Ecwid Ecommerce Shopping Cart

Version Description

Dec 07, 2021 =
Improvements in the plugin code to comply with the WordPress plugin marketplace recommendations.
Twenty Twenty theme improved compatibility. Even though Ecwid is compatible with every WordPress theme by design, some slight fixes and improvements are sometimes needed to make storefront look better. Thats why we are always monitoring how Ecwid pages look and behave in WordPress ecommerce themes. Minor fixes and improvements.

Release Info

Developer	Ecwid
Plugin	Ecwid Ecommerce Shopping Cart
Version	6.10.16
Comparing to
See all releases

Code changes from version 6.10.15 to 6.10.16

Files changed (52) hide show

css/popup-deactivate.css +7 -0
css/popup.css +3 -0
ecwid-shopping-cart.php +59 -32
includes/class-ecwid-admin-main-page.php +5 -5
includes/class-ecwid-admin-storefront-page.php +17 -5
includes/class-ecwid-admin-ui-framework.php +7 -2
includes/class-ecwid-admin.php +8 -3
includes/class-ecwid-ajax-defer-renderer.php +1 -1
includes/class-ecwid-custom-admin-page.php +1 -1
includes/class-ecwid-help-page.php +4 -3
includes/class-ecwid-html-meta.php +3 -3
includes/class-ecwid-message-manager.php +30 -9
includes/class-ecwid-oauth.php +5 -5
includes/class-ecwid-popup-deactivate.php +13 -2
includes/class-ecwid-product-popup.php +6 -4
includes/class-ecwid-seo-links.php +5 -3
includes/class-ecwid-static-page.php +6 -4
includes/class-ecwid-store-editor.php +1 -1
includes/class-ecwid-wp-dashboard-feed.php +9 -1
includes/faq_entries.php +1 -1
includes/gutenberg/class-ecwid-gutenberg-block-store.php +6 -2
includes/gutenberg/class-ecwid-gutenberg.php +1 -1
includes/importer/class-ecwid-import-page.php +4 -3
includes/importer/class-ecwid-importer.php +6 -2
includes/importer/task/class-ecwid-importer-task-product-base.php +1 -1
includes/integrations/class-ecwid-integration-elementor.php +10 -1
includes/integrations/class-ecwid-integration-gutenberg.php +6 -3
includes/integrations/class-ecwid-integration-wpbakery-composer.php +1 -1
includes/integrations/class-ecwid-integration-wpseo.php +3 -1
includes/integrations/elementor/class-ec-elementor-widget-buynow.php +1 -1
includes/kliken.php +3 -1
includes/themes.php +1 -1
includes/themes/class-ecwid-theme-boundless.php +1 -1
includes/themes/class-ecwid-theme-envision.php +1 -2
includes/widgets/class-ecwid-widget-recently-viewed.php +4 -3
js/admin-menu.js +2 -1
js/admin.js +1 -1
js/dashboard-blog.js +2 -1
js/popup-deactivate.js +0 -15
lib/ecwid_api_v3.php +4 -4
lib/ecwid_catalog.php +1 -1
lib/ecwid_catalog_entry.php +1 -1
lib/ecwid_platform.php +4 -8
readme.txt +7 -2
templates/admin/simple-dashboard.php +1 -1
templates/admin/storefront/area-status.php +1 -1
templates/advanced-settings.php +1 -1
templates/cache_log.php +4 -1
templates/help.php +3 -3
templates/popup/deactivate.php +12 -5
templates/popup/popup.php +1 -1
templates/store-popup.php +1 -1

css/popup-deactivate.css CHANGED Viewed

	@@ -6,6 +6,7 @@
6
7	.reasons-list-item .message textarea {
8	width: 100%;

9	}
10
11	.reasons-list-item.selected .message {
	@@ -25,4 +26,10 @@
25	margin-left: -298px;
26	top: 10%;
27	width: 596px;






28	}


6
7	.reasons-list-item .message textarea {
8	width: 100%;
9	+ font-size: 1em;
10	}
11
12	.reasons-list-item.selected .message {

26	margin-left: -298px;
27	top: 10%;
28	width: 596px;
29	+ }
30	+
31	+ .ecwid-popup-deactivate .ec-deactivate-notice {
32	+ font-size: 12px;
33	+ color: #7d8d9e;
34	+ margin: 4px 0 16px;
35	}

css/popup.css CHANGED Viewed

	@@ -46,8 +46,11 @@ body.ecwid-popup-open {
46
47	.ecwid-popup-body {
48	padding: 20px;

49	}
50
51	.ecwid-popup-body h3 {
52	margin: 0px;


53	}


46
47	.ecwid-popup-body {
48	padding: 20px;
49	+ font-size: 14px;
50	}
51
52	.ecwid-popup-body h3 {
53	margin: 0px;
54	+ font-size: 16px;
55	+ font-weight: 500;
56	}

ecwid-shopping-cart.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: http://www.ecwid.com?partner=wporg
5	Description: Ecwid is a free full-featured shopping cart. It can be easily integrated with any Wordpress blog and takes less than 5 minutes to set up.
6	Text Domain: ecwid-shopping-cart
7	Author: Ecwid Ecommerce
8	- Version: 6.10.15
9	Author URI: https://ecwid.to/ecwid-site
10	License: GPLv2 or later
11	*/
	@@ -320,7 +320,9 @@ function ecwid_redirect_canonical($redirect_url, $requested_url) {
320
321	function ecwid_ie8_fonts_inclusion()
322	{
323	- if (~~strpos(~~$_SERVER['HTTP_USER_AGENT'], ~~'MSIE~~ 8') ~~===~~ ~~false) return~~;


324
325	$url = ECWID_PLUGIN_URL . 'fonts/ecwid-logo.eot';
326	echo <<<HTML
	@@ -548,7 +550,7 @@ function ecwid_404_on_broken_escaped_fragment() {
548	$params = array();
549
550	if (isset($_GET['_escaped_fragment_'])) {
551	- $params = ecwid_parse_escaped_fragment(~~$_GET['_escaped_fragment_']~~);
552	} elseif (Ecwid_Seo_Links::is_product_browser_url()) {
553	$params = Ecwid_Seo_Links::maybe_extract_html_catalog_params();
554	}
	@@ -960,7 +962,7 @@ function ecwid_admin_check_api_cache()
960	{
961	$is_ajax_check_api_cache = isset( $_GET['action'] ) && $_GET['action'] == 'check_api_cache';
962	$is_doing_ajax = defined( 'DOING_AJAX' ) && DOING_AJAX;
963	- $is_get_request = @$_SERVER['REQUEST_METHOD'] != 'GET';
964
965	if ( !$is_ajax_check_api_cache && ( $is_doing_ajax \|\| $is_get_request ) ) return;
966
	@@ -1202,7 +1204,7 @@ function ecwid_is_applicable_escaped_fragment() {
1202
1203	if (!isset($_GET['_escaped_fragment_'])) return false;
1204
1205	- $params = ecwid_parse_escaped_fragment(~~$_GET['_escaped_fragment_']~~);
1206
1207	if (!$params) return false;
1208
	@@ -1230,7 +1232,9 @@ function ecwid_ajax_hide_message($params)
1230	return;
1231	}
1232
1233	- if (~~Ecwid_Message_Manager::disable_message~~($_GET['message'])) {


1234	wp_send_json(array('status' => 'success'));
1235	}
1236	}
	@@ -1311,7 +1315,7 @@ function ecwid_oembed_url( $url, $permalink, $format ) {
1311	}
1312
1313	$url = add_query_arg( array(
1314	- 'url' => ~~urlencode~~( $permalink ),
1315	'format' => ( 'json' !== $format ) ? $format : false,
1316	), $url );
1317
	@@ -1552,9 +1556,13 @@ function ecwid_shortcode($attributes)
1552	return $result;
1553	}
1554
1555	- function ecwid_parse_escaped_fragment($escaped_fragment) {
1556	static $parsed = array();
1557




1558	if (empty($parsed[$escaped_fragment])) {
1559
1560	$fragment = urldecode( $escaped_fragment );
	@@ -1580,7 +1588,11 @@ function ecwid_parse_escaped_fragment($escaped_fragment) {
1580	}
1581
1582	function ecwid_ajax_get_product_info() {
1583	- ~~$id~~ ~~= sanitize_text_field~~( $_GET['id'] );




1584
1585	$product = Ecwid_Product::get_by_id($id);
1586
	@@ -1704,7 +1716,10 @@ EOT;
1704	add_action( 'activated_plugin', 'ecwid_plugin_activation_redirect' );
1705	function ecwid_plugin_activation_redirect( $plugin ) {
1706
1707	- $~~is_bulk_activation~~ = isset($_POST['~~action~~'])



1708	&& $_POST['action'] == 'activate-selected'
1709	&& isset($_POST['checked'])
1710	&& count($_POST['checked']) > 1;
	@@ -1943,13 +1958,11 @@ function ecwid_update_plugin_params()
1943	{
1944	if ( !current_user_can('administrator') ) {
1945	header('403 Access Denied');
1946	-
1947	die();
1948	}
1949
1950	- if ( !wp_verify_nonce(@$_POST['nonce'], ecwid_get_update_params_action() ) ) {
1951	header('403 Access Denied');
1952	-
1953	die();
1954	}
1955
	@@ -1958,10 +1971,14 @@ function ecwid_update_plugin_params()
1958	$options4update = array();
1959
1960	foreach ( $options as $key => $option ) {




1961	if ( isset($option['type']) && $option['type'] == 'html' ) {
1962	- $options4update[$key] = ~~html_entity_decode~~( @$_POST['option'][$key] );
1963	} else {
1964	- $options4update[$key] = sanitize_text_field(@$_POST['option'][$key]);
1965	}
1966
1967	if( $key == 'ecwid_store_id' ) {
	@@ -2030,7 +2047,9 @@ function ecwid_register_admin_styles($hook_suffix) {
2030	wp_enqueue_style('ecwid-fonts-css', ECWID_PLUGIN_URL . 'css/fonts.css', array(), get_option('ecwid_plugin_version'));
2031	wp_enqueue_style('ecwid-opensans', 'https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,300', array(), get_option('ecwid_plugin_version'));
2032
2033	- if (isset($_GET['page']) && ~~strpos~~($_GET['page'], '~~ec-store~~'~~) === 0) {~~


2034
2035	$is_reconnect = isset($_GET['page']) && $_GET['page'] == Ecwid_Admin::ADMIN_SLUG && isset($_GET['reconnect']);
2036	$is_connection_error = Ecwid_Admin_Main_Page::is_connection_error();
	@@ -2080,7 +2099,8 @@ function ecwid_plugin_actions($links) {
2080
2081	function ecwid_settings_api_init() {
2082
2083	- if ( isset( $_POST['settings_section'] ) ) {

2084	switch ( $_POST['settings_section'] ) {
2085	case 'general':
2086	register_setting( 'ecwid_options_page', 'ecwid_store_id', 'ecwid_abs_intval' );
	@@ -2102,14 +2122,14 @@ function ecwid_settings_api_init() {
2102	Ecwid_Products::disable();
2103	}
2104
2105	- if ($_POST['settings_section'] == 'advanced' && ~~!@$~~_POST['ecwid_is_sso_enabled']) {
2106	update_option('ecwid_sso_secret_key', '');
2107	}
2108	}
2109
2110	- if ( isset( $_POST['ecwid_store_id'] ) ) {
2111
2112	- $new_store_id = sanitize_text_field($_POST['ecwid_store_id']);
2113
2114	ecwid_update_store_id( $new_store_id );
2115	update_option('ecwid_last_oauth_fail_time', 0);
	@@ -2297,7 +2317,7 @@ function ecwid_get_admin_sso_url( $time, $page = '' ) {
2297	Ecwid_Api_V3::get_token(),
2298	$time,
2299	hash( 'sha256', get_ecwid_store_id() . Ecwid_Api_V3::get_token() . $time . Ecwid_Config::get_oauth_appsecret() ),
2300	- ~~urlencode~~( $page ),
2301	substr( $lang, 0, 2 )
2302	);
2303	}
	@@ -2315,7 +2335,7 @@ function ecwid_get_iframe_src($time, $page)
2315	$url .= '&hide_staff_accounts_header_menu=true';
2316	$url .= '&hide_header=true';
2317	$url .= '&set_dashboard_website_section_type=wordpress';
2318	- $url .= '&website_manage_url=' . ~~urlencode~~( admin_url( 'admin.php?page=ec-storefront-settings' ) );
2319
2320	return $url;
2321	} else {
	@@ -2355,7 +2375,8 @@ function ecwid_help_do_page() {
2355
2356	function ecwid_process_oauth_params() {
2357
2358	- if (~~strtoupper(~~$_SERVER['REQUEST_METHOD']) != ~~'GET' \|\| !isset~~($~~_GET~~['~~page~~'])) {

2359	return false;
2360	}
2361
	@@ -2378,13 +2399,13 @@ function ecwid_process_oauth_params() {
2378	$ecwid_oauth->update_state( array(
2379	'mode' => 'reconnect',
2380	// explicitly set to empty array if not available to reset current state
2381	- 'scope' => isset($_GET['scope']) ? $_GET['scope'] : array(),
2382	// explicitly set to empty string if not available to reset current state
2383	- 'return_url' => isset($_GET['return-url']) ? $_GET['return-url'] : '',
2384	- 'reason' => isset($_GET['reason']) ? $_GET['reason'] : ''
2385	));
2386
2387	- if ( @$_GET['do_reconnect'] ) {
2388	wp_redirect( $ecwid_oauth->get_auth_dialog_url() );
2389	}
2390	}
	@@ -2398,14 +2419,18 @@ function ecwid_admin_post_connect()
2398	return;
2399	}
2400
2401	- if (isset($_GET['force_store_id'])) {
2402	- ~~$force_store_id = sanitize_text_field($_GET['force_store_id']);~~


2403	update_option('ecwid_store_id', $force_store_id);
2404	update_option('ecwid_api_check_retry_after', 0);
2405	update_option('ecwid_last_oauth_fail_time', 1);

2406	wp_safe_redirect( Ecwid_Admin::get_dashboard_url() );
2407	exit();
2408	}

2409	global $ecwid_oauth;
2410
2411	if (ecwid_test_oauth(true)) {
	@@ -2715,11 +2740,13 @@ function ecwid_sync_products_no_sse() {
2715
2716	$p->set_sync_progress_callback('ecwid_slow_sync_progress');
2717


2718	$over = $p->sync(array(
2719	- 'mode' => $~~_GET['~~mode~~'] == 'deleted' ? 'deleted' : 'updated'~~,
2720	- 'offset' => intval($_GET['offset']),
2721	'one_at_a_time' => true,
2722	- 'from' => $_GET['time']
2723	));
2724
2725	global $ecwid_sync_status;


5	Description: Ecwid is a free full-featured shopping cart. It can be easily integrated with any Wordpress blog and takes less than 5 minutes to set up.
6	Text Domain: ecwid-shopping-cart
7	Author: Ecwid Ecommerce
8	+ Version: 6.10.16
9	Author URI: https://ecwid.to/ecwid-site
10	License: GPLv2 or later
11	*/

320
321	function ecwid_ie8_fonts_inclusion()
322	{
323	+ $user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_USER_AGENT'])) : '';
324	+
325	+ if (strpos($user_agent, 'MSIE 8') === false) return;
326
327	$url = ECWID_PLUGIN_URL . 'fonts/ecwid-logo.eot';
328	echo <<<HTML

550	$params = array();
551
552	if (isset($_GET['_escaped_fragment_'])) {
553	+ $params = ecwid_parse_escaped_fragment();
554	} elseif (Ecwid_Seo_Links::is_product_browser_url()) {
555	$params = Ecwid_Seo_Links::maybe_extract_html_catalog_params();
556	}

962	{
963	$is_ajax_check_api_cache = isset( $_GET['action'] ) && $_GET['action'] == 'check_api_cache';
964	$is_doing_ajax = defined( 'DOING_AJAX' ) && DOING_AJAX;
965	+ $is_get_request = isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] != 'GET';
966
967	if ( !$is_ajax_check_api_cache && ( $is_doing_ajax \|\| $is_get_request ) ) return;
968

1204
1205	if (!isset($_GET['_escaped_fragment_'])) return false;
1206
1207	+ $params = ecwid_parse_escaped_fragment();
1208
1209	if (!$params) return false;
1210

1232	return;
1233	}
1234
1235	+ $message = isset($_GET['message']) ? sanitize_text_field(wp_unslash($_GET['message'])) : '';
1236	+
1237	+ if (Ecwid_Message_Manager::disable_message($message)) {
1238	wp_send_json(array('status' => 'success'));
1239	}
1240	}

1315	}
1316
1317	$url = add_query_arg( array(
1318	+ 'url' => rawurlencode( $permalink ),
1319	'format' => ( 'json' !== $format ) ? $format : false,
1320	), $url );
1321

1556	return $result;
1557	}
1558
1559	+ function ecwid_parse_escaped_fragment($escaped_fragment = false) {
1560	static $parsed = array();
1561
1562	+ if( !$escaped_fragment && isset($_GET['_escaped_fragment_']) ) {
1563	+ $escaped_fragment = sanitize_text_field(wp_unslash($_GET['_escaped_fragment_']));
1564	+ }
1565	+
1566	if (empty($parsed[$escaped_fragment])) {
1567
1568	$fragment = urldecode( $escaped_fragment );

1588	}
1589
1590	function ecwid_ajax_get_product_info() {
1591	+ if( !isset($_GET['id']) ) {
1592	+ return;
1593	+ }
1594	+
1595	+ $id = intval($_GET['id']);
1596
1597	$product = Ecwid_Product::get_by_id($id);
1598

1716	add_action( 'activated_plugin', 'ecwid_plugin_activation_redirect' );
1717	function ecwid_plugin_activation_redirect( $plugin ) {
1718
1719	+ $is_nonce_set = isset($_POST['_wpnonce']) && wp_verify_nonce( $_POST['_wpnonce'], 'bulk-plugins' );
1720	+
1721	+ $is_bulk_activation = $is_nonce_set
1722	+ && isset($_POST['action'])
1723	&& $_POST['action'] == 'activate-selected'
1724	&& isset($_POST['checked'])
1725	&& count($_POST['checked']) > 1;

1958	{
1959	if ( !current_user_can('administrator') ) {
1960	header('403 Access Denied');

1961	die();
1962	}
1963
1964	+ if ( isset($_POST['wp-nonce']) && !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['wp-nonce'])), ecwid_get_update_params_action()) ) {
1965	header('403 Access Denied');

1966	die();
1967	}
1968

1971	$options4update = array();
1972
1973	foreach ( $options as $key => $option ) {
1974	+ if( !isset($_POST['option'][$key]) ) {
1975	+ continue;
1976	+ }
1977	+
1978	if ( isset($option['type']) && $option['type'] == 'html' ) {
1979	+ $options4update[$key] = sanitize_textarea_field(wp_unslash( $_POST['option'][$key] ));
1980	} else {
1981	+ $options4update[$key] = sanitize_text_field(wp_unslash( $_POST['option'][$key] ));
1982	}
1983
1984	if( $key == 'ecwid_store_id' ) {

2047	wp_enqueue_style('ecwid-fonts-css', ECWID_PLUGIN_URL . 'css/fonts.css', array(), get_option('ecwid_plugin_version'));
2048	wp_enqueue_style('ecwid-opensans', 'https://fonts.googleapis.com/css?family=Open+Sans:400,600,700,300', array(), get_option('ecwid_plugin_version'));
2049
2050	+ $page = isset($_GET['page']) ? sanitize_text_field(wp_unslash($_GET['page'])) : '';
2051	+
2052	+ if (strpos($page, 'ec-store') === 0) {
2053
2054	$is_reconnect = isset($_GET['page']) && $_GET['page'] == Ecwid_Admin::ADMIN_SLUG && isset($_GET['reconnect']);
2055	$is_connection_error = Ecwid_Admin_Main_Page::is_connection_error();

2099
2100	function ecwid_settings_api_init() {
2101
2102	+ if ( isset( $_POST['settings_section'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'ecwid_options_page-options' ) ) {
2103	+
2104	switch ( $_POST['settings_section'] ) {
2105	case 'general':
2106	register_setting( 'ecwid_options_page', 'ecwid_store_id', 'ecwid_abs_intval' );

2122	Ecwid_Products::disable();
2123	}
2124
2125	+ if ($_POST['settings_section'] == 'advanced' && empty($_POST['ecwid_is_sso_enabled'])) {
2126	update_option('ecwid_sso_secret_key', '');
2127	}
2128	}
2129
2130	+ if ( isset( $_POST['ecwid_store_id'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'ecwid_options_page-options' ) ) {
2131
2132	+ $new_store_id = sanitize_text_field(wp_unslash($_POST['ecwid_store_id']));
2133
2134	ecwid_update_store_id( $new_store_id );
2135	update_option('ecwid_last_oauth_fail_time', 0);

2317	Ecwid_Api_V3::get_token(),
2318	$time,
2319	hash( 'sha256', get_ecwid_store_id() . Ecwid_Api_V3::get_token() . $time . Ecwid_Config::get_oauth_appsecret() ),
2320	+ rawurlencode( $page ),
2321	substr( $lang, 0, 2 )
2322	);
2323	}

2335	$url .= '&hide_staff_accounts_header_menu=true';
2336	$url .= '&hide_header=true';
2337	$url .= '&set_dashboard_website_section_type=wordpress';
2338	+ $url .= '&website_manage_url=' . rawurlencode( admin_url( 'admin.php?page=ec-storefront-settings' ) );
2339
2340	return $url;
2341	} else {

2375
2376	function ecwid_process_oauth_params() {
2377
2378	+ $is_get_request = isset($_SERVER['REQUEST_METHOD']) && strtoupper(sanitize_text_field(wp_unslash($_SERVER['REQUEST_METHOD']))) == 'GET';
2379	+ if (!$is_get_request \|\| !isset($_GET['page'])) {
2380	return false;
2381	}
2382

2399	$ecwid_oauth->update_state( array(
2400	'mode' => 'reconnect',
2401	// explicitly set to empty array if not available to reset current state
2402	+ 'scope' => isset($_GET['scope']) ? sanitize_text_field(wp_unslash($_GET['scope'])) : array(),
2403	// explicitly set to empty string if not available to reset current state
2404	+ 'return_url' => isset($_GET['return-url']) ? sanitize_text_field(wp_unslash($_GET['return-url'])) : '',
2405	+ 'reason' => isset($_GET['reason']) ? sanitize_text_field(wp_unslash($_GET['reason'])) : ''
2406	));
2407
2408	+ if ( isset($_GET['do_reconnect']) ) {
2409	wp_redirect( $ecwid_oauth->get_auth_dialog_url() );
2410	}
2411	}

2419	return;
2420	}
2421
2422	+ if ( isset($_GET['force_store_id']) && wp_verify_nonce($_GET['_wpnonce'], 'ec_admin') ) {
2423	+
2424	+ $force_store_id = sanitize_text_field(wp_unslash($_GET['force_store_id']));
2425	+
2426	update_option('ecwid_store_id', $force_store_id);
2427	update_option('ecwid_api_check_retry_after', 0);
2428	update_option('ecwid_last_oauth_fail_time', 1);
2429	+
2430	wp_safe_redirect( Ecwid_Admin::get_dashboard_url() );
2431	exit();
2432	}
2433	+
2434	global $ecwid_oauth;
2435
2436	if (ecwid_test_oauth(true)) {

2740
2741	$p->set_sync_progress_callback('ecwid_slow_sync_progress');
2742
2743	+ $mode = (isset($_GET['mode']) && $_GET['mode'] == 'deleted') ? 'deleted' : 'updated';
2744	+
2745	$over = $p->sync(array(
2746	+ 'mode' => $mode,
2747	+ 'offset' => isset($_GET['offset']) ? intval($_GET['offset']) : 0,
2748	'one_at_a_time' => true,
2749	+ 'from' => isset($_GET['time']) ? sanitize_text_field(wp_unslash($_GET['time'])) : ''
2750	));
2751
2752	global $ecwid_sync_status;

includes/class-ecwid-admin-main-page.php CHANGED Viewed

	@@ -104,12 +104,12 @@ class Ecwid_Admin_Main_Page
104	die();
105	}
106
107	- if (isset($_GET['ec-page']) ~~&& $_GET['ec-page']~~) {
108	- $page = sanitize_text_field( $_GET['ec-page'] );
109	}
110
111	- if (isset($_GET['ec-store-page']) ~~&& $_GET['ec-store-page']~~) {
112	- $page = sanitize_text_field( $_GET['ec-store-page'] );
113	}
114
115	if ( $page == self::PAGE_HASH_DASHBOARD \|\| $page == self::PAGE_HASH_COMPLETE_REGISTRATION ) {
	@@ -244,7 +244,7 @@ class Ecwid_Admin_Main_Page
244	protected function _is_oauth_error()
245	{
246	$connection_error = isset( $_GET['connection_error'] );
247	- $no_oauth = @$_GET['oauth'] == 'no';
248
249	return isset( $connection_error ) && $no_oauth;
250	}


104	die();
105	}
106
107	+ if ( isset($_GET['ec-page']) ) {
108	+ $page = sanitize_text_field(wp_unslash( $_GET['ec-page'] ));
109	}
110
111	+ if ( isset($_GET['ec-store-page']) ) {
112	+ $page = sanitize_text_field(wp_unslash( $_GET['ec-store-page'] ));
113	}
114
115	if ( $page == self::PAGE_HASH_DASHBOARD \|\| $page == self::PAGE_HASH_COMPLETE_REGISTRATION ) {

244	protected function _is_oauth_error()
245	{
246	$connection_error = isset( $_GET['connection_error'] );
247	+ $no_oauth = isset($_GET['oauth']) && $_GET['oauth'] == 'no';
248
249	return isset( $connection_error ) && $no_oauth;
250	}

includes/class-ecwid-admin-storefront-page.php CHANGED Viewed

	@@ -56,7 +56,7 @@ class Ecwid_Admin_Storefront_Page
56
57	if( class_exists( 'Ecwid_Floating_Minicart' ) ) {
58	$minicart_hide = get_option( Ecwid_Floating_Minicart::OPTION_WIDGET_DISPLAY ) == Ecwid_Floating_Minicart::DISPLAY_NONE;
59	- $customizer_minicart_link = admin_url('customize.php') . '?autofocus[section]=ec-store-minicart&url=' . ~~urlencode~~($page_link);
60	}
61
62	if ( count ( Ecwid_Store_Page::get_store_pages_array_for_selector() ) > 1 ) {
	@@ -147,7 +147,7 @@ class Ecwid_Admin_Storefront_Page
147	}
148
149	public function ajax_set_store_on_front() {
150	- $status = intval( $_GET['status'] );
151
152	$store_page_id = get_option( Ecwid_Store_Page::OPTION_MAIN_STORE_PAGE_ID );
153
	@@ -174,6 +174,10 @@ class Ecwid_Admin_Storefront_Page
174	}
175
176	public function ajax_set_mainpage() {




177	$page_id = intval( $_GET['page'] );
178
179	if( !Ecwid_Store_Page::is_store_page( $page_id ) ) {
	@@ -199,7 +203,7 @@ class Ecwid_Admin_Storefront_Page
199	}
200
201	public function ajax_set_display_cart_icon() {
202	- $status = intval( $_GET['status'] );
203
204	if( $status ) {
205	update_option( Ecwid_Floating_Minicart::OPTION_WIDGET_DISPLAY, Ecwid_Floating_Minicart::DISPLAY_ALL );
	@@ -212,7 +216,11 @@ class Ecwid_Admin_Storefront_Page
212	}
213
214	public function ajax_set_page_slug() {
215	- ~~$slug~~ ~~= sanitize_title~~( $_GET['slug'] );




216
217	$args = array(
218	'name' => $slug,
	@@ -248,7 +256,11 @@ class Ecwid_Admin_Storefront_Page
248	}
249
250	public function ajax_create_page() {
251	- ~~$type~~ ~~= sanitize_title~~( $_GET['type'] );




252
253	if( isset($_GET['item_id']) ) {
254	$item_id = intval( $_GET['item_id'] );


56
57	if( class_exists( 'Ecwid_Floating_Minicart' ) ) {
58	$minicart_hide = get_option( Ecwid_Floating_Minicart::OPTION_WIDGET_DISPLAY ) == Ecwid_Floating_Minicart::DISPLAY_NONE;
59	+ $customizer_minicart_link = admin_url('customize.php') . '?autofocus[section]=ec-store-minicart&url=' . rawurlencode($page_link);
60	}
61
62	if ( count ( Ecwid_Store_Page::get_store_pages_array_for_selector() ) > 1 ) {

147	}
148
149	public function ajax_set_store_on_front() {
150	+ $status = isset($_GET['status']) ? intval( $_GET['status'] ) : false;
151
152	$store_page_id = get_option( Ecwid_Store_Page::OPTION_MAIN_STORE_PAGE_ID );
153

174	}
175
176	public function ajax_set_mainpage() {
177	+ if( !isset($_GET['page']) ) {
178	+ return;
179	+ }
180	+
181	$page_id = intval( $_GET['page'] );
182
183	if( !Ecwid_Store_Page::is_store_page( $page_id ) ) {

203	}
204
205	public function ajax_set_display_cart_icon() {
206	+ $status = isset($_GET['status']) ? intval( $_GET['status'] ) : false;
207
208	if( $status ) {
209	update_option( Ecwid_Floating_Minicart::OPTION_WIDGET_DISPLAY, Ecwid_Floating_Minicart::DISPLAY_ALL );

216	}
217
218	public function ajax_set_page_slug() {
219	+ if( !isset( $_GET['slug'] ) ) {
220	+ return;
221	+ }
222	+
223	+ $slug = sanitize_text_field(wp_unslash( $_GET['slug'] ));
224
225	$args = array(
226	'name' => $slug,

256	}
257
258	public function ajax_create_page() {
259	+ if( !isset($_GET['type']) ) {
260	+ return;
261	+ }
262	+
263	+ $type = sanitize_text_field(wp_unslash( $_GET['type'] ));
264
265	if( isset($_GET['item_id']) ) {
266	$item_id = intval( $_GET['item_id'] );

includes/class-ecwid-admin-ui-framework.php CHANGED Viewed

	@@ -39,13 +39,18 @@ class Ecwid_Admin_UI_Framework
39
40	public function is_need_include_assets()
41	{




42	$ignore_pages = $this->get_pages_exclude_framework();

43
44	- if( ~~isset($_GET['page']) &&~~ in_array($~~_GET['~~page'], $ignore_pages) ) {
45	return false;
46	}
47
48	- if ( ~~isset($_GET['page']) &&~~ strpos($~~_GET['~~page'], 'ec-store') === 0 ) {
49	return true;
50	}
51


39
40	public function is_need_include_assets()
41	{
42	+ if( !isset($_GET['page']) ) {
43	+ return false;
44	+ }
45	+
46	$ignore_pages = $this->get_pages_exclude_framework();
47	+ $page = sanitize_text_field( wp_unslash( $_GET['page'] ) );
48
49	+ if( in_array($page, $ignore_pages) ) {
50	return false;
51	}
52
53	+ if ( strpos($page, 'ec-store') === 0 ) {
54	return true;
55	}
56

includes/class-ecwid-admin.php CHANGED Viewed

	@@ -30,7 +30,8 @@ class Ecwid_Admin {
30	'menu' => self::are_auto_menus_enabled() ? $menu : array(),
31	'baseSlug' => self::ADMIN_SLUG,
32	'enableAutoMenus' => self::are_auto_menus_enabled(),
33	- 'actionUpdateMenu' => self::AJAX_ACTION_UPDATE_MENU

34	));
35	}
36
	@@ -264,11 +265,15 @@ class Ecwid_Admin {
264	die();
265	}
266


267	if (!isset( $_POST['menu'] ) ) {
268	die();
269	}


270
271	- EcwidPlatform::set( 'admin_menu', $~~_POST['~~menu'] );
272
273	echo json_encode( $this->_get_menus() );
274	die();
	@@ -444,7 +449,7 @@ class Ecwid_Admin {
444	if ( !isset( $_GET['reconnect'] ) ) {
445	if ( get_option( 'ecwid_disable_dashboard' ) == 'on' ) {
446	return true;
447	- } elseif ( get_option( 'ecwid_disable_dashboard' ) != 'off' && @$_COOKIE[ 'ecwid_is_safari' ] == 'true' ) {
448	return true;
449	}
450	}


30	'menu' => self::are_auto_menus_enabled() ? $menu : array(),
31	'baseSlug' => self::ADMIN_SLUG,
32	'enableAutoMenus' => self::are_auto_menus_enabled(),
33	+ 'actionUpdateMenu' => self::AJAX_ACTION_UPDATE_MENU,
34	+ 'ajaxNonce' => wp_create_nonce("ec_admin")
35	));
36	}
37

265	die();
266	}
267
268	+ check_ajax_referer( 'ec_admin', '_ajax_nonce' );
269	+
270	if (!isset( $_POST['menu'] ) ) {
271	die();
272	}
273	+
274	+ $menu = map_deep( wp_unslash( $_POST['menu'] ), 'sanitize_text_field' );
275
276	+ EcwidPlatform::set( 'admin_menu', $menu );
277
278	echo json_encode( $this->_get_menus() );
279	die();

449	if ( !isset( $_GET['reconnect'] ) ) {
450	if ( get_option( 'ecwid_disable_dashboard' ) == 'on' ) {
451	return true;
452	+ } elseif ( get_option( 'ecwid_disable_dashboard' ) != 'off' && isset($_COOKIE[ 'ecwid_is_safari' ]) && $_COOKIE[ 'ecwid_is_safari' ] == 'true' ) {
453	return true;
454	}
455	}

includes/class-ecwid-ajax-defer-renderer.php CHANGED Viewed

	@@ -79,7 +79,7 @@ class Ecwid_Ajax_Defer_Renderer {
79	}
80
81	public static function is_ajax_request() {
82	- return !empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest';
83	}
84
85


79	}
80
81	public static function is_ajax_request() {
82	+ return !empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower(sanitize_text_field(wp_unslash($_SERVER['HTTP_X_REQUESTED_WITH']))) == 'xmlhttprequest';
83	}
84
85

includes/class-ecwid-custom-admin-page.php CHANGED Viewed

	@@ -108,7 +108,7 @@ HTML;
108	}
109
110	public function themes_install_ajax() {
111	- if( $_REQUEST['request']['browse'] == self::TAB_NAME ) {
112	$themes_data = array(
113	"data" => array(
114	"info" => array( "page" => 1, "pages" => 1, "results" => 0 ),


108	}
109
110	public function themes_install_ajax() {
111	+ if( isset($_REQUEST['request']['browse']) && $_REQUEST['request']['browse'] == self::TAB_NAME ) {
112	$themes_data = array(
113	"data" => array(
114	"info" => array( "page" => 1, "pages" => 1, "results" => 0 ),

includes/class-ecwid-help-page.php CHANGED Viewed

	@@ -13,7 +13,8 @@ class Ecwid_Help_Page {
13
14	die();
15	}
16	- ~~if ( !wp_verify_nonce($_POST['wp-nonce'], self::CONTACT_US_ACTION_NAME) ) {~~

17	header('403 Access Denied');
18
19	die();
	@@ -32,14 +33,14 @@ class Ecwid_Help_Page {
32	$body_lines[] = '';
33	$body_lines[] = 'Message:';
34	$body_lines[] = '';
35	- $body_lines[] = sanitize_textarea_field( $_POST['body'] );
36
37	global $current_user;
38	$reply_to = $current_user->user_email;
39
40	$result = wp_mail(
41	$to,
42	- $_POST['subject'],
43	implode(PHP_EOL, $body_lines),
44	'Reply-To:' . $reply_to
45	);


13
14	die();
15	}
16	+
17	+ if ( !isset($_POST['wp-nonce']) && !wp_verify_nonce(sanitize_text_field(wp_unslash($_POST['wp-nonce'])), self::CONTACT_US_ACTION_NAME) ) {
18	header('403 Access Denied');
19
20	die();

33	$body_lines[] = '';
34	$body_lines[] = 'Message:';
35	$body_lines[] = '';
36	+ $body_lines[] = (isset($_POST['body'])) ? sanitize_textarea_field(wp_unslash( $_POST['body'] )) : '';
37
38	global $current_user;
39	$reply_to = $current_user->user_email;
40
41	$result = wp_mail(
42	$to,
43	+ (isset($_POST['subject'])) ? sanitize_text_field(wp_unslash($_POST['subject'])) : '',
44	implode(PHP_EOL, $body_lines),
45	'Reply-To:' . $reply_to
46	);

includes/class-ecwid-html-meta.php CHANGED Viewed

	@@ -31,10 +31,10 @@ abstract class Ecwid_HTML_Meta
31	}
32
33	protected function _is_available_prefetch_tags(){
34	- $ua = @$_SERVER['HTTP_USER_AGENT'];
35
36	- $is_ie = strpos( $ua, 'MSIE' ) !== false
37	- \|\| strpos( $ua, 'Trident' ) !== false;
38
39	if ( $is_ie \|\| ( get_option( 'ecwid_hide_prefetch' ) == 'on' ) ) {
40	return false;


31	}
32
33	protected function _is_available_prefetch_tags(){
34	+ $user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_USER_AGENT'])) : '';
35
36	+ $is_ie = strpos( $user_agent, 'MSIE' ) !== false
37	+ \|\| strpos( $user_agent, 'Trident' ) !== false;
38
39	if ( $is_ie \|\| ( get_option( 'ecwid_hide_prefetch' ) == 'on' ) ) {
40	return false;

includes/class-ecwid-message-manager.php CHANGED Viewed

	@@ -11,6 +11,7 @@ class Ecwid_Message_Manager
11	$this->init_messages();
12
13	add_action( 'ecwid_connected_via_legacy_page', array( $this, 'on_connected_via_legacy_page' ) );

14	}
15
16	public static function show_messages()
	@@ -215,12 +216,16 @@ TXT
215
216	if ($name == 'on_appearance_widgets') {
217
218	- if (isset($_GET['from-ec-store']) ~~&& $_GET['from-ec-store'] == 'appearance'~~) {
219	- $~~admin_page~~ = ~~Ecwid_Admin::get_dashboard_url~~(~~) .~~ '-~~appearance~~';
220	- ~~} elseif (isset($_GET['from-ec-store']) && $_GET['from-ec-store'] == 'new') {~~
221	- $~~admin_page~~ = '~~post-new.php?post_type=page~~';
222	- } ~~elseif~~ (~~isset($_GET['from-ec-store']~~) && ~~is_numeric($_GET[~~'~~from~~-~~ec-store~~'~~])) {~~
223	- ~~$admin_page~~ = ~~'post.php?post='~~ . $~~_GET['from-ec-store']~~ . '~~&action=edit~~';




224	}
225
226	$params['secondary_url'] = $admin_page;
	@@ -267,10 +272,10 @@ TXT
267	'message' => sprintf(
268	__('Do you like your %s online store? We\'d appreciate it if you add your review and vote for the plugin on WordPress site.', 'ecwid-shopping-cart'),
269	Ecwid_Config::get_brand(),
270	- 'target="_blank" href="~~http~~://wordpress.org/support/~~view/~~plugin~~-reviews~~/ecwid-shopping-cart"'
271	),
272	'primary_title' => sprintf( __( 'Rate %s at WordPress.org', 'ecwid-shopping-cart'), Ecwid_Config::get_brand() ),
273	- 'primary_url' => '~~http~~://wordpress.org/support/~~view/~~plugin~~-reviews~~/ecwid-shopping-cart',
274	'hideable' => true
275	),
276
	@@ -375,7 +380,7 @@ HTML
375	&& $admin_page != 'ecwid_page_' . Ecwid_Admin_Storefront_Page::ADMIN_SLUG;
376
377	case 'on_storeid_set':
378	- return !ecwid_is_demo_store() && @$_GET['settings-updated'] == 'true' && $admin_page == 'toplevel_page_ec-store';
379
380	case 'on_no_storeid_on_setup_pages':
381	return $this->should_display_on_no_storeid_on_setup_pages();
	@@ -478,4 +483,20 @@ HTML
478
479	return $is_newbie && ($is_ecwid_settings \|\| $is_store_page);
480	}
















481	}


11	$this->init_messages();
12
13	add_action( 'ecwid_connected_via_legacy_page', array( $this, 'on_connected_via_legacy_page' ) );
14	+ add_filter( 'admin_footer_text', array( $this, 'admin_footer_text' ) );
15	}
16
17	public static function show_messages()

216
217	if ($name == 'on_appearance_widgets') {
218
219	+ if ( isset($_GET['from-ec-store']) ) {
220	+ $fromt_ec_store = sanitize_text_field(wp_unslash($_GET['from-ec-store']));
221	+
222	+ if( $fromt_ec_store == 'appearance') {
223	+ $admin_page = Ecwid_Admin::get_dashboard_url() . '-appearance';
224	+ } elseif ( $fromt_ec_store == 'new') {
225	+ $admin_page = 'post-new.php?post_type=page';
226	+ } elseif ( is_numeric($fromt_ec_store)) {
227	+ $admin_page = 'post.php?post=' . $fromt_ec_store . '&action=edit';
228	+ }
229	}
230
231	$params['secondary_url'] = $admin_page;

272	'message' => sprintf(
273	__('Do you like your %s online store? We\'d appreciate it if you add your review and vote for the plugin on WordPress site.', 'ecwid-shopping-cart'),
274	Ecwid_Config::get_brand(),
275	+ 'target="_blank" href="https://wordpress.org/support/plugin/ecwid-shopping-cart/reviews/?filter=5"'
276	),
277	'primary_title' => sprintf( __( 'Rate %s at WordPress.org', 'ecwid-shopping-cart'), Ecwid_Config::get_brand() ),
278	+ 'primary_url' => 'https://wordpress.org/support/plugin/ecwid-shopping-cart/reviews/?filter=5',
279	'hideable' => true
280	),
281

380	&& $admin_page != 'ecwid_page_' . Ecwid_Admin_Storefront_Page::ADMIN_SLUG;
381
382	case 'on_storeid_set':
383	+ return !ecwid_is_demo_store() && isset($_GET['settings-updated']) && $_GET['settings-updated'] == 'true' && $admin_page == 'toplevel_page_ec-store';
384
385	case 'on_no_storeid_on_setup_pages':
386	return $this->should_display_on_no_storeid_on_setup_pages();

483
484	return $is_newbie && ($is_ecwid_settings \|\| $is_store_page);
485	}
486	+
487	+ public function admin_footer_text( $footer_text ) {
488	+ if(
489	+ !Ecwid_Config::is_wl()
490	+ && ecwid_is_paid_account()
491	+ && get_current_screen()->parent_base == Ecwid_Admin::ADMIN_SLUG
492	+ ) {
493	+ $footer_text = sprintf(
494	+ __('Do you like your %s online store? We\'d appreciate it if you add a %s rating for the plugin on WordPress site.', 'ecwid-shopping-cart'),
495	+ Ecwid_Config::get_brand(),
496	+ '<a href="https://wordpress.org/support/plugin/ecwid-shopping-cart/reviews/?filter=5" target="_blank">★★★★★</a>'
497	+ );
498	+ }
499	+
500	+ return $footer_text;
501	+ }
502	}

includes/class-ecwid-oauth.php CHANGED Viewed

	@@ -79,7 +79,7 @@ class Ecwid_OAuth {
79
80	public function process_authorization()
81	{
82	- $reconnect = $_REQUEST['action'] == 'ec_oauth_reconnect';
83
84	if ( isset( $_REQUEST['error'] ) \|\| !isset( $_REQUEST['code'] ) ) {
85	if ($reconnect) {
	@@ -97,7 +97,7 @@ class Ecwid_OAuth {
97
98	$redirect_uri = $this->check_url_for_idn_format( $redirect_uri );
99
100	- $params['code'] = sanitize_text_field($_REQUEST['code']);
101	$params['client_id'] = Ecwid_Config::get_oauth_appid();
102	$params['client_secret'] = Ecwid_Config::get_oauth_appsecret();
103	$params['redirect_uri'] = $redirect_uri;
	@@ -153,7 +153,7 @@ class Ecwid_OAuth {
153	} else {
154	$url = Ecwid_Admin::get_dashboard_url();
155	}
156	- ~~wp_redirect~~( $url );
157	}
158	exit;
159	}
	@@ -295,8 +295,8 @@ class Ecwid_OAuth {
295
296	protected function _load_state() {
297	if (isset($_COOKIE['ecwid_oauth_state'])) {
298	- $~~this->state~~ = ~~@json_decode~~( $_COOKIE['ecwid_oauth_state'] );
299	-
300	}
301
302	if (!is_object($this->state)) {


79
80	public function process_authorization()
81	{
82	+ $reconnect = isset($_REQUEST['action']) && $_REQUEST['action'] == 'ec_oauth_reconnect';
83
84	if ( isset( $_REQUEST['error'] ) \|\| !isset( $_REQUEST['code'] ) ) {
85	if ($reconnect) {

97
98	$redirect_uri = $this->check_url_for_idn_format( $redirect_uri );
99
100	+ $params['code'] = sanitize_text_field(wp_unslash($_REQUEST['code']));
101	$params['client_id'] = Ecwid_Config::get_oauth_appid();
102	$params['client_secret'] = Ecwid_Config::get_oauth_appsecret();
103	$params['redirect_uri'] = $redirect_uri;

153	} else {
154	$url = Ecwid_Admin::get_dashboard_url();
155	}
156	+ wp_safe_redirect( $url );
157	}
158	exit;
159	}

295
296	protected function _load_state() {
297	if (isset($_COOKIE['ecwid_oauth_state'])) {
298	+ $cookie = sanitize_text_field(wp_unslash( $_COOKIE['ecwid_oauth_state'] ));
299	+ $this->state = @json_decode( $cookie );
300	}
301
302	if (!is_object($this->state)) {

includes/class-ecwid-popup-deactivate.php CHANGED Viewed

	@@ -35,7 +35,12 @@ class Ecwid_Popup_Deactivate extends Ecwid_Popup {
35	}
36
37	$reasons = $this->_get_reasons();
38	- ~~$reason = $reasons[$_GET['reason']];~~





39
40	if ( isset( $reason['is_disable_message'] ) ) {
41	update_option( self::OPTION_DISABLE_POPUP, true );
	@@ -44,7 +49,7 @@ class Ecwid_Popup_Deactivate extends Ecwid_Popup {
44	$body_lines[] = 'Store URL: ' . Ecwid_Store_Page::get_store_url();
45	$body_lines[] = 'Plugin installed: ' . strftime( '%d %b %Y', get_option( 'ecwid_installation_date' ) );
46	$body_lines[] = 'Plugin version: ' . get_option('ecwid_plugin_version');
47	- $body_lines[] = 'Reason:' . $reason['text'] . "\n" . ( !empty( $_GET['message'] ) ? $_GET['message'] : '[no message]' );
48
49	$api = new Ecwid_Api_V3();
50
	@@ -114,6 +119,12 @@ class Ecwid_Popup_Deactivate extends Ecwid_Popup {
114
115	protected function _render_body()
116	{






117	$reasons = $this->_get_reasons();
118	require ( ECWID_POPUP_TEMPLATES_DIR . 'deactivate.php' );
119	}


35	}
36
37	$reasons = $this->_get_reasons();
38	+
39	+ if( isset($_GET['reason']) ) {
40	+ $reason = $reasons[ sanitize_text_field(wp_unslash($_GET['reason'])) ];
41	+ } else {
42	+ $reason = end($reasons);
43	+ }
44
45	if ( isset( $reason['is_disable_message'] ) ) {
46	update_option( self::OPTION_DISABLE_POPUP, true );

49	$body_lines[] = 'Store URL: ' . Ecwid_Store_Page::get_store_url();
50	$body_lines[] = 'Plugin installed: ' . strftime( '%d %b %Y', get_option( 'ecwid_installation_date' ) );
51	$body_lines[] = 'Plugin version: ' . get_option('ecwid_plugin_version');
52	+ $body_lines[] = 'Reason:' . $reason['text'] . "\n" . ( !empty( $_GET['message'] ) ? sanitize_text_field(wp_unslash($_GET['message'])) : '[no message]' );
53
54	$api = new Ecwid_Api_V3();
55

119
120	protected function _render_body()
121	{
122	+ if( ecwid_is_paid_account() ) {
123	+ $support_link = Ecwid_Config::get_contact_us_url();
124	+ } else {
125	+ $support_link = 'https://wordpress.org/support/plugin/ecwid-shopping-cart/#new-topic-0';
126	+ }
127	+
128	$reasons = $this->_get_reasons();
129	require ( ECWID_POPUP_TEMPLATES_DIR . 'deactivate.php' );
130	}

includes/class-ecwid-product-popup.php CHANGED Viewed

	@@ -41,7 +41,7 @@ class Ecwid_Product_Popup {
41	}
42
43
44	- if ( is_plugin_active( 'elementor/elementor.php' ) && @$_GET['action'] == 'elementor' ) {
45	return;
46	}
47
	@@ -57,7 +57,9 @@ class Ecwid_Product_Popup {
57	return;
58	}
59
60	- ~~EcwidPlatform::set~~('~~spw_display_params~~', $_REQUEST['params']);


61	}
62
63	public function search_products() {
	@@ -71,7 +73,7 @@ class Ecwid_Product_Popup {
71
72	foreach ( $allowed as $name ) {
73	if ( array_key_exists( $name, $_REQUEST ) ) {
74	- $params[$name] = sanitize_text_field( $_REQUEST[$name] );
75	}
76	}
77
	@@ -79,7 +81,7 @@ class Ecwid_Product_Popup {
79	$params['offset'] = 0;
80
81	if ( array_key_exists( 'page', $_REQUEST ) ) {
82	- $params['offset'] = $params['limit'] * ( $_REQUEST['page'] - 1 );
83	}
84
85


41	}
42
43
44	+ if ( is_plugin_active( 'elementor/elementor.php' ) && isset($_GET['action']) && $_GET['action'] == 'elementor' ) {
45	return;
46	}
47

57	return;
58	}
59
60	+ $params = isset($_REQUEST['params']) ? map_deep( wp_unslash( $_REQUEST['params'] ), 'sanitize_text_field' ) : array();
61	+
62	+ EcwidPlatform::set('spw_display_params', $params);
63	}
64
65	public function search_products() {

73
74	foreach ( $allowed as $name ) {
75	if ( array_key_exists( $name, $_REQUEST ) ) {
76	+ $params[$name] = sanitize_text_field(wp_unslash( $_REQUEST[$name] ));
77	}
78	}
79

81	$params['offset'] = 0;
82
83	if ( array_key_exists( 'page', $_REQUEST ) ) {
84	+ $params['offset'] = $params['limit'] * ( intval($_REQUEST['page']) - 1 );
85	}
86
87

includes/class-ecwid-seo-links.php CHANGED Viewed

	@@ -55,7 +55,7 @@ class Ecwid_Seo_Links {
55	return;
56	}
57
58	- $id = (isset( $_GET['post'] )) ? $_GET['post'] : false;
59
60	if ( !$id ) {
61	return;
	@@ -97,7 +97,7 @@ class Ecwid_Seo_Links {
97
98	public function redirect_escaped_fragment() {
99	if ( ecwid_should_display_escaped_fragment_catalog() ) {
100	- $params = ecwid_parse_escaped_fragment( ~~$_GET[ '_escaped_fragment_' ]~~ );
101
102	if ( !isset( $params[ 'mode' ] ) ) {
103	return;
	@@ -480,7 +480,9 @@ JS;
480
481	$home_url = home_url();
482	$path = parse_url( $home_url, PHP_URL_PATH );
483	- ~~$seo_part = str_replace( $path . $relative_permalink, '', $_SERVER['REQUEST_URI'] );~~


484
485	foreach ( $noindex_pages as $page ) {
486	if ( preg_match( '!' . $page . '([\?\/]+.*\|)$' . '!', $seo_part ) ) {


55	return;
56	}
57
58	+ $id = (isset( $_GET['post'] )) ? intval($_GET['post']) : false;
59
60	if ( !$id ) {
61	return;

97
98	public function redirect_escaped_fragment() {
99	if ( ecwid_should_display_escaped_fragment_catalog() ) {
100	+ $params = ecwid_parse_escaped_fragment();
101
102	if ( !isset( $params[ 'mode' ] ) ) {
103	return;

480
481	$home_url = home_url();
482	$path = parse_url( $home_url, PHP_URL_PATH );
483	+
484	+ $request_uri = isset($_SERVER['REQUEST_URI']) ? sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])) : '';
485	+ $seo_part = str_replace( $path . $relative_permalink, '', $request_uri );
486
487	foreach ( $noindex_pages as $page ) {
488	if ( preg_match( '!' . $page . '([\?\/]+.*\|)$' . '!', $seo_part ) ) {

includes/class-ecwid-static-page.php CHANGED Viewed

	@@ -66,7 +66,7 @@ class Ecwid_Static_Page {
66
67	if( !$params ) {
68	if ( ecwid_is_applicable_escaped_fragment() ) {
69	- $params = ecwid_parse_escaped_fragment( ~~$_GET['_escaped_fragment_']~~ );
70	} else {
71	$params = Ecwid_Seo_Links::maybe_extract_html_catalog_params();
72	}
	@@ -114,7 +114,8 @@ class Ecwid_Static_Page {
114	$params['default_category_id'] = $store_page_params['default_category_id'];
115	}
116
117	- $~~accept_language~~ = ~~apply_filters~~( ~~'ecwid_lang', @$~~_SERVER['HTTP_ACCEPT_LANGUAGE'] );

118
119	$params['lang'] = $accept_language;
120
	@@ -152,7 +153,8 @@ class Ecwid_Static_Page {
152
153
154	if( !empty( $_COOKIE['ec_store_chameleon_font'] ) ) {
155	- $~~params['tplvar_ec.chameleon.font_family']~~ = ~~stripslashes~~( $_COOKIE['ec_store_chameleon_font'] );

156	}
157
158
	@@ -167,7 +169,7 @@ class Ecwid_Static_Page {
167	$url = self::_get_endpoint_url( $endpoint_params );
168
169	foreach ( $params as $name => $value ) {
170	- $url .= $name . '=' . ~~urlencode~~( $value ) . '&';
171	}
172
173	$url = substr( $url, 0, -1 );


66
67	if( !$params ) {
68	if ( ecwid_is_applicable_escaped_fragment() ) {
69	+ $params = ecwid_parse_escaped_fragment();
70	} else {
71	$params = Ecwid_Seo_Links::maybe_extract_html_catalog_params();
72	}

114	$params['default_category_id'] = $store_page_params['default_category_id'];
115	}
116
117	+ $http_accept_language = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? : '';
118	+ $accept_language = apply_filters( 'ecwid_lang', $http_accept_language );
119
120	$params['lang'] = $accept_language;
121

153
154
155	if( !empty( $_COOKIE['ec_store_chameleon_font'] ) ) {
156	+ $chameleon_cookie = sanitize_text_field(wp_unslash($_COOKIE['ec_store_chameleon_font']));
157	+ $params['tplvar_ec.chameleon.font_family'] = stripslashes( $chameleon_cookie );
158	}
159
160

169	$url = self::_get_endpoint_url( $endpoint_params );
170
171	foreach ( $params as $name => $value ) {
172	+ $url .= $name . '=' . rawurlencode( $value ) . '&';
173	}
174
175	$url = substr( $url, 0, -1 );

includes/class-ecwid-store-editor.php CHANGED Viewed

	@@ -21,7 +21,7 @@ class Ecwid_Store_Editor {
21	return;
22	}
23
24	- if ( is_plugin_active( 'elementor/elementor.php' ) && @$_GET['action'] == 'elementor' ) {
25	return;
26	}
27


21	return;
22	}
23
24	+ if ( is_plugin_active( 'elementor/elementor.php' ) && isset($_GET['action']) && $_GET['action'] == 'elementor' ) {
25	return;
26	}
27

includes/class-ecwid-wp-dashboard-feed.php CHANGED Viewed

	@@ -55,8 +55,16 @@ class Ecwid_WP_Dashboard_Feed {
55	if ( !current_user_can( Ecwid_Admin::get_capability() ) ) {
56	die();
57	}






58
59	- ~~EcwidPlatform::cache_set~~( ~~$this->_get_cache_name~~(), $_POST['posts'], 12 * HOUR_IN_SECONDS );


60
61	header( 'HTTP/1.0 200 OK' );
62	die();


55	if ( !current_user_can( Ecwid_Admin::get_capability() ) ) {
56	die();
57	}
58	+
59	+ check_ajax_referer( 'ec_admin', '_ajax_nonce' );
60	+
61	+ if( !isset($_POST['posts']) ) {
62	+ die();
63	+ }
64
65	+ $posts = map_deep( wp_unslash( $_POST['posts'] ), 'sanitize_text_field' );
66	+
67	+ EcwidPlatform::cache_set( $this->_get_cache_name(), $posts, 12 * HOUR_IN_SECONDS );
68
69	header( 'HTTP/1.0 200 OK' );
70	die();

includes/faq_entries.php CHANGED Viewed

	@@ -53,7 +53,7 @@ $faqs = array(
53	array(
54	'title' => __( 'How do I put my products in the sitemap?', 'ecwid-shopping-cart' ),
55	'body' => __(
56	- 'To create sitemap for your Wordpress site we suggest using <a target="_blank" href="https://wordpress.org/plugins/google-sitemap-generator/">Google XML Sitemaps</a> or <a target="_blank" href="https://wordpress.org/plugins/wordpress-seo/">Yoast Wordpress SEO</a>.  plugins. These plugins are fully compatible with Ecwid and allow to generate a sitemap that will contain links to categories and product pages, so the store pages will get indexed faster. ~~Please note that this option is available to <a target="_blank" href="https://www.ecwid.com/pricing">paid Ecwid users</a>.~~', 'ecwid-shopping-cart'
57	)
58	),
59	array(


53	array(
54	'title' => __( 'How do I put my products in the sitemap?', 'ecwid-shopping-cart' ),
55	'body' => __(
56	+ 'To create sitemap for your Wordpress site we suggest using <a target="_blank" href="https://wordpress.org/plugins/google-sitemap-generator/">Google XML Sitemaps</a> or <a target="_blank" href="https://wordpress.org/plugins/wordpress-seo/">Yoast Wordpress SEO</a>.  plugins. These plugins are fully compatible with Ecwid and allow to generate a sitemap that will contain links to categories and product pages, so the store pages will get indexed faster.', 'ecwid-shopping-cart'
57	)
58	),
59	array(

includes/gutenberg/class-ecwid-gutenberg-block-store.php CHANGED Viewed

	@@ -11,6 +11,9 @@ class Ecwid_Gutenberg_Block_Store extends Ecwid_Gutenberg_Block_Base {
11	}
12
13	public function get_params() {



14	$params = array(
15	'attributes' => $this->get_attributes_for_editor(),
16	'isNewProductList' => $this->_is_new_product_list(),
	@@ -27,7 +30,7 @@ class Ecwid_Gutenberg_Block_Store extends Ecwid_Gutenberg_Block_Base {
27	'You can enable an extra shopping bag icon widget that will appear on your site pages. Open “<a href="%1$s">Appearance → Customize → %2$s</a>” menu to enable it.',
28	'ecwid-shopping-cart'
29	),
30	- 'customize.php?autofocus[section]=' . Ecwid_Customizer::SECTION_MINICART . '&return=' . ~~urlencode~~( remove_query_arg( wp_removable_query_args(), ~~wp_unslash(~~ $~~_SERVER['REQUEST_URI']~~ ) )
31	),
32	Ecwid_Config::get_brand()
33	),
	@@ -45,8 +48,9 @@ class Ecwid_Gutenberg_Block_Store extends Ecwid_Gutenberg_Block_Base {
45
46	$print_js_refresh_config = false;
47	$is_wp_customize = isset( $_REQUEST['wp_customize'] ) && $_REQUEST['wp_customize'] == 'on';

48
49	- if ( ~~$_SERVER['REQUEST_METHOD']~~ ~~!= 'GET'~~ && !$is_wp_customize ) {
50	return '';
51	}
52


11	}
12
13	public function get_params() {
14	+
15	+ $request_uri = isset($_SERVER['REQUEST_URI']) ? sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])) : '';
16	+
17	$params = array(
18	'attributes' => $this->get_attributes_for_editor(),
19	'isNewProductList' => $this->_is_new_product_list(),

30	'You can enable an extra shopping bag icon widget that will appear on your site pages. Open “<a href="%1$s">Appearance → Customize → %2$s</a>” menu to enable it.',
31	'ecwid-shopping-cart'
32	),
33	+ 'customize.php?autofocus[section]=' . Ecwid_Customizer::SECTION_MINICART . '&return=' . rawurlencode( remove_query_arg( wp_removable_query_args(), $request_uri )
34	),
35	Ecwid_Config::get_brand()
36	),

48
49	$print_js_refresh_config = false;
50	$is_wp_customize = isset( $_REQUEST['wp_customize'] ) && $_REQUEST['wp_customize'] == 'on';
51	+ $is_get_request = isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'GET';
52
53	+ if ( !$is_get_request && !$is_wp_customize ) {
54	return '';
55	}
56

includes/gutenberg/class-ecwid-gutenberg.php CHANGED Viewed

	@@ -257,7 +257,7 @@ class Ecwid_Gutenberg {
257
258	protected function _get_version_for_assets( $asset_file_path )
259	{
260	- if ( $_SERVER['HTTP_HOST'] == 'localhost' ) {
261	return filemtime( ECWID_PLUGIN_DIR . '/' . $asset_file_path );
262	}
263


257
258	protected function _get_version_for_assets( $asset_file_path )
259	{
260	+ if ( isset($_SERVER['HTTP_HOST']) && $_SERVER['HTTP_HOST'] == 'localhost' ) {
261	return filemtime( ECWID_PLUGIN_DIR . '/' . $asset_file_path );
262	}
263

includes/importer/class-ecwid-import-page.php CHANGED Viewed

	@@ -30,7 +30,7 @@ class Ecwid_Import_Page
30	return;
31	}
32
33	- if ( @$_GET[self::PARAM_FROM_IMPORT_ONBOARDING] ) {
34	Ecwid_Message_Manager::disable_message( Ecwid_Message_Manager::MSG_WOO_IMPORT_ONBOARDING );
35	}
36	}
	@@ -105,7 +105,8 @@ class Ecwid_Import_Page
105	$importer = new Ecwid_Importer();
106
107	if ( !$importer->has_begun() \|\| isset( $_REQUEST['reset'] ) ) {
108	- $~~importer->initiate~~( @$_REQUEST['settings'] );

109	}
110
111	$result = $importer->proceed();
	@@ -144,7 +145,7 @@ class Ecwid_Import_Page
144
145	wp_safe_redirect(
146	'admin.php?page=' . Ecwid_Admin::ADMIN_SLUG
147	- . '&reconnect&return-url=' . ~~urlencode~~( $url )
148	. '&scope=create_catalog+update_catalog&do_reconnect=1'
149	);
150	}


30	return;
31	}
32
33	+ if ( isset($_GET[self::PARAM_FROM_IMPORT_ONBOARDING]) ) {
34	Ecwid_Message_Manager::disable_message( Ecwid_Message_Manager::MSG_WOO_IMPORT_ONBOARDING );
35	}
36	}

105	$importer = new Ecwid_Importer();
106
107	if ( !$importer->has_begun() \|\| isset( $_REQUEST['reset'] ) ) {
108	+ $settings = isset($_REQUEST['settings']) ? map_deep( wp_unslash( $_REQUEST['settings'] ), 'sanitize_text_field' ) : array();
109	+ $importer->initiate( $settings );
110	}
111
112	$result = $importer->proceed();

145
146	wp_safe_redirect(
147	'admin.php?page=' . Ecwid_Admin::ADMIN_SLUG
148	+ . '&reconnect&return-url=' . rawurlencode( $url )
149	. '&scope=create_catalog+update_catalog&do_reconnect=1'
150	);
151	}

includes/importer/class-ecwid-importer.php CHANGED Viewed

	@@ -141,7 +141,7 @@ class Ecwid_Importer
141	$progress['success'][] = $task_data['type'];
142	}
143
144	- if( is_array($status['plan_limit']) && count($status['plan_limit']) ) {
145	update_option( self::OPTION_STATUS, $status );
146	}
147	} else {
	@@ -201,7 +201,7 @@ class Ecwid_Importer
201	update_option( self::OPTION_ERROR_LOG, $progress['error_messages'] );
202	}
203
204	- if( $progress['status'] == 'in_progress' ) {
205	$progress['tasks'] = $this->_tasks;
206	return $progress;
207	}
	@@ -279,6 +279,10 @@ class Ecwid_Importer
279	if( get_option( self::OPTIONS_SEPARATE_IMAGE_LOADING, false ) ) {
280	return true;
281	}




282
283	return in_array( $_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1') );
284	}


141	$progress['success'][] = $task_data['type'];
142	}
143
144	+ if( isset($status['plan_limit']) && is_array($status['plan_limit']) && count($status['plan_limit']) ) {
145	update_option( self::OPTION_STATUS, $status );
146	}
147	} else {

201	update_option( self::OPTION_ERROR_LOG, $progress['error_messages'] );
202	}
203
204	+ if( isset($progress['status']) && $progress['status'] == 'in_progress' ) {
205	$progress['tasks'] = $this->_tasks;
206	return $progress;
207	}

279	if( get_option( self::OPTIONS_SEPARATE_IMAGE_LOADING, false ) ) {
280	return true;
281	}
282	+
283	+ if( !isset($_SERVER['REMOTE_ADDR']) ) {
284	+ return false;
285	+ }
286
287	return in_array( $_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1') );
288	}

includes/importer/task/class-ecwid-importer-task-product-base.php CHANGED Viewed

	@@ -31,7 +31,7 @@ abstract class Ecwid_Importer_Task_Product_Base extends Ecwid_Importer_Task {
31
32	$url = 'admin.php?page=' . Ecwid_Admin::ADMIN_SLUG . '&ec-store-page=';
33
34	- $url .= ~~urlencode~~( 'product:mode=edit&id=' . $this->get_ecwid_id() );
35
36	return admin_url( $url );
37	}


31
32	$url = 'admin.php?page=' . Ecwid_Admin::ADMIN_SLUG . '&ec-store-page=';
33
34	+ $url .= rawurlencode( 'product:mode=edit&id=' . $this->get_ecwid_id() );
35
36	return admin_url( $url );
37	}

includes/integrations/class-ecwid-integration-elementor.php CHANGED Viewed

	@@ -80,7 +80,16 @@ class Ec_Integration_Elementor_Stub_Renderer extends Ecwid_Stub_Renderer {
80	}
81
82	protected function _should_apply() {
83	- ~~return @$_REQUEST['action'] == 'elementor_ajax' \|\| @$_REQUEST['action'] == 'elementor' \|\| isset( $_GET['elementor-preview'] );~~









84	}
85
86	public function enqueue_scripts() {


80	}
81
82	protected function _should_apply() {
83	+
84	+ if( isset($_REQUEST['action']) && in_array( $_REQUEST['action'], array('elementor_ajax', 'elementor') ) ) {
85	+ return true;
86	+ }
87	+
88	+ if( isset( $_GET['elementor-preview'] ) ) {
89	+ return true;
90	+ }
91	+
92	+ return false;
93	}
94
95	public function enqueue_scripts() {

includes/integrations/class-ecwid-integration-gutenberg.php CHANGED Viewed

	@@ -92,6 +92,9 @@ class Ecwid_Integration_Gutenberg {
92	);
93
94	$is_demo_store = ecwid_is_demo_store();



95	wp_localize_script( 'ecwid-gutenberg-store', 'EcwidGutenbergParams',
96	array(
97	'ecwid_pb_defaults' => ecwid_get_default_pb_size(),
	@@ -119,7 +122,7 @@ class Ecwid_Integration_Gutenberg {
119	'You can enable an extra shopping bag icon widget that will appear on your site pages. Open “<a href="%1$s">Appearance → Customize → %2$s</a>” menu to enable it.',
120	'ecwid-shopping-cart'
121	),
122	- 'customize.php?autofocus[section]=' . Ecwid_Customizer::SECTION_MINICART . '&return=' . ~~urlencode~~( remove_query_arg( wp_removable_query_args(), ~~wp_unslash(~~ $~~_SERVER['REQUEST_URI']~~ ) )
123	),
124	Ecwid_Config::get_brand()
125	)
	@@ -208,7 +211,7 @@ class Ecwid_Integration_Gutenberg {
208
209	public function render_callback( $params ) {
210
211	- if ( $_SERVER['REQUEST_METHOD'] != 'GET' ) {
212	return '';
213	}
214
	@@ -366,7 +369,7 @@ JS;
366
367	protected function _get_version_for_assets( $asset_file_path )
368	{
369	- if ( $_SERVER['HTTP_HOST'] == 'localhost' ) {
370	return filemtime( ECWID_PLUGIN_DIR . '/' . $asset_file_path );
371	}
372


92	);
93
94	$is_demo_store = ecwid_is_demo_store();
95	+
96	+ $request_uri = isset($_SERVER['REQUEST_URI']) ? sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])) : '';
97	+
98	wp_localize_script( 'ecwid-gutenberg-store', 'EcwidGutenbergParams',
99	array(
100	'ecwid_pb_defaults' => ecwid_get_default_pb_size(),

122	'You can enable an extra shopping bag icon widget that will appear on your site pages. Open “<a href="%1$s">Appearance → Customize → %2$s</a>” menu to enable it.',
123	'ecwid-shopping-cart'
124	),
125	+ 'customize.php?autofocus[section]=' . Ecwid_Customizer::SECTION_MINICART . '&return=' . rawurlencode( remove_query_arg( wp_removable_query_args(), $request_uri )
126	),
127	Ecwid_Config::get_brand()
128	)

211
212	public function render_callback( $params ) {
213
214	+ if ( isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] != 'GET' ) {
215	return '';
216	}
217

369
370	protected function _get_version_for_assets( $asset_file_path )
371	{
372	+ if ( isset($_SERVER['HTTP_HOST']) && $_SERVER['HTTP_HOST'] == 'localhost' ) {
373	return filemtime( ECWID_PLUGIN_DIR . '/' . $asset_file_path );
374	}
375

includes/integrations/class-ecwid-integration-wpbakery-composer.php CHANGED Viewed

	@@ -16,7 +16,7 @@ class Ec_Integration_WPBakery_Composer {
16
17	class Ec_Integration_WPBakery_Stub_Renderer extends Ecwid_Stub_Renderer {
18	protected function _should_apply() {
19	- return isset($_GET['vc_editable']) && $_GET['vc_editable'];
20	}
21	}
22


16
17	class Ec_Integration_WPBakery_Stub_Renderer extends Ecwid_Stub_Renderer {
18	protected function _should_apply() {
19	+ return isset($_GET['vc_editable']) && sanitize_text_field(wp_unslash($_GET['vc_editable']));
20	}
21	}
22

includes/integrations/class-ecwid-integration-wpseo.php CHANGED Viewed

	@@ -141,7 +141,9 @@ class Ecwid_Integration_WordPress_SEO_By_Yoast
141
142	public function clear_ecwid_sitemap_index() {
143
144	- ~~if(~~ ~~strpos~~( $_SERVER['REQUEST_URI'], '~~sitemap_index.xml~~' ) ~~!==~~ ~~false ) {~~


145	ob_start();
146	add_action('shutdown', array($this, 'sitemap_clear'), 0);
147	}


141
142	public function clear_ecwid_sitemap_index() {
143
144	+ $request_uri = isset($_SERVER['REQUEST_URI']) ? sanitize_text_field(wp_unslash($_SERVER['REQUEST_URI'])) : '';
145	+
146	+ if( strpos( $request_uri, 'sitemap_index.xml' ) !== false ) {
147	ob_start();
148	add_action('shutdown', array($this, 'sitemap_clear'), 0);
149	}

includes/integrations/elementor/class-ec-elementor-widget-buynow.php CHANGED Viewed

	@@ -72,7 +72,7 @@ class Ec_Elementor_Widget_Buynow extends \Elementor\Widget_Base {
72	protected function render() {
73	$settings = $this->get_settings_for_display();
74
75	- $is_editor_page = @$_REQUEST['action'] == ~~'elementor_ajax'~~ ~~\|\| @$~~_REQUEST['action'] == 'elementor';
76	if( !$is_editor_page && intval($settings['product_id']) <= 1 ) {
77	return;
78	}


72	protected function render() {
73	$settings = $this->get_settings_for_display();
74
75	+ $is_editor_page = isset($_REQUEST['action']) && in_array( $_REQUEST['action'], array('elementor_ajax', 'elementor') );
76	if( !$is_editor_page && intval($settings['product_id']) <= 1 ) {
77	return;
78	}

includes/kliken.php CHANGED Viewed

	@@ -1,6 +1,8 @@
1	<?php
2
3	- if ( isset($_SERVER['HTTP_USER_AGENT']) && ~~strpos~~( $_SERVER['HTTP_USER_AGENT'], '~~Google-Site-Verification~~' ~~) ) {~~


4
5	add_action( 'wp_head', 'ecwid_add_kliken_code' );
6


1	<?php
2
3	+ $user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? sanitize_text_field(wp_unslash($_SERVER['HTTP_USER_AGENT'])) : '';
4	+
5	+ if ( strpos( $user_agent, 'Google-Site-Verification' ) ) {
6
7	add_action( 'wp_head', 'ecwid_add_kliken_code' );
8

includes/themes.php CHANGED Viewed

	@@ -67,7 +67,7 @@ function ecwid_apply_theme($theme_name = null)
67	'flatsome' => array( Ecwid_Theme_Base::PROP_USE_JS_API_FOR_CATS_NAV_MENU ),
68	'themify-music' => array( Ecwid_Theme_Base::PROP_AJAX_DEFER_RENDERING ),
69	'Parallax-One' => array( 'css' ),
70	- 'twentytwenty' => array( 'css', 'title' ),
71	'jevelin3' => array( 'css-no-parent' ),
72	'newstore' => array( 'css', 'title' ),
73	'twentytwentyone' => array( 'css-no-parent', 'title' )


67	'flatsome' => array( Ecwid_Theme_Base::PROP_USE_JS_API_FOR_CATS_NAV_MENU ),
68	'themify-music' => array( Ecwid_Theme_Base::PROP_AJAX_DEFER_RENDERING ),
69	'Parallax-One' => array( 'css' ),
70	+ 'twentytwenty' => array( 'css-no-parent', 'title' ),
71	'jevelin3' => array( 'css-no-parent' ),
72	'newstore' => array( 'css', 'title' ),
73	'twentytwentyone' => array( 'css-no-parent', 'title' )

includes/themes/class-ecwid-theme-boundless.php CHANGED Viewed

	@@ -22,7 +22,7 @@ class Ecwid_Theme_Boundless extends Ecwid_Theme_Base
22	$meta = get_post_meta( get_the_ID(), '_witty_builder_data' );
23
24	if ( is_array( $meta ) ) {
25	- $meta = ~~serialize~~( $meta );
26
27	// not exactly the intended usage, but quite simple and still works
28	// $meta is a serialized array that has the actual content


22	$meta = get_post_meta( get_the_ID(), '_witty_builder_data' );
23
24	if ( is_array( $meta ) ) {
25	+ $meta = implode($meta, ',');
26
27	// not exactly the intended usage, but quite simple and still works
28	// $meta is a serialized array that has the actual content

includes/themes/class-ecwid-theme-envision.php CHANGED Viewed

	@@ -19,8 +19,7 @@ class Ecwid_Theme_Envision extends Ecwid_Theme_Base
19	return $value;
20	}
21
22	- $meta = ~~serialize~~(get_post_meta( get_the_ID(), 'env_composer' ));
23	- //die(print_r(serialize($meta)));
24
25	// not exactly the intended usage, but quite simple and still works
26	// $meta is a serialized array that has the actual content


19	return $value;
20	}
21
22	+ $meta = implode( get_post_meta( get_the_ID(), 'env_composer' ), ',' );

23
24	// not exactly the intended usage, but quite simple and still works
25	// $meta is a serialized array that has the actual content

includes/widgets/class-ecwid-widget-recently-viewed.php CHANGED Viewed

	@@ -18,7 +18,8 @@ class Ecwid_Widget_Recently_Viewed extends Ecwid_Widget_Products_List_Base {
18
19	$recently_viewed = false;
20	if (isset($_COOKIE['ecwid-shopping-cart-recently-viewed'])) {
21	- $~~recently_viewed~~ = ~~json_decode~~(~~stripslashes~~($_COOKIE['ecwid-shopping-cart-recently-viewed']));

22	}
23
24	if ($recently_viewed && $recently_viewed->store_id != get_ecwid_store_id() && !is_admin()) {
	@@ -38,9 +39,9 @@ class Ecwid_Widget_Recently_Viewed extends Ecwid_Widget_Products_List_Base {
38	protected function _get_products() {
39	$recently_viewed = false;
40	if (isset($_COOKIE['ecwid-shopping-cart-recently-viewed'])) {
41	- $~~recently_viewed~~ = ~~json_decode~~($_COOKIE['ecwid-shopping-cart-recently-viewed']);

42	}
43	- $recently_viewed = json_decode(stripslashes(@$_COOKIE['ecwid-shopping-cart-recently-viewed']));
44
45	if ($recently_viewed && $recently_viewed->store_id != get_ecwid_store_id()) {
46	$recently_viewed = null;


18
19	$recently_viewed = false;
20	if (isset($_COOKIE['ecwid-shopping-cart-recently-viewed'])) {
21	+ $cookie = sanitize_text_field(wp_unslash($_COOKIE['ecwid-shopping-cart-recently-viewed']));
22	+ $recently_viewed = json_decode($cookie);
23	}
24
25	if ($recently_viewed && $recently_viewed->store_id != get_ecwid_store_id() && !is_admin()) {

39	protected function _get_products() {
40	$recently_viewed = false;
41	if (isset($_COOKIE['ecwid-shopping-cart-recently-viewed'])) {
42	+ $cookie = sanitize_text_field(wp_unslash($_COOKIE['ecwid-shopping-cart-recently-viewed']));
43	+ $recently_viewed = json_decode($cookie);
44	}

45
46	if ($recently_viewed && $recently_viewed->store_id != get_ecwid_store_id()) {
47	$recently_viewed = null;

js/admin-menu.js CHANGED Viewed

	@@ -260,7 +260,8 @@ jQuery(document).ready(function() {
260	'url': ajaxurl + '?action=' + ecwid_admin_menu.actionUpdateMenu,
261	'method': 'POST',
262	'data': {
263	- menu: e.data.data.navigationMenuItems

264	},
265	'success': function(result) {
266	jQuery('li[data-ecwid-dynamic-menu]').remove();


260	'url': ajaxurl + '?action=' + ecwid_admin_menu.actionUpdateMenu,
261	'method': 'POST',
262	'data': {
263	+ 'menu': e.data.data.navigationMenuItems,
264	+ '_ajax_nonce': ecwid_admin_menu.ajaxNonce
265	},
266	'success': function(result) {
267	jQuery('li[data-ecwid-dynamic-menu]').remove();

js/admin.js CHANGED Viewed

	@@ -107,7 +107,7 @@ jQuery(document).ready(function() {
107	jQuery('#ecwid-connect-no-oauth').on('click', function() {
108	if (jQuery('#ecwid-store-id').val()) {
109	var link = jQuery(this).data('href');
110	- location.href = link + '&force_store_id=' + jQuery('#ecwid-store-id').val();
111	}
112	return false;
113	});


107	jQuery('#ecwid-connect-no-oauth').on('click', function() {
108	if (jQuery('#ecwid-store-id').val()) {
109	var link = jQuery(this).data('href');
110	+ location.href = link + '&force_store_id=' + jQuery('#ecwid-store-id').val() + '&_wpnonce=' + ecwid_admin_menu.ajaxNonce;
111	}
112	return false;
113	});

js/dashboard-blog.js CHANGED Viewed

	@@ -41,7 +41,8 @@ jQuery(document).ready(function() {
41	'url': ajaxurl + '?action=' + ecwidDashboardBlog.saveAction,
42	'method': 'POST',
43	'data': {
44	- 'posts': window.ecwidBlogPosts

45	}
46	});
47	};


41	'url': ajaxurl + '?action=' + ecwidDashboardBlog.saveAction,
42	'method': 'POST',
43	'data': {
44	+ 'posts': window.ecwidBlogPosts,
45	+ '_ajax_nonce': ecwid_admin_menu.ajaxNonce
46	}
47	});
48	};

js/popup-deactivate.js CHANGED Viewed

@@ -41,19 +41,4 @@ jQuery(document).ready(function() {
+                        }
                     });
                 });
-            -
-            -
                jQuery('.ecwid-popup-deactivate .bottom-support-link a').on('click', function() {
-            -
                    var feedback = gatherFeedback();
-            -
-            -
                    var target = 'admin.php?page=ec-store-help';
-            -
-            -
                    if (feedback.reasonText)
-            -
                        target += '&contact_us_subject=' + encodeURIComponent(feedback.reasonText);
-            -
                    if (feedback.message)
-            -
                        target += '&contact_us_message=' + encodeURIComponent(feedback.message);
-            -
-            -
                    location.href = target;
-            -
-            -
                    return false;
-            -
                });
             });

+                        }
                     });
                 });
             });

lib/ecwid_api_v3.php CHANGED Viewed

	@@ -484,7 +484,7 @@ class Ecwid_Api_V3
484	}
485
486	foreach ($query as $key => $value) {
487	- $query[$key] = ~~urlencode~~($value);
488	}
489
490	return $url . '?' . build_query( $query );
	@@ -707,8 +707,8 @@ class Ecwid_Api_V3
707	),
708	);
709
710	- if( !in_array($_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1')) ) {
711	- $params['merchant']['ip'] = $_SERVER['REMOTE_ADDR'];
712	}
713
714	$ref = apply_filters( 'ecwid_get_new_store_ref_id', '' );
	@@ -756,7 +756,7 @@ class Ecwid_Api_V3
756	$params['token'] = self::get_token();
757	}
758	}else {
759	- $params[$key] = ~~urlencode~~($param);
760	}
761	}
762


484	}
485
486	foreach ($query as $key => $value) {
487	+ $query[$key] = rawurlencode($value);
488	}
489
490	return $url . '?' . build_query( $query );

707	),
708	);
709
710	+ if( isset($_SERVER['REMOTE_ADDR']) && !in_array($_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1')) ) {
711	+ $params['merchant']['ip'] = sanitize_text_field(wp_unslash($_SERVER['REMOTE_ADDR']));
712	}
713
714	$ref = apply_filters( 'ecwid_get_new_store_ref_id', '' );

756	$params['token'] = self::get_token();
757	}
758	}else {
759	+ $params[$key] = rawurlencode($param);
760	}
761	}
762

lib/ecwid_catalog.php CHANGED Viewed

	@@ -37,7 +37,7 @@ class EcwidCatalog
37
38	public function get_category($id)
39	{
40	- $offset = ( isset($_GET['offset']) ) ? $_GET['offset'] : 0;
41	$data = $this->_get_data_for_category( $id, $offset );
42
43	if ( !$data ) {


37
38	public function get_category($id)
39	{
40	+ $offset = ( isset($_GET['offset']) ) ? intval($_GET['offset']) : 0;
41	$data = $this->_get_data_for_category( $id, $offset );
42
43	if ( !$data ) {

lib/ecwid_catalog_entry.php CHANGED Viewed

	@@ -111,6 +111,6 @@ abstract class Ecwid_Catalog_Entry {
111	if ( $result && count( @$match[0] ) > 0 )
112	return implode('-', $match[0] );
113
114	- return ~~urlencode~~($str);
115	}
116	}


111	if ( $result && count( @$match[0] ) > 0 )
112	return implode('-', $match[0] );
113
114	+ return rawurlencode($str);
115	}
116	}

lib/ecwid_platform.php CHANGED Viewed

	@@ -542,13 +542,11 @@ class EcwidPlatform {
542	static public function is_need_clear_transients() {
543	global $wpdb;
544
545	- $~~sql~~ = "
546	SELECT COUNT(*)
547	FROM {$wpdb->options}
548	WHERE option_name LIKE '\_transient\_ecwid\_%'
549	- ";
550	-
551	- $count_transients = $wpdb->get_var($sql);
552
553	if( $count_transients >= self::TRANSIENTS_LIMIT ) {
554	return true;
	@@ -560,14 +558,12 @@ class EcwidPlatform {
560	static public function clear_all_transients() {
561	global $wpdb;
562
563	- $~~sql =~~ "
564	DELETE
565	FROM {$wpdb->options}
566	WHERE option_name LIKE '\_transient\_ecwid\_%'
567	OR option_name LIKE '\_transient\_timeout\_ecwid\_%'
568	- ";
569	-
570	- $wpdb->query($sql);
571	}
572	}
573


542	static public function is_need_clear_transients() {
543	global $wpdb;
544
545	+ $count_transients = $wpdb->get_var( "
546	SELECT COUNT(*)
547	FROM {$wpdb->options}
548	WHERE option_name LIKE '\_transient\_ecwid\_%'
549	+ ");


550
551	if( $count_transients >= self::TRANSIENTS_LIMIT ) {
552	return true;

558	static public function clear_all_transients() {
559	global $wpdb;
560
561	+ $wpdb->query("
562	DELETE
563	FROM {$wpdb->options}
564	WHERE option_name LIKE '\_transient\_ecwid\_%'
565	OR option_name LIKE '\_transient\_timeout\_ecwid\_%'
566	+ ");


567	}
568	}
569

readme.txt CHANGED Viewed

	@@ -1,9 +1,9 @@
1	=== Ecwid Ecommerce Shopping Cart ===
2	Contributors: Ecwid
3	Tags: ecommerce, e-commerce, storefront, shopping cart, online store
4	- Requires at least: 3.7
5	Tested up to: 5.8
6	- Stable tag: 6.10.15
7
8	Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support. Free plan available.
9
	@@ -152,6 +152,11 @@ You can use Ecwid’s built-in import tools to copy your store products from any
152
153	== Changelog ==
154





155	= 6.10.15 - Oct 12, 2021 =
156	- Improved security of handling initial onboarding. Ecwid ecommerce shopping cart plugin update is recommended. Thanks to "tigertech.net" for a great job on the problem discovery.
157	- Fixed slow loading issue for the site in some cases.


1	=== Ecwid Ecommerce Shopping Cart ===
2	Contributors: Ecwid
3	Tags: ecommerce, e-commerce, storefront, shopping cart, online store
4	+ Requires at least: 4.4
5	Tested up to: 5.8
6	+ Stable tag: 6.10.16
7
8	Powerful, easy to use ecommerce shopping cart for WordPress. Sell on Facebook and Instagram. iPhone & Android apps. Superb support. Free plan available.
9

152
153	== Changelog ==
154
155	+ = 6.10.16 - Dec 07, 2021 =
156	+ - Improvements in the plugin code to comply with the WordPress plugin marketplace recommendations.
157	+ - Twenty Twenty theme improved compatibility. Even though Ecwid is compatible with every WordPress theme by design, some slight fixes and improvements are sometimes needed to make storefront look better. That’s why we are always monitoring how Ecwid pages look and behave in WordPress ecommerce themes.
158	+ — Minor fixes and improvements.
159	+
160	= 6.10.15 - Oct 12, 2021 =
161	- Improved security of handling initial onboarding. Ecwid ecommerce shopping cart plugin update is recommended. Thanks to "tigertech.net" for a great job on the problem discovery.
162	- Fixed slow loading issue for the site in some cases.

templates/admin/simple-dashboard.php CHANGED Viewed

	@@ -26,7 +26,7 @@
26	</div>
27
28	<div class="greeting">
29	- <?php if (@$_GET['settings-updated']): ?>
30	<div class="greeting-title">
31	<?php _e('Congratulations!', 'ecwid-shopping-cart'); ?>
32	</div>


26	</div>
27
28	<div class="greeting">
29	+ <?php if ( isset($_GET['settings-updated']) ): ?>
30	<div class="greeting-title">
31	<?php _e('Congratulations!', 'ecwid-shopping-cart'); ?>
32	</div>

templates/admin/storefront/area-status.php CHANGED Viewed

	@@ -112,7 +112,7 @@
112	?></p>
113	</div>
114	<div class="feature-element__action">
115	- <a href="<?php echo admin_url('admin.php?page=ec-store&return-url=') . ~~urlencode~~(self::get_relative_page_url());?>" class="feature-element__button btn btn-primary btn-medium"><?php _e('Set Up Your Store', 'ecwid-shopping-cart'); ?></a>
116	</div>
117	</div>
118


112	?></p>
113	</div>
114	<div class="feature-element__action">
115	+ <a href="<?php echo admin_url('admin.php?page=ec-store&return-url=') . rawurlencode(self::get_relative_page_url());?>" class="feature-element__button btn btn-primary btn-medium"><?php _e('Set Up Your Store', 'ecwid-shopping-cart'); ?></a>
116	</div>
117	</div>
118

templates/advanced-settings.php CHANGED Viewed

	@@ -35,7 +35,7 @@
35	<div class="upgrade-note">
36	<a
37	class="button ecwid-button button-green" target="_blank"
38	- href="<?php echo Ecwid_Admin::get_dashboard_url(); ?>&ec-page=<?php echo ~~urlencode~~( Ecwid_Admin_Main_Page::PAGE_HASH_UPGRADE ); ?>">
39	<?php _e( 'Upgrade to get this feature', 'ecwid-shopping-cart' ); ?>
40	</a>
41	<div class="note grayed-links">


35	<div class="upgrade-note">
36	<a
37	class="button ecwid-button button-green" target="_blank"
38	+ href="<?php echo Ecwid_Admin::get_dashboard_url(); ?>&ec-page=<?php echo rawurlencode( Ecwid_Admin_Main_Page::PAGE_HASH_UPGRADE ); ?>">
39	<?php _e( 'Upgrade to get this feature', 'ecwid-shopping-cart' ); ?>
40	</a>
41	<div class="note grayed-links">

templates/cache_log.php CHANGED Viewed

	@@ -80,7 +80,10 @@ function render_nested( $name, $data ) {
80
81	$cache = get_option('ecwid_cache_log');
82
83	- $kill = ~~@$_GET['kill']~~;



84	while ( $kill-- > 0 && count($cache) > 0) {
85	array_pop($cache);
86	}


80
81	$cache = get_option('ecwid_cache_log');
82
83	+ $kill = 0;
84	+ if( isset($_GET['kill']) ) {
85	+ $kill = sanitize_text_field( wp_unslash($_GET['kill']) );
86	+ }
87	while ( $kill-- > 0 && count($cache) > 0) {
88	array_pop($cache);
89	}

templates/help.php CHANGED Viewed

	@@ -181,7 +181,7 @@
181	</div>
182	</div>
183
184	- <?php if (!in_array($_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1'))): ?>
185	<div class="block-contact">
186	<h2><?php _e( 'Send a message to our support team', 'ecwid-shopping-cart' ); ?> </h2>
187
	@@ -189,8 +189,8 @@
189	<form action="admin-post.php" enctype="multipart/form-data" class="new_email" id="new_email" method="post" novalidate="novalidate">
190	<input type="hidden" name="action" value="ecwid_contact_us" />
191	<input type="hidden" name="wp-nonce" id="wp-nonce" value="<?php echo wp_create_nonce( Ecwid_Help_Page::CONTACT_US_ACTION_NAME ); ?>" />
192	- <input id="email_subject" maxlength="100" name="email[subject]" type="text" class="form-control" value="<?php if ( @$_GET['contact_us_subject'] ) echo ~~esc_attr__~~( ~~stripslashes~~( $_GET['contact_us_subject'] ) ); ?>" placeholder="<?php _e( 'Subject', 'ecwid-shopping-cart' ); ?> ">
193	- <textarea id="email_body" name="email[body]" class="form-control" placeholder="<?php _e( 'Type in your message here', 'ecwid-shopping-cart' ); ?> "><?php if ( @$_GET['contact_us_message'] ) echo ~~htmlentities~~($_GET['contact_us_message']); ?></textarea>
194	<div class="btn-container">
195	<button id="contact-ecwid-support" class="btn btn-medium btn-aqua" type="submit">
196	<span class="btn-text"><?php _e( 'Send Message', 'ecwid-shopping-cart'); ?></span>


181	</div>
182	</div>
183
184	+ <?php if (isset($_SERVER['REMOTE_ADDR']) && !in_array($_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1'))): ?>
185	<div class="block-contact">
186	<h2><?php _e( 'Send a message to our support team', 'ecwid-shopping-cart' ); ?> </h2>
187

189	<form action="admin-post.php" enctype="multipart/form-data" class="new_email" id="new_email" method="post" novalidate="novalidate">
190	<input type="hidden" name="action" value="ecwid_contact_us" />
191	<input type="hidden" name="wp-nonce" id="wp-nonce" value="<?php echo wp_create_nonce( Ecwid_Help_Page::CONTACT_US_ACTION_NAME ); ?>" />
192	+ <input id="email_subject" maxlength="100" name="email[subject]" type="text" class="form-control" value="<?php if ( !empty($_GET['contact_us_subject']) ) echo __(sanitize_text_field(wp_unslash( $_GET['contact_us_subject']))); ?>" placeholder="<?php _e( 'Subject', 'ecwid-shopping-cart' ); ?> ">
193	+ <textarea id="email_body" name="email[body]" class="form-control" placeholder="<?php _e( 'Type in your message here', 'ecwid-shopping-cart' ); ?> "><?php if ( !empty($_GET['contact_us_message']) ) echo sanitize_text_field(wp_unslash($_GET['contact_us_message'])); ?></textarea>
194	<div class="btn-container">
195	<button id="contact-ecwid-support" class="btn btn-medium btn-aqua" type="submit">
196	<span class="btn-text"><?php _e( 'Send Message', 'ecwid-shopping-cart'); ?></span>

templates/popup/deactivate.php CHANGED Viewed

@@ -14,12 +14,19 @@
             		<?php if ( @$reason['has_message'] ): ?>
             		<div class="message">
             			<textarea name="message[<?php echo $key; ?>]" placeholder="<?php echo $reason['message_hint']; ?>"><?php if($reason['code'] == 'theme'){ echo $reason['message_hint']; } ?></textarea>
             		</div>
             		<?php endif; ?>
             	</li>
             <?php endforeach; ?>
-            -
            </ul>
-            -
-            -
            <div class="bottom-support-link">
-            -
            	<a href="#"><?php _e( 'Contact Support', 'ecwid-shopping-cart' ); ?></a>
-            -
            </div>


14	<?php if ( @$reason['has_message'] ): ?>
15	<div class="message">
16	<textarea name="message[<?php echo $key; ?>]" placeholder="<?php echo $reason['message_hint']; ?>"><?php if($reason['code'] == 'theme'){ echo $reason['message_hint']; } ?></textarea>
17	+
18	+ <div class="ec-deactivate-notice">
19	+ <?php
20	+ echo sprintf(
21	+ __('You can <a %1$s>contact %2$s support</a> and let us help you with the problem you are facing, instead of removing the plugin.', 'ecwid-shopping-cart'),
22	+ sprintf( 'href="%s" target="_blank"', $support_link ),
23	+ Ecwid_Config::get_brand()
24	+ );
25	+ ?>
26	+ </div>
27	+
28	</div>
29	<?php endif; ?>
30	</li>
31	<?php endforeach; ?>
32	+ </ul>

templates/popup/popup.php CHANGED Viewed

	@@ -1,4 +1,4 @@
1	- <div class="ecwid-popup <?php echo $this->_class; ?>">
2	<div class="ecwid-popup-window">
3	<div class="ecwid-popup-header">
4	<?php $this->_render_header(); ?>


1	+ <div class="ecwid-popup <?php echo esc_html($this->_class); ?>">
2	<div class="ecwid-popup-window">
3	<div class="ecwid-popup-header">
4	<?php $this->_render_header(); ?>

templates/store-popup.php CHANGED Viewed

	@@ -78,7 +78,7 @@
78	<div class="note">
79	<?php echo sprintf(
80	__('Additionally, you can add store controls to your website\'s toolbar using <a %s>WordPress native widgets</a>', 'ecwid-shopping-cart'),
81	- ' target="_blank" href="widgets.php?from-ec-store=' . (isset($_GET['post']) ? $_GET['post'] : 'new') . '"'
82	);
83	?>
84	</div>


78	<div class="note">
79	<?php echo sprintf(
80	__('Additionally, you can add store controls to your website\'s toolbar using <a %s>WordPress native widgets</a>', 'ecwid-shopping-cart'),
81	+ ' target="_blank" href="widgets.php?from-ec-store=' . (isset($_GET['post']) ? sanitize_text_field(wp_unslash($_GET['post'])) : 'new') . '"'
82	);
83	?>
84	</div>

Ecwid Ecommerce Shopping Cart - Version 6.10.16

Version Description

Release Info

Code changes from version 6.10.15 to 6.10.16