Diego Zanella
c0051da5c5
Added logic to copy the refund currency from parent order
2015-06-04 08:55:24 +01:00
Diego Zanella
edd831db94
Merge remote-tracking branch 'upstream/master'
2015-06-04 08:45:27 +01:00
Claudio Sanches
4209901e39
Merge pull request #8282 from shivapoudel/editorconfig
...
EditorConfig - Matches multiple files with brace expansion notation
2015-06-03 20:30:01 -03:00
Justin Shreve
01a19cc0c7
Round the total_pages calculation up so we always display the right number of pages.
2015-06-03 23:05:52 +00:00
Shiva Poudel
aa8e86ed59
EditorConfig - Matches multiple files with brace expansion notation
2015-06-04 03:56:49 +05:45
Claudio Sanches
9ed7bd9bea
Added Argentinian provinces, closes #8277
...
Source: http://en.wikipedia.org/wiki/ISO_3166-2:AR#Current_codes
2015-06-03 17:10:27 -03:00
Claudio Sanches
65580cd967
Minify files for #8279
2015-06-03 17:02:19 -03:00
Claudio Sanches
729c63bbd1
Merge pull request #8279 from shivapoudel/fix-jshint
...
Fix jshint for Product Meta-Box
2015-06-03 17:02:22 -03:00
Claudio Sanches
b9442f2ffa
[2.3] Check if rating is enabled before check if rating is required to a review, closes #8281
2015-06-03 16:57:36 -03:00
Shiva Poudel
27186d235c
Tweaks - JSHint fix for product meta-box
2015-06-03 21:38:34 +05:45
Shiva Poudel
9afffa0fd7
Tweaks - JSHint fix for product variation meta-box
2015-06-03 21:20:13 +05:45
Shiva Poudel
051964adc5
Remove undefined variable
2015-06-03 21:18:01 +05:45
Shiva Poudel
0e01ff90f3
Tweaks - Conding standard and JSHint fix
2015-06-03 21:17:40 +05:45
Mike Jolley
a2f05dd368
Show notices before cat loops
2015-06-03 14:22:23 +01:00
Nicola Mustone
29e6082ab6
typo
2015-06-03 12:50:11 +02:00
Nicola Mustone
17eac9eaed
added filter wc_tax_enabled
2015-06-03 12:49:10 +02:00
Claudio Sanches
b331bf2cc9
Merge pull request #8270 from shivapoudel/check-array
...
Best practise to check array in expression
2015-06-02 14:35:43 -03:00
Shiva Poudel
db107fac45
Check array in expression for json_search_* events
2015-06-02 22:58:52 +05:45
Shiva Poudel
27adbb2a0b
Best practise to check array in expression :)
2015-06-02 22:55:02 +05:45
Claudio Sanches
d5c5d5e394
Fixed unit tests for wc_get_price_thousand_separator() and wc_get_price_decimal_separator()
2015-06-01 11:03:19 -03:00
Mike Jolley
60dd4474db
abstract email class should not exist ! legacy
2015-06-01 10:48:13 -03:00
Mike Jolley
2febc8f20a
Add capability checks to ajax requests
...
Closes #15
2015-06-01 13:38:00 +01:00
Mike Jolley
1505424469
Define allowed_file_types
...
#13
2015-06-01 13:37:43 +01:00
Mike Jolley
527311d553
Validate file types when saving products. Closes #13
...
Handles 3 possible types of file;
1. Relative path on server
2. Absolute URL
3. Shortcodes
URLs without extensions are not validated.
2015-06-01 13:37:39 +01:00
Claudio Sanches
95a4133bb7
Removed WooCommerce::fix_server_vars, closes #14
2015-06-01 13:37:33 +01:00
Mike Jolley
5b435024ea
Use htmlspecialchars to ensure characters get encoded for select2
...
We cannot update to select2 4.0 until a major release. Closes #4
2015-06-01 13:37:26 +01:00
Mike Jolley
c5bb4ad473
Fix tooltip implode
2015-06-01 13:37:21 +01:00
Mike Jolley
cb2079deaa
wc_send_frame_options_header
...
Prevent Clickjacking - prevent checkout and account pages from being
used in iFrames. Added via filter so this can be disabled.
Closes #8
2015-06-01 13:37:12 +01:00
Mike Jolley
3b45c0d46f
Set nonce_user_logged_out to WC session ID, if set
...
Closes #9
2015-06-01 13:36:07 +01:00
Mike Jolley
ed99be9aed
Sanitize tooltips with htmlspecialchars and remove esc_attr usage
...
Part of #4
2015-06-01 13:36:03 +01:00
Claudio Sanches
51c8bbf87c
wrong nonce verification
2015-06-01 13:33:51 +01:00
Mike Jolley
ec5a693ad7
Use prepare for updating attributes
...
Closes #7
2015-06-01 13:29:02 +01:00
Claudio Sanches
9eb3b6ddf9
Changed all requests with wp_remote_* to wp_safe_remote_*
2015-06-01 13:28:55 +01:00
Alexander Concha
c1db266e80
Explicitly cast as integer the rating comment meta.
...
On multisite this can contain arbitrary values.
2015-06-01 13:27:16 +01:00
Ben Bidner
27f1c15900
email templates can only be moved / deleted / edited if the user has `edit_themes` capabilities
2015-06-01 13:26:02 +01:00
Claudio Sanches
48094b9bf2
Added nonces and check capability when hide admin notices
2015-06-01 13:19:26 +01:00
Claudio Sanches
65608d3fd0
Added nonces and check capability to copy or delete email templates, closes #5
2015-06-01 13:12:25 +01:00
Claudio Sanches
5b00dee203
Implemented wp_safe_remote_* functions for webhooks requests #10
2015-06-01 13:09:21 +01:00
Claudio Sanches
166ec607c0
Escape columns
2015-06-01 13:08:33 +01:00
Alexander Concha
f194330aeb
Escape properly echoed values
...
The variables $base_slug/$structures may contain unsafe values due to
the use of urldecode. For example if the post slug is '%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E'
2015-06-01 12:59:03 +01:00
Alexander Concha
f38bc86c5d
Escape properly the metadata to be copied.
...
Fixes a SQL injection because the meta key can contain arbitrary values.
2015-06-01 12:58:56 +01:00
Alexander Concha
3c1b14d00d
Escape properly the provided array of post codes
...
The callers only run wc_clean/esc_attr on the provided values which are
not functions meant to protect against SQL injections.
2015-06-01 12:58:51 +01:00
Ben Bidner
7d8db595f2
Fixes an (admin) SQLi when setting stock levels for product variations
2015-06-01 12:58:38 +01:00
Alexander Concha
7896b49684
fclose requires a resource, not a string.
2015-06-01 12:58:06 +01:00
Ben Bidner
2740db17c0
Merge conflict - esc customer data
2015-06-01 12:57:48 +01:00
Ben Bidner
f46060a0dd
Remove call to `wp_specialchars_decode()` in `wc_get_price_thousand_separator()` and `wc_get_price_decimal_separator()`.
...
Closes #6
2015-06-01 12:54:23 +01:00
Ben Bidner
f3e3b5c209
add `$args` arguments to `WC_Product_Factory->get_product_class()` to allow `$product_type` to be overwritten by `$args['product_type']`
2015-06-01 12:54:18 +01:00
Ben Bidner
7b9a22208e
readds the `$the_product` global variable
2015-06-01 12:54:14 +01:00
Ben Bidner
c8dd2b6268
fixes usage of void return value from `wc_cart_totals_taxes_total_html()`
2015-06-01 12:54:07 +01:00
Ben Bidner
f066a7bb21
pass correct number of arguments to `wc_lostpassword_url()`, `wc_nav_menu_items()`, `wc_nav_menu_item_classes()`, and `wc_change_term_counts()`
2015-06-01 12:53:51 +01:00