Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,999 Commits 1,095 Branches 782 Tags 943 MiB
Commit Graph

4689 Commits

Author SHA1 Message Date
Mike Jolley ec5a693ad7 Use prepare for updating attributes 
Closes #7
 2015-06-01 13:29:02 +01:00
Claudio Sanches 9eb3b6ddf9 Changed all requests with wp_remote_* to wp_safe_remote_* 2015-06-01 13:28:55 +01:00
Alexander Concha c1db266e80 Explicitly cast as integer the rating comment meta. 
On multisite this can contain arbitrary values.
 2015-06-01 13:27:16 +01:00
Ben Bidner 27f1c15900 email templates can only be moved / deleted / edited if the user has `edit_themes` capabilities 2015-06-01 13:26:02 +01:00
Claudio Sanches 48094b9bf2 Added nonces and check capability when hide admin notices 2015-06-01 13:19:26 +01:00
Claudio Sanches 65608d3fd0 Added nonces and check capability to copy or delete email templates, closes #5 2015-06-01 13:12:25 +01:00
Claudio Sanches 5b00dee203 Implemented wp_safe_remote_* functions for webhooks requests #10 2015-06-01 13:09:21 +01:00
Claudio Sanches 166ec607c0 Escape columns 2015-06-01 13:08:33 +01:00
Alexander Concha f194330aeb Escape properly echoed values 
The variables $base_slug/$structures may contain unsafe values due to
the use of urldecode. For example if the post slug is '%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E'
 2015-06-01 12:59:03 +01:00
Alexander Concha f38bc86c5d Escape properly the metadata to be copied. 
Fixes a SQL injection because the meta key can contain arbitrary values.
 2015-06-01 12:58:56 +01:00
Alexander Concha 3c1b14d00d Escape properly the provided array of post codes 
The callers only run wc_clean/esc_attr on the provided values which are
not functions meant to protect against SQL injections.
 2015-06-01 12:58:51 +01:00
Ben Bidner 7d8db595f2 Fixes an (admin) SQLi when setting stock levels for product variations 2015-06-01 12:58:38 +01:00
Alexander Concha 7896b49684 fclose requires a resource, not a string. 2015-06-01 12:58:06 +01:00
Ben Bidner 2740db17c0 Merge conflict - esc customer data 2015-06-01 12:57:48 +01:00
Ben Bidner f46060a0dd Remove call to `wp_specialchars_decode()` in `wc_get_price_thousand_separator()` and `wc_get_price_decimal_separator()`. 
Closes #6
 2015-06-01 12:54:23 +01:00
Ben Bidner f3e3b5c209 add `$args` arguments to `WC_Product_Factory->get_product_class()` to allow `$product_type` to be overwritten by `$args['product_type']` 2015-06-01 12:54:18 +01:00
Ben Bidner 7b9a22208e readds the `$the_product` global variable 2015-06-01 12:54:14 +01:00
Ben Bidner f066a7bb21 pass correct number of arguments to `wc_lostpassword_url()`, `wc_nav_menu_items()`, `wc_nav_menu_item_classes()`, and `wc_change_term_counts()` 2015-06-01 12:53:51 +01:00
Ben Bidner 32e37b57d0 fixes too many arguments in function or method call: WC_Shortcode_My_Account::add_payment_method($wp->query_vars['add-payment-method']) 2015-06-01 12:52:10 +01:00
Ben Bidner 1aa020ca57 fixes undefined constant ('error_code' > '$error' typo) 2015-06-01 12:52:01 +01:00
Ben Bidner 5e22e13975 set default currency position format string (in case of missing or invalid `woocommerce_currency_pos` option value) 2015-06-01 12:51:56 +01:00
Mike Jolley 3d049ff379 [2.3] Clear expired transients on update 2015-06-01 11:39:03 +01:00
Mike Jolley 1ce272b385 [2.3] Tweak transient clear SQL 2015-06-01 11:38:43 +01:00
Mike Jolley b9708c4df9 Show refunded total shipping and taxes 
Closes #8222
 2015-06-01 11:06:11 +01:00
Mike Jolley bd7624e5b7 Check template code isset 2015-05-29 17:40:53 +01:00
Mike Jolley 1e3fcd0e6d [2.3] Avoid initialising classes when saving 2015-05-29 17:38:25 +01:00
Mike Jolley 803f4a9e85 [2.3] Delete correct transient when linking variations 
Closes #8241
 2015-05-29 15:34:27 +01:00
Mike Jolley 3222d1473e Merge pull request #8242 from n-dawson/master 
Add a filter to override needs_shipping_address order method.
 2015-05-29 15:28:49 +01:00
Mike Jolley a7a290e12a Merge pull request #8250 from kilbot/patch-1 
Add capability_type to product_variation
 2015-05-29 15:27:41 +01:00
Mike Jolley 0a3defd798 Move tax enabled check 2015-05-29 14:55:57 +01:00
Claudio Sanches b2711f3d64 [API] Fixed products tags in write-mode 2015-05-29 10:05:15 -03:00
Claudio Sanches 88003436a6 [API] Add properly sanitization for categories and tags in products endpoint, closes #8251 2015-05-29 10:04:02 -03:00
Paul Kilmurray b16d443709 fix missing comma 2015-05-29 19:35:31 +08:00
Paul Kilmurray b158d517e9 Add capability_type to product_variation 
By default the product_variation has `capability_type = 'post'` which means that users need `edit_post` capability to edit. This change will make variation capabilities consistent with products, ie: `edit_product`
 2015-05-29 17:42:33 +08:00
roykho b9eefa58fa use esc_textarea function 2015-05-28 16:08:22 -07:00
roykho 54b0a0ca54 changed dynamic variation description to allow limited HTML and some sanitized tweaks 2015-05-28 14:31:45 -07:00
Mike Jolley e51eae80c6 Merge pull request #8167 from roykho/dynamic-variation-description 
Dynamic variation description
 2015-05-28 15:53:03 +01:00
Nathan Dawson e535e005b7 Add a filter to override needs_shipping_address order method. 
If an order doesn't have any shipping methods it's not possible to set needs_shipping_address to true. When 'woocommerce_cart_needs_shipping_address' is set to true the address needs to be shown on the front end and in confirmation emails.
 2015-05-28 15:48:37 +01:00
Mike Jolley 4e5091adda Merge remote-tracking branch 'origin/master' 2015-05-28 14:42:45 +01:00
Mike Jolley 5cac639cff Merge branch 'improve-refund-reporting' Closes #8028 
Conflicts:
	includes/admin/reports/class-wc-report-sales-by-date.php
	includes/updates/woocommerce-update-2.4.php
 2015-05-28 14:41:20 +01:00
Claudio Sanches 903cb817f0 Fixed WC_Install::get_schema for woocommerce_api_keys table 2015-05-28 10:36:25 -03:00
Mike Jolley 5ef335b169 Merge pull request #8215 from JeroenSormani/order-tests 
Order tests
 2015-05-28 12:44:17 +01:00
Mike Jolley b77755af5c Merge pull request #8236 from n-dawson/master 
[2.3] Resolve blank shipping information bug. Fixes #8235
 2015-05-28 12:21:38 +01:00
Mike Jolley 4a9971193f Only track product views when widget is active 
Closes #8212
 2015-05-28 11:49:10 +01:00
James Koster 8c1e452514 proceed to checkout button template. closes #7507 2015-05-28 11:48:37 +01:00
Mike Jolley ba2e638e54 nocache download_file requests 
Closes #8162
 2015-05-28 11:44:47 +01:00
Nathan Dawson f9e43b874c Resolve blank shipping information bug. Fixes #8235 
Setting the 'woocommerce_cart_needs_shipping' filter to true means the shipping fields can be shown for virtual products. Whether to check shipping details should be based on whether they're shown and not whether the cart needs shipping.
 2015-05-28 00:54:05 +01:00
Claudio Sanches a76aa5218b Improved the new order and cancelled order emails descriptions, closes #8195 2015-05-27 16:57:57 -03:00
Claudio Sanches 676e09fdd3 Added new woocommerce_api_keys table in wpmu exclude and in status report 2015-05-27 16:46:43 -03:00
Claudio Sanches ebdcb0d9e8 [2.3] [API] Fixed subtotal_tax round and decimal dp, closes #8140 2015-05-27 16:18:02 -03:00