Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy - Version 3.7.6

Version Description

Download this release

Release Info

Developer tareq1988
Plugin Icon wp plugin Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy
Version 3.7.6
Comparing to
See all releases

Code changes from version 3.7.5 to 3.7.6

Files changed (9) hide show
  1. dokan.php +3 -3
  2. includes/Ajax.php +1 -1
  3. includes/Product/functions.php +9 -8
  4. languages/dokan-lite.pot +13 -13
  5. readme.txt +6 -2
  6. templates/whats-new.php +12 -0
  7. vendor/autoload.php +1 -1
  8. vendor/composer/autoload_real.php +7 -7
  9. vendor/composer/autoload_static.php +4 -4
dokan.php CHANGED
@@ -3,12 +3,12 @@
3
  * Plugin Name: Dokan
4
  * Plugin URI: https://wordpress.org/plugins/dokan-lite/
5
  * Description: An e-commerce marketplace plugin for WordPress. Powered by WooCommerce and weDevs.
6
- * Version: 3.7.5
7
  * Author: weDevs
8
  * Author URI: https://wedevs.com/
9
  * Text Domain: dokan-lite
10
  * WC requires at least: 5.0.0
11
- * WC tested up to: 7.0.1
12
  * Domain Path: /languages/
13
  * License: GPL2
14
  */
@@ -56,7 +56,7 @@ final class WeDevs_Dokan {
56
  *
57
  * @var string
58
  */
59
- public $version = '3.7.5';
60
 
61
  /**
62
  * Instance of self
3
  * Plugin Name: Dokan
4
  * Plugin URI: https://wordpress.org/plugins/dokan-lite/
5
  * Description: An e-commerce marketplace plugin for WordPress. Powered by WooCommerce and weDevs.
6
+ * Version: 3.7.6
7
  * Author: weDevs
8
  * Author URI: https://wedevs.com/
9
  * Text Domain: dokan-lite
10
  * WC requires at least: 5.0.0
11
+ * WC tested up to: 7.1.0
12
  * Domain Path: /languages/
13
  * License: GPL2
14
  */
56
  *
57
  * @var string
58
  */
59
+ public $version = '3.7.6';
60
 
61
  /**
62
  * Instance of self
includes/Ajax.php CHANGED
@@ -640,7 +640,7 @@ class Ajax {
640
  check_ajax_referer( 'search-products', 'security' );
641
 
642
  $term = ! empty( $_GET['term'] ) ? sanitize_text_field( wp_unslash( $_GET['term'] ) ) : '';
643
- $user_ids = ! empty( $_GET['user_ids'] ) ? sanitize_text_field( wp_unslash( $_GET['user_ids'] ) ) : false;
644
 
645
  if ( empty( $term ) ) {
646
  wp_die();
640
  check_ajax_referer( 'search-products', 'security' );
641
 
642
  $term = ! empty( $_GET['term'] ) ? sanitize_text_field( wp_unslash( $_GET['term'] ) ) : '';
643
+ $user_ids = ! empty( $_GET['user_ids'] ) ? array_filter( array_map( 'absint', (array) wp_unslash( $_GET['user_ids'] ) ) ) : false;
644
 
645
  if ( empty( $term ) ) {
646
  wp_die();
includes/Product/functions.php CHANGED
@@ -385,19 +385,22 @@ function dokan_search_seller_products( $term, $user_ids = false, $type = '', $in
385
  $type_join = '';
386
  $type_where = '';
387
  $users_where = '';
 
388
 
389
  if ( $type ) {
390
  if ( in_array( $type, [ 'virtual', 'downloadable' ], true ) ) {
391
  $type_join = " LEFT JOIN {$wpdb->postmeta} postmeta_type ON posts.ID = postmeta_type.post_id ";
392
- $type_where = " AND ( postmeta_type.meta_key = '_{$type}' AND postmeta_type.meta_value = 'yes' ) ";
 
393
  }
394
  }
395
 
396
- if ( $user_ids ) {
397
  if ( is_array( $user_ids ) ) {
398
- $users_where = " AND posts.post_author IN ('" . implode( "','", $user_ids ) . "')";
399
- } else {
400
- $users_where = " AND posts.post_author = '$user_ids'";
 
401
  }
402
  }
403
  // phpcs:ignore WordPress.DB.PreparedSQL
@@ -420,9 +423,7 @@ function dokan_search_seller_products( $term, $user_ids = false, $type = '', $in
420
  $users_where
421
  ORDER BY posts.post_parent ASC, posts.post_title ASC
422
  ",
423
- $like_term,
424
- $like_term,
425
- $like_term
426
  )
427
  // phpcs:enable
428
  );
385
  $type_join = '';
386
  $type_where = '';
387
  $users_where = '';
388
+ $query_args = [ $like_term, $like_term, $like_term ];
389
 
390
  if ( $type ) {
391
  if ( in_array( $type, [ 'virtual', 'downloadable' ], true ) ) {
392
  $type_join = " LEFT JOIN {$wpdb->postmeta} postmeta_type ON posts.ID = postmeta_type.post_id ";
393
+ $type_where = " AND ( postmeta_type.meta_key = %s AND postmeta_type.meta_value = 'yes' ) ";
394
+ $query_args[] = "_{$type}";
395
  }
396
  }
397
 
398
+ if ( ! empty( $user_ids ) ) {
399
  if ( is_array( $user_ids ) ) {
400
+ $users_where = " AND posts.post_author IN ('" . implode( "','", array_filter( array_map( 'absint', $user_ids ) ) ) . "')";
401
+ } elseif ( is_numeric( $user_ids ) ) {
402
+ $users_where = ' AND posts.post_author = %d';
403
+ $query_args[] = $user_ids;
404
  }
405
  }
406
  // phpcs:ignore WordPress.DB.PreparedSQL
423
  $users_where
424
  ORDER BY posts.post_parent ASC, posts.post_title ASC
425
  ",
426
+ $query_args
 
 
427
  )
428
  // phpcs:enable
429
  );
languages/dokan-lite.pot CHANGED
@@ -2,9 +2,9 @@
2
  # This file is distributed under the GPL2.
3
  msgid ""
4
  msgstr ""
5
- "Project-Id-Version: Dokan 3.7.5\n"
6
  "Report-Msgid-Bugs-To: https://wedevs.com/contact/\n"
7
- "POT-Creation-Date: 2022-11-03 06:36:34+00:00\n"
8
  "MIME-Version: 1.0\n"
9
  "Content-Type: text/plain; charset=utf-8\n"
10
  "Content-Transfer-Encoding: 8bit\n"
@@ -1627,7 +1627,7 @@ msgstr ""
1627
  msgid "Are you sure ?"
1628
  msgstr ""
1629
 
1630
- #: includes/Assets.php:585 includes/Product/functions.php:497
1631
  #: src/admin/components/AdminNotice.vue:153
1632
  msgid "Are you sure?"
1633
  msgstr ""
@@ -2308,7 +2308,7 @@ msgid "You have no permission to view this page"
2308
  msgstr ""
2309
 
2310
  #: includes/Dashboard/Templates/Products.php:227
2311
- #: includes/Product/functions.php:487
2312
  msgid "Delete Permanently"
2313
  msgstr ""
2314
 
@@ -3617,40 +3617,40 @@ msgstr ""
3617
  msgid "Hidden"
3618
  msgstr ""
3619
 
3620
- #: includes/Product/functions.php:479
3621
  msgid "Edit"
3622
  msgstr ""
3623
 
3624
- #: includes/Product/functions.php:503 templates/my-orders.php:107
3625
  #: templates/orders/listing.php:162 templates/sub-orders.php:100
3626
  msgid "View"
3627
  msgstr ""
3628
 
3629
- #: includes/Product/functions.php:594
3630
  msgid "Default sorting"
3631
  msgstr ""
3632
 
3633
- #: includes/Product/functions.php:595
3634
  msgid "Sort by popularity"
3635
  msgstr ""
3636
 
3637
- #: includes/Product/functions.php:596
3638
  msgid "Sort by average rating"
3639
  msgstr ""
3640
 
3641
- #: includes/Product/functions.php:597
3642
  msgid "Sort by latest"
3643
  msgstr ""
3644
 
3645
- #: includes/Product/functions.php:598
3646
  msgid "Sort by price: low to high"
3647
  msgstr ""
3648
 
3649
- #: includes/Product/functions.php:599
3650
  msgid "Sort by price: high to low"
3651
  msgstr ""
3652
 
3653
- #: includes/Product/functions.php:607
3654
  msgid "Relevance"
3655
  msgstr ""
3656
 
2
  # This file is distributed under the GPL2.
3
  msgid ""
4
  msgstr ""
5
+ "Project-Id-Version: Dokan 3.7.6\n"
6
  "Report-Msgid-Bugs-To: https://wedevs.com/contact/\n"
7
+ "POT-Creation-Date: 2022-11-14 08:42:08+00:00\n"
8
  "MIME-Version: 1.0\n"
9
  "Content-Type: text/plain; charset=utf-8\n"
10
  "Content-Transfer-Encoding: 8bit\n"
1627
  msgid "Are you sure ?"
1628
  msgstr ""
1629
 
1630
+ #: includes/Assets.php:585 includes/Product/functions.php:498
1631
  #: src/admin/components/AdminNotice.vue:153
1632
  msgid "Are you sure?"
1633
  msgstr ""
2308
  msgstr ""
2309
 
2310
  #: includes/Dashboard/Templates/Products.php:227
2311
+ #: includes/Product/functions.php:488
2312
  msgid "Delete Permanently"
2313
  msgstr ""
2314
 
3617
  msgid "Hidden"
3618
  msgstr ""
3619
 
3620
+ #: includes/Product/functions.php:480
3621
  msgid "Edit"
3622
  msgstr ""
3623
 
3624
+ #: includes/Product/functions.php:504 templates/my-orders.php:107
3625
  #: templates/orders/listing.php:162 templates/sub-orders.php:100
3626
  msgid "View"
3627
  msgstr ""
3628
 
3629
+ #: includes/Product/functions.php:595
3630
  msgid "Default sorting"
3631
  msgstr ""
3632
 
3633
+ #: includes/Product/functions.php:596
3634
  msgid "Sort by popularity"
3635
  msgstr ""
3636
 
3637
+ #: includes/Product/functions.php:597
3638
  msgid "Sort by average rating"
3639
  msgstr ""
3640
 
3641
+ #: includes/Product/functions.php:598
3642
  msgid "Sort by latest"
3643
  msgstr ""
3644
 
3645
+ #: includes/Product/functions.php:599
3646
  msgid "Sort by price: low to high"
3647
  msgstr ""
3648
 
3649
+ #: includes/Product/functions.php:600
3650
  msgid "Sort by price: high to low"
3651
  msgstr ""
3652
 
3653
+ #: includes/Product/functions.php:608
3654
  msgid "Relevance"
3655
  msgstr ""
3656
 
readme.txt CHANGED
@@ -5,9 +5,9 @@ Tags: WooCommerce multivendor marketplace, multi vendor marketplace, multi selle
5
  Requires at least: 5.4
6
  Tested up to: 6.1
7
  WC requires at least: 5.0.0
8
- WC tested up to: 7.0.1
9
  Requires PHP: 7.2
10
- Stable tag: 3.7.5
11
  License: GPLv2 or later
12
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
13
 
@@ -313,6 +313,10 @@ A. Just install and activate the PRO version without deleting the free plugin. A
313
 
314
  == Changelog ==
315
 
 
 
 
 
316
  = v3.7.5 ( Nov 03, 2022 ) =
317
 
318
  - **new:** Added a new hook named dokan_store_product_search_results to filter out store product search results closes
5
  Requires at least: 5.4
6
  Tested up to: 6.1
7
  WC requires at least: 5.0.0
8
+ WC tested up to: 7.1.0
9
  Requires PHP: 7.2
10
+ Stable tag: 3.7.6
11
  License: GPLv2 or later
12
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
13
 
313
 
314
  == Changelog ==
315
 
316
+ = v3.7.6 ( Nov 14, 2022 ) =
317
+
318
+ - **fix:** Fixed a sql security issue while searching for products via ajax from vendor dashboard
319
+
320
  = v3.7.5 ( Nov 03, 2022 ) =
321
 
322
  - **new:** Added a new hook named dokan_store_product_search_results to filter out store product search results closes
templates/whats-new.php CHANGED
@@ -3,6 +3,18 @@
3
  * When you are adding new version please follow this sequence for changes: New Feature, New, Improvement, Fix...
4
  */
5
  $changelog = [
 
 
 
 
 
 
 
 
 
 
 
 
6
  [
7
  'version' => 'Version 3.7.5',
8
  'released' => '2022-11-03',
3
  * When you are adding new version please follow this sequence for changes: New Feature, New, Improvement, Fix...
4
  */
5
  $changelog = [
6
+ [
7
+ 'version' => 'Version 3.7.6',
8
+ 'released' => '2022-11-14',
9
+ 'changes' => [
10
+ 'Fix' => [
11
+ [
12
+ 'title' => 'Fixed a sql security issue while searching for products via ajax from vendor dashboard',
13
+ 'description' => '',
14
+ ],
15
+ ],
16
+ ],
17
+ ],
18
  [
19
  'version' => 'Version 3.7.5',
20
  'released' => '2022-11-03',
vendor/autoload.php CHANGED
@@ -4,4 +4,4 @@
4
 
5
  require_once __DIR__ . '/composer/autoload_real.php';
6
 
7
- return ComposerAutoloaderInit4988d2bc9920e5f02681f8568e64dff9::getLoader();
4
 
5
  require_once __DIR__ . '/composer/autoload_real.php';
6
 
7
+ return ComposerAutoloaderInitab2d8fd779b042e8682a7be7e630b197::getLoader();
vendor/composer/autoload_real.php CHANGED
@@ -2,7 +2,7 @@
2
 
3
  // autoload_real.php @generated by Composer
4
 
5
- class ComposerAutoloaderInit4988d2bc9920e5f02681f8568e64dff9
6
  {
7
  private static $loader;
8
 
@@ -24,15 +24,15 @@ class ComposerAutoloaderInit4988d2bc9920e5f02681f8568e64dff9
24
 
25
  require __DIR__ . '/platform_check.php';
26
 
27
- spl_autoload_register(array('ComposerAutoloaderInit4988d2bc9920e5f02681f8568e64dff9', 'loadClassLoader'), true, true);
28
  self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
29
- spl_autoload_unregister(array('ComposerAutoloaderInit4988d2bc9920e5f02681f8568e64dff9', 'loadClassLoader'));
30
 
31
  $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
32
  if ($useStaticLoader) {
33
  require __DIR__ . '/autoload_static.php';
34
 
35
- call_user_func(\Composer\Autoload\ComposerStaticInit4988d2bc9920e5f02681f8568e64dff9::getInitializer($loader));
36
  } else {
37
  $map = require __DIR__ . '/autoload_namespaces.php';
38
  foreach ($map as $namespace => $path) {
@@ -53,12 +53,12 @@ class ComposerAutoloaderInit4988d2bc9920e5f02681f8568e64dff9
53
  $loader->register(true);
54
 
55
  if ($useStaticLoader) {
56
- $includeFiles = Composer\Autoload\ComposerStaticInit4988d2bc9920e5f02681f8568e64dff9::$files;
57
  } else {
58
  $includeFiles = require __DIR__ . '/autoload_files.php';
59
  }
60
  foreach ($includeFiles as $fileIdentifier => $file) {
61
- composerRequire4988d2bc9920e5f02681f8568e64dff9($fileIdentifier, $file);
62
  }
63
 
64
  return $loader;
@@ -70,7 +70,7 @@ class ComposerAutoloaderInit4988d2bc9920e5f02681f8568e64dff9
70
  * @param string $file
71
  * @return void
72
  */
73
- function composerRequire4988d2bc9920e5f02681f8568e64dff9($fileIdentifier, $file)
74
  {
75
  if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
76
  $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
2
 
3
  // autoload_real.php @generated by Composer
4
 
5
+ class ComposerAutoloaderInitab2d8fd779b042e8682a7be7e630b197
6
  {
7
  private static $loader;
8
 
24
 
25
  require __DIR__ . '/platform_check.php';
26
 
27
+ spl_autoload_register(array('ComposerAutoloaderInitab2d8fd779b042e8682a7be7e630b197', 'loadClassLoader'), true, true);
28
  self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
29
+ spl_autoload_unregister(array('ComposerAutoloaderInitab2d8fd779b042e8682a7be7e630b197', 'loadClassLoader'));
30
 
31
  $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
32
  if ($useStaticLoader) {
33
  require __DIR__ . '/autoload_static.php';
34
 
35
+ call_user_func(\Composer\Autoload\ComposerStaticInitab2d8fd779b042e8682a7be7e630b197::getInitializer($loader));
36
  } else {
37
  $map = require __DIR__ . '/autoload_namespaces.php';
38
  foreach ($map as $namespace => $path) {
53
  $loader->register(true);
54
 
55
  if ($useStaticLoader) {
56
+ $includeFiles = Composer\Autoload\ComposerStaticInitab2d8fd779b042e8682a7be7e630b197::$files;
57
  } else {
58
  $includeFiles = require __DIR__ . '/autoload_files.php';
59
  }
60
  foreach ($includeFiles as $fileIdentifier => $file) {
61
+ composerRequireab2d8fd779b042e8682a7be7e630b197($fileIdentifier, $file);
62
  }
63
 
64
  return $loader;
70
  * @param string $file
71
  * @return void
72
  */
73
+ function composerRequireab2d8fd779b042e8682a7be7e630b197($fileIdentifier, $file)
74
  {
75
  if (empty($GLOBALS['__composer_autoload_files'][$fileIdentifier])) {
76
  $GLOBALS['__composer_autoload_files'][$fileIdentifier] = true;
vendor/composer/autoload_static.php CHANGED
@@ -4,7 +4,7 @@
4
 
5
  namespace Composer\Autoload;
6
 
7
- class ComposerStaticInit4988d2bc9920e5f02681f8568e64dff9
8
  {
9
  public static $files = array (
10
  'b45b351e6b6f7487d819961fef2fda77' => __DIR__ . '/..' . '/jakeasmith/http_build_url/src/http_build_url.php',
@@ -250,9 +250,9 @@ class ComposerStaticInit4988d2bc9920e5f02681f8568e64dff9
250
  public static function getInitializer(ClassLoader $loader)
251
  {
252
  return \Closure::bind(function () use ($loader) {
253
- $loader->prefixLengthsPsr4 = ComposerStaticInit4988d2bc9920e5f02681f8568e64dff9::$prefixLengthsPsr4;
254
- $loader->prefixDirsPsr4 = ComposerStaticInit4988d2bc9920e5f02681f8568e64dff9::$prefixDirsPsr4;
255
- $loader->classMap = ComposerStaticInit4988d2bc9920e5f02681f8568e64dff9::$classMap;
256
 
257
  }, null, ClassLoader::class);
258
  }
4
 
5
  namespace Composer\Autoload;
6
 
7
+ class ComposerStaticInitab2d8fd779b042e8682a7be7e630b197
8
  {
9
  public static $files = array (
10
  'b45b351e6b6f7487d819961fef2fda77' => __DIR__ . '/..' . '/jakeasmith/http_build_url/src/http_build_url.php',
250
  public static function getInitializer(ClassLoader $loader)
251
  {
252
  return \Closure::bind(function () use ($loader) {
253
+ $loader->prefixLengthsPsr4 = ComposerStaticInitab2d8fd779b042e8682a7be7e630b197::$prefixLengthsPsr4;
254
+ $loader->prefixDirsPsr4 = ComposerStaticInitab2d8fd779b042e8682a7be7e630b197::$prefixDirsPsr4;
255
+ $loader->classMap = ComposerStaticInitab2d8fd779b042e8682a7be7e630b197::$classMap;
256
 
257
  }, null, ClassLoader::class);
258
  }