55efdc5077
Escaped js/url in widget layered nav when use the dropdown option, closes #8320
2015-06-08 13:10:23 -03:00
3f45c874fe
Created wc_api_hash()
2015-06-08 12:57:19 -03:00
3697ad9de2
Improved the API keys entropy
2015-06-08 12:01:54 -03:00
ef0f527b40
Created new woocommerce_validate_postcode filter
...
And added PT postcode validation
closes #8319
2015-06-08 11:50:21 -03:00
cfecd0af2d
add woocommerce_get_product_terms filter
2015-06-08 16:41:11 +03:00
68974655d6
Tweak visible child product query and cache
2015-06-08 13:18:23 +01:00
bb4c303c39
get_type has no args
2015-06-08 12:22:26 +01:00
983041209b
Use get_type() in post_class function
2015-06-08 12:20:51 +01:00
3c87e39ce6
Product get_type() method
2015-06-08 12:20:39 +01:00
0b861d6587
Fixed filetype check for digital downloads, closes #8316
...
@mikejolley
2015-06-07 22:39:32 -03:00
994e4104e9
Fixed pagination headers for customer REST API
...
The old code didn’t ever work in my opinion, because WP_User_Query has
no attributes page and total_pages
2015-06-05 19:28:58 +02:00
2b4e19d0b4
Quick fix stock display for product variations
...
This fixes bug #8302 in a very ugly way (in my opinion)
2015-06-05 19:22:32 +02:00
0fb9851164
When upgrading to WooCommerce 2.4, make sure that the order.updated webhook fires for woocommerce_order_edit_status as well.
2015-06-05 17:09:46 +00:00
e88c1bfb9e
When the status is changed via bulk actions or by the status button, execute order.updated.
2015-06-05 16:43:24 +00:00
6fee82b377
[API] Added display and image info in product category endpoint, closes #8298
2015-06-05 11:37:46 -03:00
716302d76e
Revised API endpoint
...
- Trigger an generic action on all API requests
- Set status header based on whether or not the API endpoint is
actually valid/being listened for
- No cache headers
- No longer try to init unknown class
- Init gateways before the request so their listeners are registered
cc @claudiosmweb
2015-06-05 14:36:50 +01:00
79629c5928
Merge pull request #8287 from aelia-co/master
...
Ensured that refunds have parent order's currency
2015-06-05 13:54:00 +01:00
541edc3570
Merge pull request #8274 from SiR-DanieL/patch-5
...
Filter wc_tax_enabled
2015-06-05 13:53:33 +01:00
a4c2a73050
Max array keys
2015-06-05 13:37:45 +01:00
71673684fb
[2.3] get_discounted_price needs to check if taxes are enabled
...
Closes #8267
2015-06-05 11:24:59 +01:00
b433f5e2ce
Removed duplicated code in WC_AJAX::increase_order_item_stock()
2015-06-04 21:02:03 -03:00
2d5c53942b
Removed duplicated code in WC_AJAX::reduce_order_item_stock()
2015-06-04 20:57:43 -03:00
1d3713922b
Restored original WC_Gateway_PayPal class
2015-06-04 09:04:33 +01:00
c0051da5c5
Added logic to copy the refund currency from parent order
2015-06-04 08:55:24 +01:00
edd831db94
Merge remote-tracking branch 'upstream/master'
2015-06-04 08:45:27 +01:00
01a19cc0c7
Round the total_pages calculation up so we always display the right number of pages.
2015-06-03 23:05:52 +00:00
b9442f2ffa
[2.3] Check if rating is enabled before check if rating is required to a review, closes #8281
2015-06-03 16:57:36 -03:00
a2f05dd368
Show notices before cat loops
2015-06-03 14:22:23 +01:00
29e6082ab6
typo
2015-06-03 12:50:11 +02:00
17eac9eaed
added filter wc_tax_enabled
2015-06-03 12:49:10 +02:00
db107fac45
Check array in expression for json_search_* events
2015-06-02 22:58:52 +05:45
27adbb2a0b
Best practise to check array in expression :)
2015-06-02 22:55:02 +05:45
60dd4474db
abstract email class should not exist ! legacy
2015-06-01 10:48:13 -03:00
2febc8f20a
Add capability checks to ajax requests
...
Closes #15
2015-06-01 13:38:00 +01:00
1505424469
Define allowed_file_types
...
#13
2015-06-01 13:37:43 +01:00
527311d553
Validate file types when saving products. Closes #13
...
Handles 3 possible types of file;
1. Relative path on server
2. Absolute URL
3. Shortcodes
URLs without extensions are not validated.
2015-06-01 13:37:39 +01:00
5b435024ea
Use htmlspecialchars to ensure characters get encoded for select2
...
We cannot update to select2 4.0 until a major release. Closes #4
2015-06-01 13:37:26 +01:00
c5bb4ad473
Fix tooltip implode
2015-06-01 13:37:21 +01:00
cb2079deaa
wc_send_frame_options_header
...
Prevent Clickjacking - prevent checkout and account pages from being
used in iFrames. Added via filter so this can be disabled.
Closes #8
2015-06-01 13:37:12 +01:00
3b45c0d46f
Set nonce_user_logged_out to WC session ID, if set
...
Closes #9
2015-06-01 13:36:07 +01:00
ed99be9aed
Sanitize tooltips with htmlspecialchars and remove esc_attr usage
...
Part of #4
2015-06-01 13:36:03 +01:00
51c8bbf87c
wrong nonce verification
2015-06-01 13:33:51 +01:00
ec5a693ad7
Use prepare for updating attributes
...
Closes #7
2015-06-01 13:29:02 +01:00
9eb3b6ddf9
Changed all requests with wp_remote_* to wp_safe_remote_*
2015-06-01 13:28:55 +01:00
c1db266e80
Explicitly cast as integer the rating comment meta.
...
On multisite this can contain arbitrary values.
2015-06-01 13:27:16 +01:00
27f1c15900
email templates can only be moved / deleted / edited if the user has `edit_themes` capabilities
2015-06-01 13:26:02 +01:00
48094b9bf2
Added nonces and check capability when hide admin notices
2015-06-01 13:19:26 +01:00
65608d3fd0
Added nonces and check capability to copy or delete email templates, closes #5
2015-06-01 13:12:25 +01:00
5b00dee203
Implemented wp_safe_remote_* functions for webhooks requests #10
2015-06-01 13:09:21 +01:00
166ec607c0
Escape columns
2015-06-01 13:08:33 +01:00
f194330aeb
Escape properly echoed values
...
The variables $base_slug/$structures may contain unsafe values due to
the use of urldecode. For example if the post slug is '%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E'
2015-06-01 12:59:03 +01:00
f38bc86c5d
Escape properly the metadata to be copied.
...
Fixes a SQL injection because the meta key can contain arbitrary values.
2015-06-01 12:58:56 +01:00
3c1b14d00d
Escape properly the provided array of post codes
...
The callers only run wc_clean/esc_attr on the provided values which are
not functions meant to protect against SQL injections.
2015-06-01 12:58:51 +01:00
7d8db595f2
Fixes an (admin) SQLi when setting stock levels for product variations
2015-06-01 12:58:38 +01:00
7896b49684
fclose requires a resource, not a string.
2015-06-01 12:58:06 +01:00
2740db17c0
Merge conflict - esc customer data
2015-06-01 12:57:48 +01:00
f46060a0dd
Remove call to `wp_specialchars_decode()` in `wc_get_price_thousand_separator()` and `wc_get_price_decimal_separator()`.
...
Closes #6
2015-06-01 12:54:23 +01:00
f3e3b5c209
add `$args` arguments to `WC_Product_Factory->get_product_class()` to allow `$product_type` to be overwritten by `$args['product_type']`
2015-06-01 12:54:18 +01:00
7b9a22208e
readds the `$the_product` global variable
2015-06-01 12:54:14 +01:00
f066a7bb21
pass correct number of arguments to `wc_lostpassword_url()`, `wc_nav_menu_items()`, `wc_nav_menu_item_classes()`, and `wc_change_term_counts()`
2015-06-01 12:53:51 +01:00
32e37b57d0
fixes too many arguments in function or method call: WC_Shortcode_My_Account::add_payment_method($wp->query_vars['add-payment-method'])
2015-06-01 12:52:10 +01:00
1aa020ca57
fixes undefined constant ('error_code' > '$error' typo)
2015-06-01 12:52:01 +01:00
5e22e13975
set default currency position format string (in case of missing or invalid `woocommerce_currency_pos` option value)
2015-06-01 12:51:56 +01:00
3d049ff379
[2.3] Clear expired transients on update
2015-06-01 11:39:03 +01:00
1ce272b385
[2.3] Tweak transient clear SQL
2015-06-01 11:38:43 +01:00
b9708c4df9
Show refunded total shipping and taxes
...
Closes #8222
2015-06-01 11:06:11 +01:00
bd7624e5b7
Check template code isset
2015-05-29 17:40:53 +01:00
1e3fcd0e6d
[2.3] Avoid initialising classes when saving
2015-05-29 17:38:25 +01:00
803f4a9e85
[2.3] Delete correct transient when linking variations
...
Closes #8241
2015-05-29 15:34:27 +01:00
3222d1473e
Merge pull request #8242 from n-dawson/master
...
Add a filter to override needs_shipping_address order method.
2015-05-29 15:28:49 +01:00
a7a290e12a
Merge pull request #8250 from kilbot/patch-1
...
Add capability_type to product_variation
2015-05-29 15:27:41 +01:00
0a3defd798
Move tax enabled check
2015-05-29 14:55:57 +01:00
b2711f3d64
[API] Fixed products tags in write-mode
2015-05-29 10:05:15 -03:00
88003436a6
[API] Add properly sanitization for categories and tags in products endpoint, closes #8251
2015-05-29 10:04:02 -03:00
e6ae10ee9a
Test
2015-05-29 10:01:43 -03:00
b16d443709
fix missing comma
2015-05-29 19:35:31 +08:00
b158d517e9
Add capability_type to product_variation
...
By default the product_variation has `capability_type = 'post'` which means that users need `edit_post` capability to edit. This change will make variation capabilities consistent with products, ie: `edit_product`
2015-05-29 17:42:33 +08:00
b9eefa58fa
use esc_textarea function
2015-05-28 16:08:22 -07:00
54b0a0ca54
changed dynamic variation description to allow limited HTML and some sanitized tweaks
2015-05-28 14:31:45 -07:00
e51eae80c6
Merge pull request #8167 from roykho/dynamic-variation-description
...
Dynamic variation description
2015-05-28 15:53:03 +01:00
e535e005b7
Add a filter to override needs_shipping_address order method.
...
If an order doesn't have any shipping methods it's not possible to set needs_shipping_address to true. When 'woocommerce_cart_needs_shipping_address' is set to true the address needs to be shown on the front end and in confirmation emails.
2015-05-28 15:48:37 +01:00
4e5091adda
Merge remote-tracking branch 'origin/master'
2015-05-28 14:42:45 +01:00
5cac639cff
Merge branch 'improve-refund-reporting' Closes #8028
...
Conflicts:
includes/admin/reports/class-wc-report-sales-by-date.php
includes/updates/woocommerce-update-2.4.php
2015-05-28 14:41:20 +01:00
903cb817f0
Fixed WC_Install::get_schema for woocommerce_api_keys table
2015-05-28 10:36:25 -03:00
5ef335b169
Merge pull request #8215 from JeroenSormani/order-tests
...
Order tests
2015-05-28 12:44:17 +01:00
b77755af5c
Merge pull request #8236 from n-dawson/master
...
[2.3] Resolve blank shipping information bug. Fixes #8235
2015-05-28 12:21:38 +01:00
4a9971193f
Only track product views when widget is active
...
Closes #8212
2015-05-28 11:49:10 +01:00
8c1e452514
proceed to checkout button template. closes #7507
2015-05-28 11:48:37 +01:00
ba2e638e54
nocache download_file requests
...
Closes #8162
2015-05-28 11:44:47 +01:00
f9e43b874c
Resolve blank shipping information bug. Fixes #8235
...
Setting the 'woocommerce_cart_needs_shipping' filter to true means the shipping fields can be shown for virtual products. Whether to check shipping details should be based on whether they're shown and not whether the cart needs shipping.
2015-05-28 00:54:05 +01:00
a76aa5218b
Improved the new order and cancelled order emails descriptions, closes #8195
2015-05-27 16:57:57 -03:00
676e09fdd3
Added new woocommerce_api_keys table in wpmu exclude and in status report
2015-05-27 16:46:43 -03:00
ebdcb0d9e8
[2.3] [API] Fixed subtotal_tax round and decimal dp, closes #8140
2015-05-27 16:18:02 -03:00
f503cda874
Improved hold stock input width, closes 8233
2015-05-27 14:26:12 -03:00
169e72b824
Added extra arg to all woocommerce_order_item_name filters #8159
2015-05-27 13:29:15 -03:00
88596b595e
Improved PayPal get_icon_url() method
2015-05-27 13:23:21 -03:00
6ff7215f3c
Improved the error display for #7959
2015-05-27 13:19:44 -03:00
4fd9e1daf2
[2.3] Improved get_icon_url()
...
Closes #8211
2015-05-27 17:13:36 +01:00
5c2b14d89f
Standardise case of some strings closes #8125
2015-05-27 12:53:04 -03:00
989dd5d88e
Improved exclude_from_order_webhook check #8146
2015-05-27 12:46:44 -03:00
Claudio Sanches
Sergey
Mike Jolley
Florian Ludwig
Justin Shreve
Diego Zanella
Nicola Mustone
Shiva Poudel
Alexander Concha
Ben Bidner
Paul Kilmurray
roykho
Nathan Dawson
James Koster