-29 10:05:15 -03:00
88003436a6
[API] Add properly sanitization for categories and tags in products endpoint, closes #8251
2015-05-29 10:04:02 -03:00
e6ae10ee9a
Test
2015-05-29 10:01:43 -03:00
b16d443709
fix missing comma
2015-05-29 19:35:31 +08:00
b158d517e9
Add capability_type to product_variation
...
By default the product_variation has `capability_type = 'post'` which means that users need `edit_post` capability to edit. This change will make variation capabilities consistent with products, ie: `edit_product`
2015-05-29 17:42:33 +08:00
b9eefa58fa
use esc_textarea function
2015-05-28 16:08:22 -07:00
54b0a0ca54
changed dynamic variation description to allow limited HTML and some sanitized tweaks
2015-05-28 14:31:45 -07:00
e51eae80c6
Merge pull request #8167 from roykho/dynamic-variation-description
...
Dynamic variation description
2015-05-28 15:53:03 +01:00
e535e005b7
Add a filter to override needs_shipping_address order method.
...
If an order doesn't have any shipping methods it's not possible to set needs_shipping_address to true. When 'woocommerce_cart_needs_shipping_address' is set to true the address needs to be shown on the front end and in confirmation emails.
2015-05-28 15:48:37 +01:00
4e5091adda
Merge remote-tracking branch 'origin/master'
2015-05-28 14:42:45 +01:00
5cac639cff
Merge branch 'improve-refund-reporting' Closes #8028
...
Conflicts:
includes/admin/reports/class-wc-report-sales-by-date.php
includes/updates/woocommerce-update-2.4.php
2015-05-28 14:41:20 +01:00
903cb817f0
Fixed WC_Install::get_schema for woocommerce_api_keys table
2015-05-28 10:36:25 -03:00
5ef335b169
Merge pull request #8215 from JeroenSormani/order-tests
...
Order tests
2015-05-28 12:44:17 +01:00
b77755af5c
Merge pull request #8236 from n-dawson/master
...
[2.3] Resolve blank shipping information bug. Fixes #8235
2015-05-28 12:21:38 +01:00
4a9971193f
Only track product views when widget is active
...
Closes #8212
2015-05-28 11:49:10 +01:00
8c1e452514
proceed to checkout button template. closes #7507
2015-05-28 11:48:37 +01:00
ba2e638e54
nocache download_file requests
...
Closes #8162
2015-05-28 11:44:47 +01:00
f9e43b874c
Resolve blank shipping information bug. Fixes #8235
...
Setting the 'woocommerce_cart_needs_shipping' filter to true means the shipping fields can be shown for virtual products. Whether to check shipping details should be based on whether they're shown and not whether the cart needs shipping.
2015-05-28 00:54:05 +01:00
a76aa5218b
Improved the new order and cancelled order emails descriptions, closes #8195
2015-05-27 16:57:57 -03:00
676e09fdd3
Added new woocommerce_api_keys table in wpmu exclude and in status report
2015-05-27 16:46:43 -03:00
ebdcb0d9e8
[2.3] [API] Fixed subtotal_tax round and decimal dp, closes #8140
2015-05-27 16:18:02 -03:00
f503cda874
Improved hold stock input width, closes 8233
2015-05-27 14:26:12 -03:00
169e72b824
Added extra arg to all woocommerce_order_item_name filters #8159
2015-05-27 13:29:15 -03:00
88596b595e
Improved PayPal get_icon_url() method
2015-05-27 13:23:21 -03:00
6ff7215f3c
Improved the error display for #7959
2015-05-27 13:19:44 -03:00
4fd9e1daf2
[2.3] Improved get_icon_url()
...
Closes #8211
2015-05-27 17:13:36 +01:00
5c2b14d89f
Standardise case of some strings closes #8125
2015-05-27 12:53:04 -03:00
989dd5d88e
Improved exclude_from_order_webhook check #8146
2015-05-27 12:46:44 -03:00
bc7d73f81f
Merge pull request #8146 from mattallan/order_args_exclude_webhooks
...
New order post type param: exclude_from_order_webhook
2015-05-27 12:29:49 -03:00
cc9721ed9d
Merge pull request #7959 from tivnet/patch-4
...
Check for non-existing attribute ID
2015-05-27 12:24:40 -03:00
5920b88d5d
Add classes to tax and shipping labels/notices
...
Closes #8189
2015-05-27 16:17:36 +01:00
915342f38b
[2.3] Only clear in delete_version_transients when version is set
2015-05-27 15:56:49 +01:00
267c481d86
Improved admin bar visit store link #8196
2015-05-27 11:55:32 -03:00
e5e81e5516
Merge pull request #8196 from corsonr/visit_store_link
...
Added visit store link in admin bar
2015-05-27 11:35:49 -03:00
b5e193956b
added action woocommerce_refund_deleted
2015-05-27 15:23:59 +02:00
e383889957
[2.3] Optimise delete_version_transients
...
1. WC does not work network wide so _site_transient does not need
checking
2. The LIKE matches timeout and transient keys
2015-05-27 12:03:46 +01:00
1caa5ebcee
Improved WC_Geolocation support for IPv6 #8184
2015-05-26 17:32:47 -03:00
fcc9542608
Merge branch 'master' of github.com:woothemes/woocommerce
2015-05-26 14:41:24 -03:00
44dba5036c
Added geolocate IPv6 support, closes #8184
2015-05-26 14:41:13 -03:00
15e3d23022
Merge pull request #8209 from ChromeOrange/master
...
Update html-admin-page-status-report.php
2015-05-26 17:50:37 +01:00
f1af777368
[2.3] Fix typo in validate_maximum_amount
...
Closes #8207
2015-05-26 17:40:07 +01:00
d53d21781b
[2.3] Fixed product category media upload modal and some coding standards, closes #8227
2015-05-26 10:24:49 -03:00
28d838c5cd
[2.3] Related posts tweaks
...
Remove real randomness and add transient caching to improve performance.
The above was not worth the cost of the query - only users refreshing a
product page would see a difference.
2015-05-25 15:40:28 +01:00
9c5cd0e525
[API] Accept dashes in products/sku endpoint, closes #8220
2015-05-25 10:22:59 -03:00
70b33b7919
Merge pull request #8221 from shivapoudel/settings-api
...
Introduce get_field_key method
2015-05-25 09:55:45 -03:00
cadc1ab301
Add id for title
...
Fixes scrutinizer issues for not having param
2015-05-25 17:32:30 +05:45
9a818503b9
Updated blockUI Version
2015-05-25 17:03:41 +05:45
2871df7451
Move the validate checkbox method above select
2015-05-25 16:58:08 +05:45
4d46b35590
Clean settings-api docblock
2015-05-25 16:56:44 +05:45
d90bb50c20
Use get_field_key for validate_*_field
2015-05-25 16:41:08 +05:45
3b9124e0cf
Use get_field_key for generate_*_html
2015-05-25 16:28:19 +05:45
597b152407
Introduce get_field_key method for settings API
2015-05-25 16:18:28 +05:45
b8bcd24edd
[2.3] Combine transients for get_rating_count
...
@claudiosmweb
2015-05-25 02:00:20 +01:00
62c70603ec
[2.3] When updating transients, clear previous version of transients
...
Closes #8131 @claudiosmweb
2015-05-25 01:48:17 +01:00
1b73322874
[2.3] Replace max_related_posts_query with wp_count_posts
2015-05-25 01:20:31 +01:00
b95b22d144
Add wc_get_order() tests + Order helper class
2015-05-23 10:48:07 +02:00
79d4d921fd
Update html-admin-page-status-report.php
2015-05-23 07:22:12 +01:00
Nicola Mustone
Shiva Poudel
Mike Jolley
Claudio Sanches
Alexander Concha
Ben Bidner
Paul Kilmurray
roykho
Nathan Dawson
James Koster
JeroenSormani
Andrew Benbow