Facebook for WooCommerce - Version 1.9.13

Version Description

2019-06-18 =
Fix security issues
Add more contributors to the plugin

Release Info

Developer	facebook4woocommerce
Plugin	Facebook for WooCommerce
Version	1.9.13
Comparing to
See all releases

Code changes from version 1.9.12 to 1.9.13

Files changed (8) hide show

assets/js/facebook-settings.js +29 -18
changelog.txt +5 -1
facebook-commerce-pixel-event.php +32 -1
facebook-commerce.php +10 -5
facebook-config-warmer.php +1 -0
facebook-for-woocommerce.php +1 -1
includes/fbutils.php +15 -1
readme.txt +6 -6

assets/js/facebook-settings.js CHANGED Viewed

@@ -79,26 +79,37 @@ function get_ems_id_box() {
              *  Ajax helper function.
              *  Takes optional payload for POST and optional callback.
              */
-            -
            function ajax(action, payload = null, callback = null, failcallback = null) {
-            -
              var data = {
-            -
                'action': action,
-            -
              };
-            -
              if (payload){
-            -
                for (var attrname in payload) { data[attrname] = payload[attrname]; }
-            -
              }
-            -
-            -
              // Since  Wordpress 2.8 ajaxurl is always defined in admin header and
-            -
              // points to admin-ajax.php
-            -
              jQuery.post(ajaxurl, data, function(response) {
-            -
                if(callback) {
-            -
                  callback(response);
-            -
                }
-            -
              }).fail(function(errorResponse){
-            -
                if(failcallback) {
-            -
                  failcallback(errorResponse);
+                }
               });
-            -
            }
             var settings = {'facebook_for_woocommerce' : 1};
             var pixel_settings = {'facebook_for_woocommerce' : 1};


79	* Ajax helper function.
80	* Takes optional payload for POST and optional callback.
81	*/
82	+ var ajax = (function() {
83	+ var wpnonce = null;
84	+ jQuery(function() {
85	+ var wpnonceElem = document.querySelector('div#fbsetup input#_wpnonce');
86	+ if (wpnonceElem) {
87	+ wpnonce = wpnonceElem.getAttribute('value');
88	+ wpnonceElem.parentNode.removeChild(wpnonceElem);










89	}
90	});
91	+ return function _ajax(action, payload = null, callback = null, failcallback = null) {
92	+ var data = {
93	+ 'action': action,
94	+ '_wpnonce': wpnonce
95	+ };
96	+ if (payload) {
97	+ for (var attrname in payload) { data[attrname] = payload[attrname]; }
98	+ }
99	+
100	+ // Since Wordpress 2.8 ajaxurl is always defined in admin header and
101	+ // points to admin-ajax.php
102	+ jQuery.post(ajaxurl, data, function(response) {
103	+ if(callback) {
104	+ callback(response);
105	+ }
106	+ }).fail(function(errorResponse){
107	+ if(failcallback) {
108	+ failcallback(errorResponse);
109	+ }
110	+ });
111	+ };
112	+ })();
113
114	var settings = {'facebook_for_woocommerce' : 1};
115	var pixel_settings = {'facebook_for_woocommerce' : 1};

changelog.txt CHANGED Viewed

	@@ -1,5 +1,9 @@
1	* Facebook for WooCommerce Changelog *
2	- 2019-02-26 - Version 1.9.12




3	* Remove dead code which causes exception (Issue 975)
4
5	2019-02-26 - Version 1.9.11


1	* Facebook for WooCommerce Changelog *
2	+ 2019-06-18 - Version 1.9.13
3	+ * Fix security issue
4	+ * Add more contributors to the plugin
5	+
6	+ 2019-05-02 - Version 1.9.12
7	* Remove dead code which causes exception (Issue 975)
8
9	2019-02-26 - Version 1.9.11

facebook-commerce-pixel-event.php CHANGED Viewed

@@ -44,7 +44,7 @@ document,'script','https://connect.facebook.net/en_US/fbevents.js');
+                }
                 // Initialize PixelID in storage - this will only need to happen when the
-            -
                // use is an admin
                 $pixel_id = self::get_pixel_id();
                 if (!WC_Facebookcommerce_Utils::is_valid_id($pixel_id) &&
                   class_exists('WC_Facebookcommerce_WarmConfig')) {
@@ -56,6 +56,16 @@ document,'script','https://connect.facebook.net/en_US/fbevents.js');
                     self::set_pixel_id($fb_warm_pixel_id);
+                  }
+                }
+              }
               /**
@@ -226,6 +236,27 @@ src=\"https://www.facebook.com/tr?id=%s&ev=PageView&noscript=1\"/>
                 update_option(self::SETTINGS_KEY, $fb_options);
+              }
               public static function get_basecode() {
                 return self::$default_pixel_basecode;
+              }


44	}
45
46	// Initialize PixelID in storage - this will only need to happen when the
47	+ // user is an admin
48	$pixel_id = self::get_pixel_id();
49	if (!WC_Facebookcommerce_Utils::is_valid_id($pixel_id) &&
50	class_exists('WC_Facebookcommerce_WarmConfig')) {

56	self::set_pixel_id($fb_warm_pixel_id);
57	}
58	}
59	+
60	+ $is_advanced_matching_enabled = self::get_use_pii_key();
61	+ if ($is_advanced_matching_enabled == null &&
62	+ class_exists('WC_Facebookcommerce_WarmConfig')) {
63	+ $fb_warm_is_advanced_matching_enabled =
64	+ WC_Facebookcommerce_WarmConfig::$fb_warm_is_advanced_matching_enabled;
65	+ if (is_bool($fb_warm_is_advanced_matching_enabled)) {
66	+ self::set_use_pii_key($fb_warm_is_advanced_matching_enabled ? 1 : 0);
67	+ }
68	+ }
69	}
70
71	/**

236	update_option(self::SETTINGS_KEY, $fb_options);
237	}
238
239	+ public static function get_use_pii_key() {
240	+ $fb_options = self::get_options();
241	+ if (!$fb_options) {
242	+ return null;
243	+ }
244	+ return isset($fb_options[self::USE_PII_KEY]) ?
245	+ $fb_options[self::USE_PII_KEY] : null;
246	+ }
247	+
248	+ public static function set_use_pii_key($use_pii) {
249	+ $fb_options = self::get_options();
250	+
251	+ if (isset($fb_options[self::USE_PII_KEY])
252	+ && $fb_options[self::USE_PII_KEY] == $use_pii) {
253	+ return;
254	+ }
255	+
256	+ $fb_options[self::USE_PII_KEY] = $use_pii;
257	+ update_option(self::SETTINGS_KEY, $fb_options);
258	+ }
259	+
260	public static function get_basecode() {
261	return self::$default_pixel_basecode;
262	}

facebook-commerce.php CHANGED Viewed

	@@ -1685,8 +1685,8 @@ class WC_Facebookcommerce_Integration extends WC_Integration {
1685	$this->display_warning_message('We\'ve detected that your
1686	Facebook Product Catalog is no longer valid. This may happen if it was
1687	deleted, or this may be a transient error.
1688	- If this error persists please ~~delete~~ your settings via
1689	- "~~Re-configure~~ ~~Facebook~~ ~~Settings~~ > Advanced Settings > ~~Delete Settings~~"
1690	and try setup again');
1691	wp_die();
1692	return;
	@@ -1821,8 +1821,8 @@ class WC_Facebookcommerce_Integration extends WC_Integration {
1821	$this->display_warning_message('We\'ve detected that your
1822	Facebook Product Catalog is no longer valid. This may happen if it was
1823	deleted, or this may be a transient error.
1824	- If this error persists please ~~delete~~ your settings via
1825	- "~~Re-configure~~ ~~Facebook~~ ~~Settings~~ > Advanced Settings > ~~Delete Settings~~"
1826	and try setup again');
1827	$this->fb_wp_die();
1828	return false;
	@@ -2109,6 +2109,7 @@ class WC_Facebookcommerce_Integration extends WC_Integration {
2109	<hr/>
2110
2111	<div id="fbsetup">

2112	<div class="wrapper">
2113	<header>
2114	<div class="help-center">
	@@ -2529,8 +2530,12 @@ class WC_Facebookcommerce_Integration extends WC_Integration {
2529	}
2530
2531	function ajax_update_fb_option() {

2532	WC_Facebookcommerce_Utils::check_woo_ajax_permissions('update fb options', true);
2533	- ~~if (isset(~~$~~_POST)~~ && ~~stripos(~~$_POST['~~option~~']~~, 'fb_') === 0) {~~



2534	update_option(sanitize_text_field($_POST['option']), sanitize_text_field($_POST['option_value']));
2535	}
2536	wp_die();


1685	$this->display_warning_message('We\'ve detected that your
1686	Facebook Product Catalog is no longer valid. This may happen if it was
1687	deleted, or this may be a transient error.
1688	+ If this error persists please remove your settings via
1689	+ "Advanced Options > Advanced Settings > Remove"
1690	and try setup again');
1691	wp_die();
1692	return;

1821	$this->display_warning_message('We\'ve detected that your
1822	Facebook Product Catalog is no longer valid. This may happen if it was
1823	deleted, or this may be a transient error.
1824	+ If this error persists please remove your settings via
1825	+ "Advanced Options > Advanced Settings > Remove"
1826	and try setup again');
1827	$this->fb_wp_die();
1828	return false;

2109	<hr/>
2110
2111	<div id="fbsetup">
2112	+ <form><?php wp_nonce_field('wp_ajax_ajax_update_fb_option'); ?></form>
2113	<div class="wrapper">
2114	<header>
2115	<div class="help-center">

2530	}
2531
2532	function ajax_update_fb_option() {
2533	+ WC_Facebookcommerce_Utils::check_ajax_referer();
2534	WC_Facebookcommerce_Utils::check_woo_ajax_permissions('update fb options', true);
2535	+ $wpnonce = $_POST['_wpnonce'];
2536	+ if (isset($_POST) &&
2537	+ stripos($_POST['option'], 'fb_') === 0 &&
2538	+ wp_verify_nonce($wpnonce, 'wp_ajax_ajax_update_fb_option')) {
2539	update_option(sanitize_text_field($_POST['option']), sanitize_text_field($_POST['option_value']));
2540	}
2541	wp_die();

facebook-config-warmer.php CHANGED Viewed

	@@ -15,6 +15,7 @@ if (!class_exists('WC_Facebookcommerce_WarmConfig')) :
15
16	class WC_Facebookcommerce_WarmConfig {
17	static $fb_warm_pixel_id = null;

18	}
19
20	endif;


15
16	class WC_Facebookcommerce_WarmConfig {
17	static $fb_warm_pixel_id = null;
18	+ static $fb_warm_is_advanced_matching_enabled = null;
19	}
20
21	endif;

facebook-for-woocommerce.php CHANGED Viewed

	@@ -10,7 +10,7 @@
10	* Description: Grow your business on Facebook! Use this official plugin to help sell more of your products using Facebook. After completing the setup, you'll be ready to create ads that promote your products and you can also create a shop section on your Page where customers can browse your products on Facebook.
11	* Author: Facebook
12	* Author URI: https://www.facebook.com/
13	- * Version: 1.9.12
14	* Woo: 2127297:0ea4fe4c2d7ca6338f8a322fb3e4e187
15	* Text Domain: facebook-for-woocommerce
16	* WC requires at least: 3.0.0


10	* Description: Grow your business on Facebook! Use this official plugin to help sell more of your products using Facebook. After completing the setup, you'll be ready to create ads that promote your products and you can also create a shop section on your Page where customers can browse your products on Facebook.
11	* Author: Facebook
12	* Author URI: https://www.facebook.com/
13	+ * Version: 1.9.13
14	* Woo: 2127297:0ea4fe4c2d7ca6338f8a322fb3e4e187
15	* Text Domain: facebook-for-woocommerce
16	* WC requires at least: 3.0.0

includes/fbutils.php CHANGED Viewed

	@@ -21,7 +21,7 @@ if (!class_exists('WC_Facebookcommerce_Utils')) :
21	class WC_Facebookcommerce_Utils {
22
23	const FB_RETAILER_ID_PREFIX = 'wc_post_id_';
24	- const PLUGIN_VERSION = '1.9.12'; // Change it in `facebook-for-*.php` also
25
26	const FB_VARIANT_IMAGE = 'fb_image';
27	const FB_VARIANT_SIZE = 'size';
	@@ -480,6 +480,20 @@ if (!class_exists('WC_Facebookcommerce_Utils')) :
480	get_option('fb_info_banner_last_best_tip', ''));
481	return $cached_best_tip;
482	}














483	}
484
485	endif;


21	class WC_Facebookcommerce_Utils {
22
23	const FB_RETAILER_ID_PREFIX = 'wc_post_id_';
24	+ const PLUGIN_VERSION = '1.9.13'; // Change it in `facebook-for-*.php` also
25
26	const FB_VARIANT_IMAGE = 'fb_image';
27	const FB_VARIANT_SIZE = 'size';

480	get_option('fb_info_banner_last_best_tip', ''));
481	return $cached_best_tip;
482	}
483	+
484	+ public static function check_ajax_referer() {
485	+ $http_referer = null;
486	+ if (!empty($_SERVER['HTTP_REFERER'])) {
487	+ $http_referer = wp_unslash($_SERVER['HTTP_REFERER']);
488	+ }
489	+ $wp_site = get_site_url();
490	+ $http_referer_url = parse_url($http_referer);
491	+ $wp_site_url = parse_url($wp_site_url);
492	+ if (!empty($http_referer_url) && !empty($wp_site_url) && $http_referer_url['host'] === $wp_site_url['host']) {
493	+ return;
494	+ }
495	+ wp_die('FBE: bad requests!');
496	+ }
497	}
498
499	endif;

readme.txt CHANGED Viewed

	@@ -1,9 +1,9 @@
1	=== Facebook for WooCommerce ===
2	- Contributors: facebook
3	Tags: facebook, shop, catalog, advertise, pixel, product
4	Requires at least: 4.4
5	Tested up to: 4.9.8
6	- Stable tag: 1.9.5
7	Requires PHP: 5.6
8	MySQL: 5.6 or greater
9	License: GPLv2 or later
	@@ -38,6 +38,10 @@ When opening a bug on GitHub, please give us as many details as possible.
38	* Current version of Facebook-for-WooCommerce, WooCommerce, Wordpress, PHP
39
40	== Changelog ==




41	= 1.9.12 - 2019-05-2 =
42	* Remove dead code which causes exception (Issue 975)
43
	@@ -54,7 +58,3 @@ When opening a bug on GitHub, please give us as many details as possible.
54	= 1.9.10 - 2019-02-11 =
55	* Add facebook support link, this will help merchants to reach out to facebook customer service.
56	* Make plugin wordpress compatible by removing woocommerce updater and removing woo_include
57	-
58	- = 1.9.9 - 2018-12-30 =
59	- * Fix issue with missing file in v1.9.8
60	- * Remove misleading content relating to Instagram which is not launched yet.


1	=== Facebook for WooCommerce ===
2	+ Contributors: facebook, automattic, woothemes
3	Tags: facebook, shop, catalog, advertise, pixel, product
4	Requires at least: 4.4
5	Tested up to: 4.9.8
6	+ Stable tag: 1.9.13
7	Requires PHP: 5.6
8	MySQL: 5.6 or greater
9	License: GPLv2 or later

38	* Current version of Facebook-for-WooCommerce, WooCommerce, Wordpress, PHP
39
40	== Changelog ==
41	+ = 1.9.13 - 2019-06-18 =
42	+ * Fix security issues
43	+ * Add more contributors to the plugin
44	+
45	= 1.9.12 - 2019-05-2 =
46	* Remove dead code which causes exception (Issue 975)
47

58	= 1.9.10 - 2019-02-11 =
59	* Add facebook support link, this will help merchants to reach out to facebook customer service.
60	* Make plugin wordpress compatible by removing woocommerce updater and removing woo_include