Commit Graph

4918 Commits

Author SHA1 Message Date
Mike Jolley a31a1911cd Merge pull request #8388 from justinshreve/download-url-help-text
Update the help text to mention that we expect already encoded URLs
2015-06-16 18:09:12 +01:00
Claudio Sanches 1876227c9a Removed dead variable and fixed coding standards on wc_create_page() 2015-06-16 13:08:30 -03:00
Justin Shreve 5d8b17bd6f Update the help text to mention that we expect already encoded URLs. 2015-06-16 15:48:05 +00:00
Mike Jolley f8151f416c Merge branch 'text-attribute-handling' 2015-06-16 15:11:58 +01:00
Mike Jolley 622b11ae9f Add version check to prevent pre-2.4 logic kicking in when not needed
@claudiosmweb
2015-06-16 15:10:53 +01:00
Claudio Sanches dde7bc699b Merge pull request #8385 from jobthomas/master
Copy edit shipping settings
2015-06-16 10:54:19 -03:00
Job fd5fec705b Copy edit shipping settings
users > customer's
2015-06-16 15:51:36 +02:00
Mike Jolley 09fb3a604b [2.3] Small tweak to use email ID rather than classname directly
#8365
2015-06-16 14:47:03 +01:00
Mike Jolley 2501af0376 Merge pull request #8365 from tamarazuk/master
[2.3] Email settings save tweak
2015-06-16 14:43:07 +01:00
Mike Jolley f414ab99b4 Merge pull request #8375 from justinshreve/negative-refund-amount-8346
Prevent negative refund amounts (#8346)
2015-06-16 14:25:17 +01:00
Claudio Sanches 680605481f Merge pull request #8383 from woothemes/pages-cant-be-created-on-install-issue-8269
Allow trashed pages to be republished, closes #8269
2015-06-16 10:15:52 -03:00
Mike Jolley 93fbfe0bc3 Merge branch 'flat-rate-shipping-refactor' 2015-06-16 14:09:38 +01:00
Mike Jolley 583e1fc284 Typo closes #8381 2015-06-16 14:08:46 +01:00
Mike Jolley 71fc6c207e Free should only be used if costs set. If left blank, offer no rate
Closes #8380
2015-06-16 14:07:28 +01:00
davidlenehan 2fb7e0b52b Allow trashed pages to be republished
Expanding on @mehulkaklotar’s fix above. One issue is that is a deleted
store page has had its short code removed then it won’t be republished
and that page is still missing.

This fix catches pages that are in the trash but have no short code.
Those pages are now left in the trash and new page with the correct
short code is added in its place.

Fixes #8269
2015-06-16 12:31:15 +01:00
Mike Jolley 2347418c5b International shipping + legacy updater 2015-06-16 11:37:58 +01:00
Justin Shreve e832f1d132 Add some filters around order meta to enable filtering the output of meta/attribute information. 2015-06-15 22:16:44 +00:00
Justin Shreve b68244f3eb Prevent negative refunds in wc_create_refund by 0ing it out. 2015-06-15 20:20:31 +00:00
Justin Shreve 12a3a9d305 Return the 'Invalid refund amount' error for negative refunds. 2015-06-15 20:19:52 +00:00
Claudio Sanches ed20fd7921 Merge pull request #8372 from woothemes/add-empty-order-item-meta-issue8-339
Fixes issue with adding empty order item meta
2015-06-15 16:30:47 -03:00
Justin Shreve 910bcc7100 Index only the prefix of location_code when creating the tax_rate_locations table
Otherwise we hit a max key limit of 1000 with utf8 (since multiple bytes are stored per characater).
2015-06-15 16:45:30 +00:00
davidlenehan 925b46967a Removing the use of mb_strlen as it is always installed as standard. 2015-06-15 17:06:02 +01:00
davidlenehan 791317cfcf Fixes issue with adding empty order item meta
The changes just check to make sure that either a meta key or meta
value has been entered before it saves. Otherwise it deletes the order
item meta row that has been added. The user must add something to the
order item meta row now or it won’t get saved.

Not sure if this is the cleanest way to fix this issue. I was expecting
to see the function wc_update_order_item_meta() but it is not used in
this case.
2015-06-15 16:22:53 +01:00
Mike Jolley 75b01c5201 [2.3] woocommerce_downloadable_file_allowed_mime_types filter
#8362
2015-06-15 15:37:34 +01:00
Mike Jolley b3a161a744 Fix upgrade logic for per item type 2015-06-15 15:32:51 +01:00
Mike Jolley de1d818d4c remove functions and eval 2015-06-15 15:24:59 +01:00
Mike Jolley 6f90640ba3 Upgrade logic and option fallbacks 2015-06-15 15:24:51 +01:00
Mike Jolley 803714d088 BW compat for additional rates 2015-06-15 12:01:24 +01:00
Remi Corson 32a22b3337 replaced esc_attr by sanitize_html_class 2015-06-15 09:30:09 +02:00
Tamara Zuk 92c6d3d649 [2.3] Email settings save tweak
Allows emails to use a single common class as is done in Order Status
Manager
2015-06-13 10:15:58 -04:00
Remi Corson 61d7b156f4 added esc_attr 2015-06-12 21:59:51 +02:00
Mike Jolley d24461a9a5 Simplify flat rate shipping UI #8243 2015-06-12 16:19:43 +01:00
Mike Jolley af41e4bcd4 Eval Math Class 2015-06-12 14:27:50 +01:00
Remi Corson 40a56e2f9e Add debug tools classes 2015-06-12 15:07:01 +02:00
Mike Jolley 753a22734f Prevent Manage stock being forced on
Closes #8336
2015-06-12 11:22:54 +01:00
Mike Jolley 59d3fb5224 Merge pull request #8358 from justinshreve/colorpicker-integration
Implement the new color picker input and preview for integrations
2015-06-12 11:08:08 +01:00
Mike Jolley 12396f4296 Attempted bw compat by comparing sanitised text to real text 2015-06-11 15:42:18 +01:00
Claudio Sanches 6d3ea23fac Added woocommerce_add_to_cart_redirect to ajax cart button, closes #8349 2015-06-11 11:40:26 -03:00
Justin Shreve 133b9ce969 Implement the new color picker + preview for integrations as well. 2015-06-11 14:40:06 +00:00
Mike Jolley 89f7e15052 Save full version of text based attributes when dealing with variations 2015-06-11 14:43:02 +01:00
Mike Jolley 02ef083eaf wc_get_text_attributes function 2015-06-11 14:42:37 +01:00
Mike Jolley a3ed5efcd9 Merge pull request #8351 from MikeHansenMe/master
Fix broken password reset
2015-06-11 10:43:15 +01:00
Justin Shreve 5f627cf850 Move the color preview to its own separate "preview box" rather then changing the color of the input div box. 2015-06-11 07:15:51 +00:00
Mike Hansen 819f22df29 Update wc-page-functions.php 2015-06-10 17:53:34 -06:00
Diego Zanella 1faae5f4f5 Fixed reference in PayPal IPN class
* Using __CLASS__ in valid_response() prevents inheritance, as __CLASS__ is always resolved as the parent class. A descendant class would have to copy/paste the whole block of code for it to work correctly. Solution: replaced it with $this, as the valid_response() method is not static, and neither are any of the "payment_status_" methods.
2015-06-10 19:17:37 +01:00
Mike Jolley f3951a7490 [2.3] Fallback to serialized data if safe. 2015-06-10 18:28:34 +01:00
Mike Jolley aaaef5bfcf [2.3] Incorrect wc_product_total_stock_ transient
Closes #8337
2015-06-10 18:28:34 +01:00
Mike Jolley 21773ff9ba [2.3] JSON encode/decode PayPal response 2015-06-10 18:28:33 +01:00
Claudio Sanches 157a22a79c Merge pull request #8345 from justinshreve/product-api-download-url-8335
[2.3] Run URLs through esc_url_raw instead of wc_clean in the Products API (#8335)
2015-06-10 13:24:23 -03:00
Justin Shreve 66ccc8a75c Only run the file URL through esc_url_raw if it looks like an absolute URL, otherwise if it is a shortcode or relative URL, continue to use wc_clean. 2015-06-10 16:12:10 +00:00
Justin Shreve 7c3774e65f For file URLs and images, run the URL through esc_url_raw rather than wc_clean (which removes/strips things like entities). 2015-06-10 15:34:36 +00:00
Claudio Sanches fa026ea49d Normalize the "Order #" #8305 2015-06-10 12:09:18 -03:00
Claudio Sanches c9c3be6d3e [API] Use settings to auto generate passwords or not, closes #8342 2015-06-10 10:56:25 -03:00
Patrick Rauland 2d69a0d9c9 removing references to the community forum 2015-06-09 13:55:05 -06:00
Claudio Sanches eefd9a24f1 Merge pull request #8330 from justinshreve/api-tax-rounding-8328
Stop using the frontend display setting for tax rounding in the API (#8328)
2015-06-09 13:09:46 -03:00
Claudio Sanches f333bb68b2 Improved js for widget layered nav #8332 2015-06-09 13:06:50 -03:00
Claudio Sanches 16ddd24887 [2.3] Fixed & and , for layered nav dropdowns, closes #8332 2015-06-09 12:49:57 -03:00
Claudio Sanches c02052a206 [API] Stop undefined index erros for variations in orders endpoint
@justinshreve
2015-06-09 12:39:37 -03:00
Mike Jolley a148e867b0 [2.3] Fix sale item exclusion logic for variations
Closes #8324
2015-06-09 16:10:46 +01:00
Justin Shreve 1d8b6a58d6 Avoid rounding subtotal_tax and total_tax. Don't call wc_round_tax_total for subtotal, and avoid the call to get_line_tax directly which also calls wc_round_tax_total. 2015-06-09 15:06:30 +00:00
Mike Jolley 922ca47cc1 [2.3] woocommerce_downloadable_file_exists filter 2015-06-09 15:27:28 +01:00
Claudio Sanches db8b343532 Merge pull request #8322 from justinshreve/api-product-variation-7951
Take product variation into account when creating orders from the API (fixes #7951)
2015-06-09 11:20:44 -03:00
Mike Jolley 9009b334e7 Merge branch 'test-price-filter' 2015-06-09 15:15:15 +01:00
Mike Jolley fe58e1b5e9 Account for tax classes 2015-06-09 14:58:27 +01:00
Justin Shreve 651b65f28e Add a unit test for get_variation_id so we know we are getting back the IDs that we want 2015-06-09 13:02:02 +00:00
Justin Shreve 937f93faa6 Clean up some naming and add a clarifying comment for the attribute & pa_ stripping. 2015-06-09 12:41:06 +00:00
Justin Shreve 251636c02e First pass at figuring out what the variation ID is based on variation information being passed in via the API. 2015-06-09 12:41:06 +00:00
Justin Shreve a7891750b7 Switch the permissions check for json_search_products to use the read_product capability. 2015-06-09 12:35:33 +00:00
Justin Shreve 3233eb471e Switch the json_search_products and json_search_downloadable_products_and_variations ajax functions to check for the `edit_shop_orders` cap instead of `edit_products`. 2015-06-09 12:35:33 +00:00
Mike Jolley eb4b9a7cd1 Merge pull request #8304 from krautnerds/quick-fix-variation-admin-stock-display
Quick fix stock display for product variations
2015-06-09 12:24:55 +01:00
Mike Jolley 6c557c21e5 woocommerce_duplicate_product_exclude_children, woocommerce_duplicate_product_exclude_meta, woocommerce_duplicate_product_exclude_taxonomies
Closes #8271
2015-06-09 12:07:29 +01:00
Mike Jolley 34f8536b20 Merge pull request #8306 from krautnerds/fix-customer-rest-api-pagination
Fixed pagination headers for customer REST API
2015-06-09 11:43:27 +01:00
Mike Jolley 5771969c2c Prevent notices in get_children 2015-06-09 10:32:40 +01:00
Claudio Sanches 1623ffd6ee Merge pull request #8326 from woothemes/api-tweaks
API Keys tweaks
2015-06-08 20:24:44 -03:00
Claudio Sanches 4698111dd2 Hide api key fields when generate a new keys 2015-06-08 20:22:49 -03:00
Claudio Sanches 151499db49 Fixed wc-api-keys script load 2015-06-08 20:14:46 -03:00
Claudio Sanches 61c6e21f6c Added wc_api_hash() int he consumer_key on update for 2.4 2015-06-08 20:06:04 -03:00
Claudio Sanches 7ee65c0256 Improved the woocommerce_api_keys table 2015-06-08 20:04:29 -03:00
Claudio Sanches 91bb8c7ba9 Updated the api authentication 2015-06-08 19:58:38 -03:00
Claudio Sanches 51c5ef6b20 Removed extra <p> 2015-06-08 19:45:14 -03:00
Claudio Sanches 89ddda9ff6 Added new api key generation methods 2015-06-08 19:41:35 -03:00
Claudio Sanches 55efdc5077 Escaped js/url in widget layered nav when use the dropdown option, closes #8320 2015-06-08 13:10:23 -03:00
Claudio Sanches 3f45c874fe Created wc_api_hash() 2015-06-08 12:57:19 -03:00
Claudio Sanches 3697ad9de2 Improved the API keys entropy 2015-06-08 12:01:54 -03:00
Claudio Sanches ef0f527b40 Created new woocommerce_validate_postcode filter
And added PT postcode validation

closes #8319
2015-06-08 11:50:21 -03:00
Sergey cfecd0af2d add woocommerce_get_product_terms filter 2015-06-08 16:41:11 +03:00
Mike Jolley 68974655d6 Tweak visible child product query and cache 2015-06-08 13:18:23 +01:00
Mike Jolley bb4c303c39 get_type has no args 2015-06-08 12:22:26 +01:00
Mike Jolley 983041209b Use get_type() in post_class function 2015-06-08 12:20:51 +01:00
Mike Jolley 3c87e39ce6 Product get_type() method 2015-06-08 12:20:39 +01:00
Claudio Sanches 0b861d6587 Fixed filetype check for digital downloads, closes #8316
@mikejolley
2015-06-07 22:39:32 -03:00
Florian Ludwig 994e4104e9 Fixed pagination headers for customer REST API
The old code didn’t ever work in my opinion, because WP_User_Query has
no attributes page and total_pages
2015-06-05 19:28:58 +02:00
Florian Ludwig 2b4e19d0b4 Quick fix stock display for product variations
This fixes bug #8302 in a very ugly way (in my opinion)
2015-06-05 19:22:32 +02:00
Justin Shreve 0fb9851164 When upgrading to WooCommerce 2.4, make sure that the order.updated webhook fires for woocommerce_order_edit_status as well. 2015-06-05 17:09:46 +00:00
Justin Shreve e88c1bfb9e When the status is changed via bulk actions or by the status button, execute order.updated. 2015-06-05 16:43:24 +00:00
Claudio Sanches 6fee82b377 [API] Added display and image info in product category endpoint, closes #8298 2015-06-05 11:37:46 -03:00
Mike Jolley 716302d76e Revised API endpoint
- Trigger an generic action on all API requests
- Set status header based on whether or not the API endpoint is
actually valid/being listened for
- No cache headers
- No longer try to init unknown class
- Init gateways before the request so their listeners are registered

cc @claudiosmweb
2015-06-05 14:36:50 +01:00
Mike Jolley 79629c5928 Merge pull request #8287 from aelia-co/master
Ensured that refunds have parent order's currency
2015-06-05 13:54:00 +01:00
Mike Jolley 541edc3570 Merge pull request #8274 from SiR-DanieL/patch-5
Filter wc_tax_enabled
2015-06-05 13:53:33 +01:00
Mike Jolley a4c2a73050 Max array keys 2015-06-05 13:37:45 +01:00
Mike Jolley 71673684fb [2.3] get_discounted_price needs to check if taxes are enabled
Closes #8267
2015-06-05 11:24:59 +01:00
Claudio Sanches b433f5e2ce Removed duplicated code in WC_AJAX::increase_order_item_stock() 2015-06-04 21:02:03 -03:00
Claudio Sanches 2d5c53942b Removed duplicated code in WC_AJAX::reduce_order_item_stock() 2015-06-04 20:57:43 -03:00
Diego Zanella 1d3713922b Restored original WC_Gateway_PayPal class 2015-06-04 09:04:33 +01:00
Diego Zanella c0051da5c5 Added logic to copy the refund currency from parent order 2015-06-04 08:55:24 +01:00
Diego Zanella edd831db94 Merge remote-tracking branch 'upstream/master' 2015-06-04 08:45:27 +01:00
Justin Shreve 01a19cc0c7 Round the total_pages calculation up so we always display the right number of pages. 2015-06-03 23:05:52 +00:00
Claudio Sanches b9442f2ffa [2.3] Check if rating is enabled before check if rating is required to a review, closes #8281 2015-06-03 16:57:36 -03:00
Mike Jolley a2f05dd368 Show notices before cat loops 2015-06-03 14:22:23 +01:00
Nicola Mustone 29e6082ab6 typo 2015-06-03 12:50:11 +02:00
Nicola Mustone 17eac9eaed added filter wc_tax_enabled 2015-06-03 12:49:10 +02:00
Shiva Poudel db107fac45 Check array in expression for json_search_* events 2015-06-02 22:58:52 +05:45
Shiva Poudel 27adbb2a0b Best practise to check array in expression :) 2015-06-02 22:55:02 +05:45
Mike Jolley 60dd4474db abstract email class should not exist ! legacy 2015-06-01 10:48:13 -03:00
Mike Jolley 2febc8f20a Add capability checks to ajax requests
Closes #15
2015-06-01 13:38:00 +01:00
Mike Jolley 1505424469 Define allowed_file_types
#13
2015-06-01 13:37:43 +01:00
Mike Jolley 527311d553 Validate file types when saving products. Closes #13
Handles 3 possible types of file;
  1. Relative path on server
  2. Absolute URL
  3. Shortcodes

URLs without extensions are not validated.
2015-06-01 13:37:39 +01:00
Mike Jolley 5b435024ea Use htmlspecialchars to ensure characters get encoded for select2
We cannot update to select2 4.0 until a major release. Closes #4
2015-06-01 13:37:26 +01:00
Mike Jolley c5bb4ad473 Fix tooltip implode 2015-06-01 13:37:21 +01:00
Mike Jolley cb2079deaa wc_send_frame_options_header
Prevent Clickjacking - prevent checkout and account pages from being
used in iFrames. Added via filter so this can be disabled.

Closes #8
2015-06-01 13:37:12 +01:00
Mike Jolley 3b45c0d46f Set nonce_user_logged_out to WC session ID, if set
Closes #9
2015-06-01 13:36:07 +01:00
Mike Jolley ed99be9aed Sanitize tooltips with htmlspecialchars and remove esc_attr usage
Part of #4
2015-06-01 13:36:03 +01:00
Claudio Sanches 51c8bbf87c wrong nonce verification 2015-06-01 13:33:51 +01:00
Mike Jolley ec5a693ad7 Use prepare for updating attributes
Closes #7
2015-06-01 13:29:02 +01:00
Claudio Sanches 9eb3b6ddf9 Changed all requests with wp_remote_* to wp_safe_remote_* 2015-06-01 13:28:55 +01:00
Alexander Concha c1db266e80 Explicitly cast as integer the rating comment meta.
On multisite this can contain arbitrary values.
2015-06-01 13:27:16 +01:00
Ben Bidner 27f1c15900 email templates can only be moved / deleted / edited if the user has `edit_themes` capabilities 2015-06-01 13:26:02 +01:00
Claudio Sanches 48094b9bf2 Added nonces and check capability when hide admin notices 2015-06-01 13:19:26 +01:00
Claudio Sanches 65608d3fd0 Added nonces and check capability to copy or delete email templates, closes #5 2015-06-01 13:12:25 +01:00
Claudio Sanches 5b00dee203 Implemented wp_safe_remote_* functions for webhooks requests #10 2015-06-01 13:09:21 +01:00
Claudio Sanches 166ec607c0 Escape columns 2015-06-01 13:08:33 +01:00
Alexander Concha f194330aeb Escape properly echoed values
The variables $base_slug/$structures may contain unsafe values due to
the use of urldecode. For example if the post slug is '%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E'
2015-06-01 12:59:03 +01:00
Alexander Concha f38bc86c5d Escape properly the metadata to be copied.
Fixes a SQL injection because the meta key can contain arbitrary values.
2015-06-01 12:58:56 +01:00
Alexander Concha 3c1b14d00d Escape properly the provided array of post codes
The callers only run wc_clean/esc_attr on the provided values which are
not functions meant to protect against SQL injections.
2015-06-01 12:58:51 +01:00
Ben Bidner 7d8db595f2 Fixes an (admin) SQLi when setting stock levels for product variations 2015-06-01 12:58:38 +01:00
Alexander Concha 7896b49684 fclose requires a resource, not a string. 2015-06-01 12:58:06 +01:00
Ben Bidner 2740db17c0 Merge conflict - esc customer data 2015-06-01 12:57:48 +01:00
Ben Bidner f46060a0dd Remove call to `wp_specialchars_decode()` in `wc_get_price_thousand_separator()` and `wc_get_price_decimal_separator()`.
Closes #6
2015-06-01 12:54:23 +01:00
Ben Bidner f3e3b5c209 add `$args` arguments to `WC_Product_Factory->get_product_class()` to allow `$product_type` to be overwritten by `$args['product_type']` 2015-06-01 12:54:18 +01:00
Ben Bidner 7b9a22208e readds the `$the_product` global variable 2015-06-01 12:54:14 +01:00
Ben Bidner f066a7bb21 pass correct number of arguments to `wc_lostpassword_url()`, `wc_nav_menu_items()`, `wc_nav_menu_item_classes()`, and `wc_change_term_counts()` 2015-06-01 12:53:51 +01:00
Ben Bidner 32e37b57d0 fixes too many arguments in function or method call: WC_Shortcode_My_Account::add_payment_method($wp->query_vars['add-payment-method']) 2015-06-01 12:52:10 +01:00
Ben Bidner 1aa020ca57 fixes undefined constant ('error_code' > '$error' typo) 2015-06-01 12:52:01 +01:00
Ben Bidner 5e22e13975 set default currency position format string (in case of missing or invalid `woocommerce_currency_pos` option value) 2015-06-01 12:51:56 +01:00
Mike Jolley 3d049ff379 [2.3] Clear expired transients on update 2015-06-01 11:39:03 +01:00
Mike Jolley 1ce272b385 [2.3] Tweak transient clear SQL 2015-06-01 11:38:43 +01:00
Mike Jolley b9708c4df9 Show refunded total shipping and taxes
Closes #8222
2015-06-01 11:06:11 +01:00
Mike Jolley bd7624e5b7 Check template code isset 2015-05-29 17:40:53 +01:00
Mike Jolley 1e3fcd0e6d [2.3] Avoid initialising classes when saving 2015-05-29 17:38:25 +01:00
Mike Jolley 803f4a9e85 [2.3] Delete correct transient when linking variations
Closes #8241
2015-05-29 15:34:27 +01:00