Flexible Shipping for WooCommerce

Version Description

2020-03-09 =
Added additional security hardenings
Fixed integrations link

Release Info

Developer	wpdesk
Plugin	Flexible Shipping for WooCommerce
Version	3.9.11
Comparing to
See all releases

Code changes from version 3.9.10 to 3.9.11

Files changed (23) hide show

classes/table-rate/bulk-actions.php +11 -11
classes/table-rate/csv/flexible-shipping-export.php +3 -3
classes/table-rate/flexible-shipping-settings.php +2 -2
classes/table-rate/settings/shipping-method-form.php +1 -1
classes/table-rate/shipping-method.php +32 -20
classes/table-rate/views/html-shipping-method-rules.php +3 -3
classes/table-rate/views/html-shipping-method-settings.php +8 -8
classes/tracker/tracker.php +1 -1
classes/wp-wpdesk-fs-shipment/admin-notices.php +2 -2
classes/wp-wpdesk-fs-shipment/class-order-add-shipping.php +3 -3
classes/wp-wpdesk-fs-shipment/manifest/cpt-shipping-manifest.php +8 -8
classes/wp-wpdesk-fs-shipment/metabox/ajax.php +2 -2
classes/wp-wpdesk-fs-shipment/shipment/cpt-shipment.php +2 -2
flexible-shipping.php +3 -3
readme.txt +5 -1
templates/cart/flexible-shipping/after-shipping-rate.php +1 -1
templates/email/after_order_table.php +2 -2
templates/email/after_order_table_checkout_field.php +2 -2
templates/myaccount/after_order_table.php +6 -3
templates/myaccount/after_order_table_checkout_field.php +2 -2
vendor/autoload.php +1 -1
vendor/composer/autoload_real.php +4 -4
vendor/composer/autoload_static.php +4 -4

classes/table-rate/bulk-actions.php CHANGED Viewed

	@@ -58,17 +58,17 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Bulk_Actions' ) ) {
58	$query = $wp_query;
59	$type = 'shop_order';
60	if ( isset( $_GET['post_type'] ) ) {
61	- $type = $_GET['post_type'];
62	}
63	if ( isset( $query->query_vars['post_type'] ) && $query->query_vars['post_type'] == 'shop_order' ) {
64	if ( 'shop_order' == $type && is_admin() && 'edit.php' == $pagenow ) {
65	$integration = '';
66	if (isset($_GET['flexible_shipping_integration_filter'])) {
67	- $integration = $_GET['flexible_shipping_integration_filter'];
68	}
69	$status = '';
70	if (isset($_GET['flexible_shipping_status_filter'])) {
71	- $status = $_GET['flexible_shipping_status_filter'];
72	}
73	if ( $integration != '' \|\| $status != '' ) {
74	$add_where_meta_integration = '';
	@@ -118,17 +118,17 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Bulk_Actions' ) ) {
118	global $pagenow;
119	$type = 'shop_order';
120	if ( isset( $_GET['post_type'] ) ) {
121	- $type = $_GET['post_type'];
122	}
123	if ( isset( $query->query_vars['post_type'] ) && $query->query_vars['post_type'] == 'shop_order' ) {
124	if ( 'shop_order' == $type && is_admin() && 'edit.php' == $pagenow ) {
125	$integration = '';
126	if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
127	- $integration = $_GET['flexible_shipping_integration_filter'];
128	}
129	$status = '';
130	if ( isset( $_GET['flexible_shipping_status_filter'] ) ) {
131	- $status = $_GET['flexible_shipping_status_filter'];
132	}
133	if ( $integration != '' \|\| $status != '' ) {
134	if ($integration != '') {
	@@ -172,11 +172,11 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Bulk_Actions' ) ) {
172	$statuses = apply_filters( 'flexible_shipping_status', array() );
173	$integration = '';
174	if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
175	- $integration = $_GET['flexible_shipping_integration_filter'];
176	}
177	$status = '';
178	if ( isset( $_GET['flexible_shipping_status_filter'] ) ) {
179	- $status = $_GET['flexible_shipping_status_filter'];
180	}
181	include( 'views/html-orders-filter-form.php' );
182	}
	@@ -425,14 +425,14 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Bulk_Actions' ) ) {
425
426	public function admin_notices() {
427	if ( ! empty( $_REQUEST['bulk_flexible_shipping_send'] ) ) {
428	- $bulk_flexible_shipping_send_count = intval( $_REQUEST['bulk_flexible_shipping_send'] );
429	printf( '<div id="message" class="updated fade"><p>' .
430	__( 'Bulk send shipment - processed orders: %d', 'flexible-shipping' ).
431	'</p></div>', $bulk_flexible_shipping_send_count
432	);
433	}
434	if ( ! empty( $_REQUEST['bulk_flexible_shipping_labels'] ) ) {
435	- $bulk_flexible_shipping_labels_count = intval( $_REQUEST['bulk_flexible_shipping_labels'] );
436	if ( ! empty( $_REQUEST['bulk_flexible_shipping_no_labels_created'] ) ) {
437	printf( '<div id="message" class="updated fade"><p>' .
438	__( 'Bulk labels - processed orders: %d. No labels for processed orders.', 'flexible-shipping' ) .
	@@ -461,7 +461,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Bulk_Actions' ) ) {
461	}
462	}
463	if ( ! empty( $_REQUEST['bulk_flexible_shipping_manifests'] ) ) {
464	- $bulk_flexible_shipping_manifest_count = intval( $_REQUEST['bulk_flexible_shipping_manifests'] );
465	printf( '<div id="message" class="updated fade"><p>' .
466	__( 'Bulk shipping manifest - processed orders: %d', 'flexible-shipping' ).
467	'</p></div>', $bulk_flexible_shipping_manifest_count


58	$query = $wp_query;
59	$type = 'shop_order';
60	if ( isset( $_GET['post_type'] ) ) {
61	+ $type = sanitize_key( $_GET['post_type'] );
62	}
63	if ( isset( $query->query_vars['post_type'] ) && $query->query_vars['post_type'] == 'shop_order' ) {
64	if ( 'shop_order' == $type && is_admin() && 'edit.php' == $pagenow ) {
65	$integration = '';
66	if (isset($_GET['flexible_shipping_integration_filter'])) {
67	+ $integration = sanitize_key( $_GET['flexible_shipping_integration_filter'] );
68	}
69	$status = '';
70	if (isset($_GET['flexible_shipping_status_filter'])) {
71	+ $status = sanitize_key( $_GET['flexible_shipping_status_filter'] );
72	}
73	if ( $integration != '' \|\| $status != '' ) {
74	$add_where_meta_integration = '';

118	global $pagenow;
119	$type = 'shop_order';
120	if ( isset( $_GET['post_type'] ) ) {
121	+ $type = sanitize_key( $_GET['post_type'] );
122	}
123	if ( isset( $query->query_vars['post_type'] ) && $query->query_vars['post_type'] == 'shop_order' ) {
124	if ( 'shop_order' == $type && is_admin() && 'edit.php' == $pagenow ) {
125	$integration = '';
126	if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
127	+ $integration = sanitize_key( $_GET['flexible_shipping_integration_filter'] );
128	}
129	$status = '';
130	if ( isset( $_GET['flexible_shipping_status_filter'] ) ) {
131	+ $status = sanitize_key( $_GET['flexible_shipping_status_filter'] );
132	}
133	if ( $integration != '' \|\| $status != '' ) {
134	if ($integration != '') {

172	$statuses = apply_filters( 'flexible_shipping_status', array() );
173	$integration = '';
174	if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
175	+ $integration = sanitize_key( $_GET['flexible_shipping_integration_filter'] );
176	}
177	$status = '';
178	if ( isset( $_GET['flexible_shipping_status_filter'] ) ) {
179	+ $status = sanitize_key( $_GET['flexible_shipping_status_filter'] );
180	}
181	include( 'views/html-orders-filter-form.php' );
182	}

425
426	public function admin_notices() {
427	if ( ! empty( $_REQUEST['bulk_flexible_shipping_send'] ) ) {
428	+ $bulk_flexible_shipping_send_count = intval( sanitize_text_field( $_REQUEST['bulk_flexible_shipping_send'] ) );
429	printf( '<div id="message" class="updated fade"><p>' .
430	__( 'Bulk send shipment - processed orders: %d', 'flexible-shipping' ).
431	'</p></div>', $bulk_flexible_shipping_send_count
432	);
433	}
434	if ( ! empty( $_REQUEST['bulk_flexible_shipping_labels'] ) ) {
435	+ $bulk_flexible_shipping_labels_count = intval( sanitize_text_field( $_REQUEST['bulk_flexible_shipping_labels'] ) );
436	if ( ! empty( $_REQUEST['bulk_flexible_shipping_no_labels_created'] ) ) {
437	printf( '<div id="message" class="updated fade"><p>' .
438	__( 'Bulk labels - processed orders: %d. No labels for processed orders.', 'flexible-shipping' ) .

461	}
462	}
463	if ( ! empty( $_REQUEST['bulk_flexible_shipping_manifests'] ) ) {
464	+ $bulk_flexible_shipping_manifest_count = intval( sanitize_text_field( $_REQUEST['bulk_flexible_shipping_manifests'] ) );
465	printf( '<div id="message" class="updated fade"><p>' .
466	__( 'Bulk shipping manifest - processed orders: %d', 'flexible-shipping' ).
467	'</p></div>', $bulk_flexible_shipping_manifest_count

classes/table-rate/csv/flexible-shipping-export.php CHANGED Viewed

	@@ -38,17 +38,17 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Export' ) ) {
38	$ret = array( 'status' => 'ok' );
39	$flexible_shipping_action = '';
40	if ( isset( $_REQUEST['flexible_shipping_action'] ) ) {
41	- $flexible_shipping_action = $_REQUEST['flexible_shipping_action'];
42	}
43	if ( $flexible_shipping_action == 'export' ) {
44	$instance_id = '';
45	if ( isset( $_REQUEST['instance_id'] ) ) {
46	- $instance_id = $_REQUEST['instance_id'];
47	}
48	$ret['instance_id'] = $instance_id;
49	$methods = '';
50	if ( isset( $_REQUEST['methods'] ) ) {
51	- $methods = $_REQUEST['methods'];
52	}
53	$methods_array = explode( ',', $methods );
54	$shipping_method = WC_Shipping_Zones::get_shipping_method( $instance_id );


38	$ret = array( 'status' => 'ok' );
39	$flexible_shipping_action = '';
40	if ( isset( $_REQUEST['flexible_shipping_action'] ) ) {
41	+ $flexible_shipping_action = sanitize_key( $_REQUEST['flexible_shipping_action'] );
42	}
43	if ( $flexible_shipping_action == 'export' ) {
44	$instance_id = '';
45	if ( isset( $_REQUEST['instance_id'] ) ) {
46	+ $instance_id = sanitize_key( $_REQUEST['instance_id'] );
47	}
48	$ret['instance_id'] = $instance_id;
49	$methods = '';
50	if ( isset( $_REQUEST['methods'] ) ) {
51	+ $methods = sanitize_text_field( $_REQUEST['methods'] );
52	}
53	$methods_array = explode( ',', $methods );
54	$shipping_method = WC_Shipping_Zones::get_shipping_method( $instance_id );

classes/table-rate/flexible-shipping-settings.php CHANGED Viewed

	@@ -70,8 +70,8 @@ class WPDesk_Flexible_Shipping_Settings extends WC_Shipping_Method {
70	*/
71	public function is_in_settings() {
72	if ( is_admin() && isset( $_GET['page'] ) && isset( $_GET['section'] ) ) {
73	- $page = $_GET['page'];
74	- $section = $_GET['section'];
75	if ( self::WOOCOMMERCE_PAGE_WC_SETTINGS === $page && self::METHOD_ID === $section ) {
76	return true;
77	}


70	*/
71	public function is_in_settings() {
72	if ( is_admin() && isset( $_GET['page'] ) && isset( $_GET['section'] ) ) {
73	+ $page = sanitize_key( $_GET['page'] );
74	+ $section = sanitize_key( $_GET['section'] );
75	if ( self::WOOCOMMERCE_PAGE_WC_SETTINGS === $page && self::METHOD_ID === $section ) {
76	return true;
77	}

classes/table-rate/settings/shipping-method-form.php CHANGED Viewed

	@@ -32,7 +32,7 @@ switch ( $base_location['country'] ) {
32	default:
33	$integrations = __( 'Integrate with DPD.', 'flexible-shipping' ) . '  ' .
34	// Translators: link.
35	- sprintf( __( '%1$sAdd integration%2$s', 'flexible-shipping' ), '<a class="button button-primary" href="https://~~www~~.~~wpdesk.net~~/products/dpd-uk-woocommerce/?utm_source=flexible-shipping-method&utm_medium=button&utm_campaign=flexible-shipping-integrations" target="_blank">', ' →</a>' );
36	break;
37	}
38


32	default:
33	$integrations = __( 'Integrate with DPD.', 'flexible-shipping' ) . '  ' .
34	// Translators: link.
35	+ sprintf( __( '%1$sAdd integration%2$s', 'flexible-shipping' ), '<a class="button button-primary" href="https://flexibleshipping.com/products/dpd-uk-dpd-local-woocommerce/?utm_source=flexible-shipping-method&utm_medium=button&utm_campaign=flexible-shipping-integrations" target="_blank">', ' →</a>' );
36	break;
37	}
38

classes/table-rate/shipping-method.php CHANGED Viewed

	@@ -239,7 +239,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
239	public function process_admin_options() {
240	$action = false;
241	if ( isset( $_POST['method_action'] ) ) {
242	- $action = $_POST['method_action'];
243	}
244	if ( $action == 'new' \|\| $action == 'edit' ) {
245	$this->add_method_creation_date();
	@@ -260,8 +260,8 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
260	$method_id_for_shipping = $this->id . '_' . $this->instance_id . '_' . $method_id;
261	}
262	else {
263	- $method_id = $_POST['method_id'];
264	- $method_id_for_shipping = $_POST['method_id_for_shipping'];
265	if ( isset( $shipping_methods[ $method_id ] ) ) {
266	$shipping_method = $shipping_methods[ $method_id ];
267	}
	@@ -269,17 +269,17 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
269	$shipping_method['woocommerce_method_instance_id'] = $this->instance_id;
270	$shipping_method['id'] = $method_id;
271	$shipping_method['id_for_shipping'] = $method_id_for_shipping;
272	- $shipping_method['method_title'] = wp_unslash( $_POST['woocommerce_' . $this->id . '_method_title'] );
273	- $shipping_method['method_description'] = wp_unslash( $_POST['woocommerce_' . $this->id . '_method_description'] );
274	$shipping_method[self::FIELD_METHOD_FREE_SHIPPING] = '';
275
276	if ( isset( $_POST['woocommerce_' . $this->id . '_method_free_shipping'] ) && $_POST['woocommerce_' . $this->id . '_method_free_shipping'] != '' ) {
277	- $shipping_method[self::FIELD_METHOD_FREE_SHIPPING] = wc_format_decimal( $_POST['woocommerce_' . $this->id . '_method_free_shipping'] );
278	}
279	if ( version_compare( WC()->version, '2.6' ) >= 0 ) {
280	- $shipping_method['method_free_shipping_label'] = wp_unslash( $_POST['woocommerce_' . $this->id . '_method_free_shipping_label'] );
281	}
282	- $shipping_method['method_calculation_method'] = $_POST['woocommerce_' . $this->id . '_method_calculation_method'];
283	$shipping_method['method_visibility'] = 'no';
284	if ( isset( $_POST['woocommerce_' . $this->id . '_method_visibility'] ) && $_POST['woocommerce_' . $this->id . '_method_visibility'] == 1 )
285	$shipping_method['method_visibility'] = 'yes';
	@@ -292,7 +292,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
292	if ( isset( $_POST['woocommerce_' . $this->id . '_method_enabled'] ) && $_POST['woocommerce_' . $this->id . '_method_enabled'] == 1 )
293	$shipping_method['method_enabled'] = 'yes';
294	//
295	- $shipping_method['method_integration'] = $_POST['woocommerce_' . $this->id . '_method_integration'];
296	//
297	$shipping_method = apply_filters( 'flexible_shipping_process_admin_options', $shipping_method );
298	//
	@@ -302,10 +302,10 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
302	foreach ( $_POST['method_rules'] as $rule ) {
303	$count++;
304	$method_rule = array();
305	- $method_rule['based_on'] = $rule['based_on'];
306	- $method_rule['min'] = wc_format_decimal( $rule['min'] );
307	- $method_rule['max'] = wc_format_decimal( $rule['max'] );
308	- $method_rule['cost_per_order'] = wc_format_decimal( $rule['cost_per_order'] );
309	$method_rule = apply_filters( 'flexible_shipping_method_rule_save', $method_rule, $rule );
310	$shipping_method['method_rules'][$count] = $method_rule;
311	}
	@@ -349,7 +349,19 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
349	else {
350	parent::process_admin_options();
351	if ( isset( $_POST['method_order'] ) ) {
352	- ~~update_option(~~ $~~this->shipping_method_order_option,~~ $_POST['method_order'] );












353	}
354	}
355	}
	@@ -367,7 +379,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
367	$action = false;
368	if ( isset( $_GET['action'] ) )
369	{
370	- $action = $_GET['action'];
371	}
372	if ( $action == 'new' \|\| $action == 'edit' ) {
373	$shipping_methods = get_option( $this->shipping_methods_option, array() );
	@@ -385,7 +397,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
385	);
386	$method_id = '';
387	if ( $action == 'edit' ) {
388	- $method_id = $_GET['method_id'];
389	$shipping_method = $shipping_methods[$method_id];
390	$method_id_for_shipping = $this->id . '_' . $this->instance_id . '_' . sanitize_title( $shipping_method['method_title'] );
391	$method_id_for_shipping = apply_filters( 'flexible_shipping_method_rate_id', $method_id_for_shipping, $shipping_method );
	@@ -405,7 +417,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
405	<?php endif; ?>
406	<?php
407	if ( isset( $_GET['added'] ) ) {
408	- $method_id = $_GET['added'];
409	$shipping_methods = get_option( $this->shipping_methods_option, array() );
410	if ( isset( $shipping_methods[$method_id] ) )
411	{
	@@ -423,7 +435,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
423	else if ( $action == 'delete' ) {
424	$methods_id = '';
425	if ( isset( $_GET['methods_id'] ) ) {
426	- $methods_id = explode( ',' , $_GET['methods_id'] );
427	}
428	$shipping_methods = get_option( $this->shipping_methods_option, array() );
429	$shipping_method_order = get_option( $this->shipping_method_order_option, array() );
	@@ -447,7 +459,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
447	}
448	else {
449	if ( isset( $_GET['added'] ) ) {
450	- $method_id = $_GET['added'];
451	$shipping_methods = get_option( $this->shipping_methods_option, array() );
452	if ( isset( $shipping_methods[$method_id] ) )
453	{
	@@ -460,7 +472,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
460	WC_Admin_Settings::show_messages();
461	}
462	if ( isset( $_GET['updated'] ) ) {
463	- $method_id = $_GET['updated'];
464	$shipping_methods = get_option( $this->shipping_methods_option, array() );
465	if ( isset( $shipping_methods[$method_id] ) )
466	{


239	public function process_admin_options() {
240	$action = false;
241	if ( isset( $_POST['method_action'] ) ) {
242	+ $action = sanitize_key( $_POST['method_action'] );
243	}
244	if ( $action == 'new' \|\| $action == 'edit' ) {
245	$this->add_method_creation_date();

260	$method_id_for_shipping = $this->id . '_' . $this->instance_id . '_' . $method_id;
261	}
262	else {
263	+ $method_id = sanitize_text_field( wp_unslash( $_POST['method_id'] ) );
264	+ $method_id_for_shipping = sanitize_text_field( wp_unslash( $_POST['method_id_for_shipping'] ) );
265	if ( isset( $shipping_methods[ $method_id ] ) ) {
266	$shipping_method = $shipping_methods[ $method_id ];
267	}

269	$shipping_method['woocommerce_method_instance_id'] = $this->instance_id;
270	$shipping_method['id'] = $method_id;
271	$shipping_method['id_for_shipping'] = $method_id_for_shipping;
272	+ $shipping_method['method_title'] = sanitize_text_field( wp_unslash( $_POST['woocommerce_' . $this->id . '_method_title'] ) );
273	+ $shipping_method['method_description'] = sanitize_text_field( wp_unslash( $_POST['woocommerce_' . $this->id . '_method_description'] ) );
274	$shipping_method[self::FIELD_METHOD_FREE_SHIPPING] = '';
275
276	if ( isset( $_POST['woocommerce_' . $this->id . '_method_free_shipping'] ) && $_POST['woocommerce_' . $this->id . '_method_free_shipping'] != '' ) {
277	+ $shipping_method[self::FIELD_METHOD_FREE_SHIPPING] = wc_format_decimal( sanitize_text_field( wp_unslash( $_POST['woocommerce_' . $this->id . '_method_free_shipping'] ) ) );
278	}
279	if ( version_compare( WC()->version, '2.6' ) >= 0 ) {
280	+ $shipping_method['method_free_shipping_label'] = sanitize_text_field( wp_unslash( $_POST['woocommerce_' . $this->id . '_method_free_shipping_label'] ) );
281	}
282	+ $shipping_method['method_calculation_method'] = sanitize_text_field( wp_unslash( $_POST['woocommerce_' . $this->id . '_method_calculation_method'] ) );
283	$shipping_method['method_visibility'] = 'no';
284	if ( isset( $_POST['woocommerce_' . $this->id . '_method_visibility'] ) && $_POST['woocommerce_' . $this->id . '_method_visibility'] == 1 )
285	$shipping_method['method_visibility'] = 'yes';

292	if ( isset( $_POST['woocommerce_' . $this->id . '_method_enabled'] ) && $_POST['woocommerce_' . $this->id . '_method_enabled'] == 1 )
293	$shipping_method['method_enabled'] = 'yes';
294	//
295	+ $shipping_method['method_integration'] = sanitize_text_field( wp_unslash( $_POST['woocommerce_' . $this->id . '_method_integration'] ) );
296	//
297	$shipping_method = apply_filters( 'flexible_shipping_process_admin_options', $shipping_method );
298	//

302	foreach ( $_POST['method_rules'] as $rule ) {
303	$count++;
304	$method_rule = array();
305	+ $method_rule['based_on'] = sanitize_text_field( wp_unslash( $rule['based_on'] ) );
306	+ $method_rule['min'] = wc_format_decimal( sanitize_text_field( wp_unslash( $rule['min'] ) ) );
307	+ $method_rule['max'] = wc_format_decimal( sanitize_text_field( wp_unslash( $rule['max'] ) ) );
308	+ $method_rule['cost_per_order'] = wc_format_decimal( sanitize_text_field( wp_unslash( $rule['cost_per_order'] ) ) );
309	$method_rule = apply_filters( 'flexible_shipping_method_rule_save', $method_rule, $rule );
310	$shipping_method['method_rules'][$count] = $method_rule;
311	}

349	else {
350	parent::process_admin_options();
351	if ( isset( $_POST['method_order'] ) ) {
352	+ $method_order = $_POST['method_order'];
353	+ $method_order_security_alert = false;
354	+ foreach ( $method_order as $method_order_key => $method_id ) {
355	+ if ( strval( $method_order_key ) !== strval( sanitize_key( $method_order_key ) ) \|\| strval( $method_id ) !== strval( sanitize_key( $method_id ) ) ) {
356	+ $method_order_security_alert = true;
357	+ }
358	+ }
359	+ if ( $method_order_security_alert ) {
360	+ WC_Admin_Settings::add_error( __( 'Flexible Shipping: security check error. Shipping method order not saved!', 'flexible-shipping' ) );
361	+ WC_Admin_Settings::show_messages();
362	+ } else {
363	+ update_option( $this->shipping_method_order_option, $method_order );
364	+ }
365	}
366	}
367	}

379	$action = false;
380	if ( isset( $_GET['action'] ) )
381	{
382	+ $action = sanitize_key( $_GET['action'] );
383	}
384	if ( $action == 'new' \|\| $action == 'edit' ) {
385	$shipping_methods = get_option( $this->shipping_methods_option, array() );

397	);
398	$method_id = '';
399	if ( $action == 'edit' ) {
400	+ $method_id = sanitize_key( $_GET['method_id'] );
401	$shipping_method = $shipping_methods[$method_id];
402	$method_id_for_shipping = $this->id . '_' . $this->instance_id . '_' . sanitize_title( $shipping_method['method_title'] );
403	$method_id_for_shipping = apply_filters( 'flexible_shipping_method_rate_id', $method_id_for_shipping, $shipping_method );

417	<?php endif; ?>
418	<?php
419	if ( isset( $_GET['added'] ) ) {
420	+ $method_id = sanitize_key( $_GET['added'] );
421	$shipping_methods = get_option( $this->shipping_methods_option, array() );
422	if ( isset( $shipping_methods[$method_id] ) )
423	{

435	else if ( $action == 'delete' ) {
436	$methods_id = '';
437	if ( isset( $_GET['methods_id'] ) ) {
438	+ $methods_id = explode( ',' , sanitize_text_field( $_GET['methods_id'] ) );
439	}
440	$shipping_methods = get_option( $this->shipping_methods_option, array() );
441	$shipping_method_order = get_option( $this->shipping_method_order_option, array() );

459	}
460	else {
461	if ( isset( $_GET['added'] ) ) {
462	+ $method_id = sanitize_key( $_GET['added'] );
463	$shipping_methods = get_option( $this->shipping_methods_option, array() );
464	if ( isset( $shipping_methods[$method_id] ) )
465	{

472	WC_Admin_Settings::show_messages();
473	}
474	if ( isset( $_GET['updated'] ) ) {
475	+ $method_id = sanitize_key( $_GET['updated'] );
476	$shipping_methods = get_option( $this->shipping_methods_option, array() );
477	if ( isset( $shipping_methods[$method_id] ) )
478	{

classes/table-rate/views/html-shipping-method-rules.php CHANGED Viewed

	@@ -226,11 +226,11 @@
226	?>
227	<script type="text/javascript">
228	<?php
229	- $zone = WC_Shipping_Zones::get_zone_by( 'instance_id', $_GET['instance_id'] );
230	- $shipping_method_woo = WC_Shipping_Zones::get_shipping_method( $_GET['instance_id'] );
231	$content = '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping' ) . '">' . __( 'Shipping Zones', 'woocommerce' ) . '</a> &gt ';
232	$content .= '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping&zone_id=' . absint( $zone->get_id() ) ) . '">' . esc_html( $zone->get_zone_name() ) . '</a> &gt ';
233	- $content .= '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping&instance_id=' . $_GET['instance_id'] ) . '">' . esc_html( $shipping_method_woo->get_title() ) . '</a>';
234	if ( isset( $data['method_title'] ) && $data['method_title'] != '' ) {
235	$content .= ' &gt ';
236	$content .= esc_html( $data['method_title'] );


226	?>
227	<script type="text/javascript">
228	<?php
229	+ $zone = WC_Shipping_Zones::get_zone_by( 'instance_id', sanitize_key( $_GET['instance_id'] ) );
230	+ $shipping_method_woo = WC_Shipping_Zones::get_shipping_method( sanitize_key( $_GET['instance_id'] ) );
231	$content = '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping' ) . '">' . __( 'Shipping Zones', 'woocommerce' ) . '</a> &gt ';
232	$content .= '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping&zone_id=' . absint( $zone->get_id() ) ) . '">' . esc_html( $zone->get_zone_name() ) . '</a> &gt ';
233	+ $content .= '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping&instance_id=' . sanitize_key( $_GET['instance_id'] ) ) . '">' . esc_html( $shipping_method_woo->get_title() ) . '</a>';
234	if ( isset( $data['method_title'] ) && $data['method_title'] != '' ) {
235	$content .= ' &gt ';
236	$content .= esc_html( $data['method_title'] );

classes/table-rate/views/html-shipping-method-settings.php CHANGED Viewed

	@@ -20,8 +20,8 @@
20	<?php if ( isset( $shipping_method_order ) && is_array( $shipping_method_order ) ) : ?>
21	<?php foreach ( $shipping_method_order as $shipping_method_id ) : $shipping_method = $shipping_methods[$shipping_method_id]; ?>
22	<?php $tr_class = ''; ?>
23	- <?php if ( isset( $_GET['added'] ) && $_GET['added'] == $shipping_method_id ) $tr_class = 'highlight'; ?>
24	- <?php if ( isset( $_GET['updated'] ) && $_GET['updated'] == $shipping_method_id ) $tr_class = 'highlight'; ?>
25	<tr id="method_<?php echo $shipping_method_id; ?>" class="<?php echo $tr_class; ?>">
26	<td width="1%" class="sort">
27	<input type="hidden" name="method_order[<?php echo esc_attr( $shipping_method['id'] ); ?>]" value="<?php echo esc_attr( $shipping_method['id'] ); ?>" />
	@@ -76,8 +76,8 @@
76	<input id="flexible_shipping_import_file" type="file" name="import_file" style="display:none;" accept=".csv" />
77	<input id="flexible_shipping_import_action" type="hidden" name="import_action" value="0" />
78	<button id="flexible_shipping_import_cancel" class="button" style="display:none;"><?php _e( 'Cancel import', 'flexible-shipping' ); ?></button>
79	- <input id="flexible_shipping_do_import" style="display:none;" class="button button-primary" data-instance-id="<?php echo isset( $_GET['instance_id'] ) ? $_GET['instance_id'] : '1'; ?>" data-nonce="<?php echo wp_create_nonce( "flexible_shipping" ); ?>" type="submit" value="<?php _e( 'Import', 'flexible-shipping' ); ?>" />
80	- <button id="flexible_shipping_import" class="button" data-instance-id="<?php isset( $_GET['instance_id'] ) ? $_GET['instance_id'] : '1'; ?>" data-nonce="<?php echo wp_create_nonce( "flexible_shipping" ); ?>" ><?php _e( 'Import', 'flexible-shipping' ); ?></button>
81	<?php do_action( 'flexible_shipping_actions_row' ); ?>
82	</div>
83	<div style="clear:both;"></div>
	@@ -101,8 +101,8 @@
101	if( version_compare( WC()->version, '2.6.0', ">=" ) ) :
102	?>
103	<?php
104	- $zone = WC_Shipping_Zones::get_zone_by( 'instance_id', $_GET['instance_id'] );
105	- $shipping_method_woo = WC_Shipping_Zones::get_shipping_method( $_GET['instance_id'] );
106	$content = '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping' ) . '">' . __( 'Shipping Zones', 'woocommerce' ) . '</a> &gt ';
107	$content .= '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping&zone_id=' . absint( $zone->get_id() ) ) . '">' . esc_html( $zone->get_zone_name() ) . '</a> &gt';
108	$content .= esc_html( $shipping_method_woo->get_title() );
	@@ -111,7 +111,7 @@
111
112	<?php
113	global $wp;
114	- $current_url = 'admin.php?page=wc-settings&tab=shipping&instance_id=' . $_GET['instance_id'];
115	?>
116
117	jQuery('#mainform').attr('action', '<?php echo $current_url; ?>' );
	@@ -194,7 +194,7 @@
194	})
195
196	<?php
197	- if ( isset( $_POST['import_action'] ) && $_POST['import_action'] == '1' ) {
198	?>
199	jQuery('.updated.inline:lt(1)').hide();
200	jQuery('.updated.inline:lt(2)').hide();


20	<?php if ( isset( $shipping_method_order ) && is_array( $shipping_method_order ) ) : ?>
21	<?php foreach ( $shipping_method_order as $shipping_method_id ) : $shipping_method = $shipping_methods[$shipping_method_id]; ?>
22	<?php $tr_class = ''; ?>
23	+ <?php if ( isset( $_GET['added'] ) && sanitize_key( $_GET['added'] ) == $shipping_method_id ) $tr_class = 'highlight'; ?>
24	+ <?php if ( isset( $_GET['updated'] ) && sanitize_key( $_GET['updated'] ) == $shipping_method_id ) $tr_class = 'highlight'; ?>
25	<tr id="method_<?php echo $shipping_method_id; ?>" class="<?php echo $tr_class; ?>">
26	<td width="1%" class="sort">
27	<input type="hidden" name="method_order[<?php echo esc_attr( $shipping_method['id'] ); ?>]" value="<?php echo esc_attr( $shipping_method['id'] ); ?>" />

76	<input id="flexible_shipping_import_file" type="file" name="import_file" style="display:none;" accept=".csv" />
77	<input id="flexible_shipping_import_action" type="hidden" name="import_action" value="0" />
78	<button id="flexible_shipping_import_cancel" class="button" style="display:none;"><?php _e( 'Cancel import', 'flexible-shipping' ); ?></button>
79	+ <input id="flexible_shipping_do_import" style="display:none;" class="button button-primary" data-instance-id="<?php echo isset( $_GET['instance_id'] ) ? sanitize_key( $_GET['instance_id'] ) : '1'; ?>" data-nonce="<?php echo wp_create_nonce( "flexible_shipping" ); ?>" type="submit" value="<?php _e( 'Import', 'flexible-shipping' ); ?>" />
80	+ <button id="flexible_shipping_import" class="button" data-instance-id="<?php isset( $_GET['instance_id'] ) ? sanitize_key( $_GET['instance_id'] ) : '1'; ?>" data-nonce="<?php echo wp_create_nonce( "flexible_shipping" ); ?>" ><?php _e( 'Import', 'flexible-shipping' ); ?></button>
81	<?php do_action( 'flexible_shipping_actions_row' ); ?>
82	</div>
83	<div style="clear:both;"></div>

101	if( version_compare( WC()->version, '2.6.0', ">=" ) ) :
102	?>
103	<?php
104	+ $zone = WC_Shipping_Zones::get_zone_by( 'instance_id', sanitize_key( $_GET['instance_id'] ) );
105	+ $shipping_method_woo = WC_Shipping_Zones::get_shipping_method( sanitize_key( $_GET['instance_id'] ) );
106	$content = '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping' ) . '">' . __( 'Shipping Zones', 'woocommerce' ) . '</a> &gt ';
107	$content .= '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping&zone_id=' . absint( $zone->get_id() ) ) . '">' . esc_html( $zone->get_zone_name() ) . '</a> &gt';
108	$content .= esc_html( $shipping_method_woo->get_title() );

111
112	<?php
113	global $wp;
114	+ $current_url = 'admin.php?page=wc-settings&tab=shipping&instance_id=' . sanitize_key( $_GET['instance_id'] );
115	?>
116
117	jQuery('#mainform').attr('action', '<?php echo $current_url; ?>' );

194	})
195
196	<?php
197	+ if ( isset( $_POST['import_action'] ) && sanitize_key( $_POST['import_action'] ) == '1' ) {
198	?>
199	jQuery('.updated.inline:lt(1)').hide();
200	jQuery('.updated.inline:lt(2)').hide();

classes/tracker/tracker.php CHANGED Viewed

	@@ -179,7 +179,7 @@ class WPDesk_Flexible_Shipping_Tracker implements Hookable {
179	public function wpdesk_tracker_notice_screens( $screens ) {
180	$current_screen = get_current_screen();
181	if ( 'woocommerce_page_wc-settings' === $current_screen->id ) {
182	- if ( isset( $_GET['tab'] ) && 'shipping' === $_GET['tab'] ) {
183	$screens[] = $current_screen->id;
184	}
185	}


179	public function wpdesk_tracker_notice_screens( $screens ) {
180	$current_screen = get_current_screen();
181	if ( 'woocommerce_page_wc-settings' === $current_screen->id ) {
182	+ if ( isset( $_GET['tab'] ) && 'shipping' === sanitize_key( $_GET['tab'] ) ) {
183	$screens[] = $current_screen->id;
184	}
185	}

classes/wp-wpdesk-fs-shipment/admin-notices.php CHANGED Viewed

	@@ -135,8 +135,8 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Admin_Notices' ) ) {
135	* @return bool
136	*/
137	public function is_in_zones() {
138	- if ( isset( $_GET['page'] ) && $_GET['page'] == 'wc-settings'
139	- && isset( $_GET['tab'] ) && $_GET['tab'] == 'shipping'
140	&& ( !isset( $_GET['section'] ) \|\| $_GET['section'] == '' )
141	) {
142	return true;


135	* @return bool
136	*/
137	public function is_in_zones() {
138	+ if ( isset( $_GET['page'] ) && sanitize_key( $_GET['page'] ) == 'wc-settings'
139	+ && isset( $_GET['tab'] ) && sanitize_key( $_GET['tab'] ) == 'shipping'
140	&& ( !isset( $_GET['section'] ) \|\| $_GET['section'] == '' )
141	) {
142	return true;

classes/wp-wpdesk-fs-shipment/class-order-add-shipping.php CHANGED Viewed

	@@ -30,10 +30,10 @@ class WPDesk_Flexible_Shipping_Add_Shipping implements \FSVendor\WPDesk\PluginBu
30	private function add_shipping( $integration ) {
31	$class_name = apply_filters( 'flexible_shipping_shipment_class', 'WPDesk_Flexible_Shipping_Shipment_' . $integration, $integration );
32	if ( class_exists( $class_name ) ) {
33	- $order = wc_get_order( $_GET['post'] );
34	if ( $order ) {
35	$order_id = $order->get_id();
36	- $integration = $_GET['fs_add_shipping'];
37	// Translators: order id and integration.
38	$post_title = sprintf( __( 'Shipment for order %1$s, %2$s', 'flexible-shipping' ), $order_id, $integration );
39	$shipment_post = array(
	@@ -63,7 +63,7 @@ class WPDesk_Flexible_Shipping_Add_Shipping implements \FSVendor\WPDesk\PluginBu
63	if ( isset( $_GET['fs_add_shipping'] ) && isset( $_GET['post'] ) ) {
64	if ( isset( $_GET['_wpnonce'] ) ) {
65	if ( wp_verify_nonce( $_GET['_wpnonce'], 'fs_add_shipping' ) ) {
66	- $integration = $_GET['fs_add_shipping'];
67	$this->add_shipping( $integration );
68	}
69	}


30	private function add_shipping( $integration ) {
31	$class_name = apply_filters( 'flexible_shipping_shipment_class', 'WPDesk_Flexible_Shipping_Shipment_' . $integration, $integration );
32	if ( class_exists( $class_name ) ) {
33	+ $order = wc_get_order( sanitize_key( $_GET['post'] ) );
34	if ( $order ) {
35	$order_id = $order->get_id();
36	+ $integration = sanitize_key( $_GET['fs_add_shipping'] );
37	// Translators: order id and integration.
38	$post_title = sprintf( __( 'Shipment for order %1$s, %2$s', 'flexible-shipping' ), $order_id, $integration );
39	$shipment_post = array(

63	if ( isset( $_GET['fs_add_shipping'] ) && isset( $_GET['post'] ) ) {
64	if ( isset( $_GET['_wpnonce'] ) ) {
65	if ( wp_verify_nonce( $_GET['_wpnonce'], 'fs_add_shipping' ) ) {
66	+ $integration = sanitize_key( $_GET['fs_add_shipping'] );
67	$this->add_shipping( $integration );
68	}
69	}

classes/wp-wpdesk-fs-shipment/manifest/cpt-shipping-manifest.php CHANGED Viewed

	@@ -214,14 +214,14 @@ class WPDesk_Flexible_Shipping_Shipping_Manifest_CPT {
214
215	public function cancel_manifest() {
216	if ( !empty( $_GET['flexible_shipping_cancel_manifest'] ) && !empty( $_GET['nonce'] ) ) {
217	- $nonce = $_GET['nonce'];
218	if ( !wp_verify_nonce( $nonce, 'flexible_shipping_cancel_manifest' ) ) {
219	echo __( 'Invalid nonce!', 'flexible-shipping' );
220	exit;
221	}
222	$sendback = admin_url( 'edit.php?post_type=shipping_manifest' );
223	try {
224	- $shipping_manifest_id = $_GET['flexible_shipping_cancel_manifest'];
225	$shipping_manifest = fs_get_manifest( $shipping_manifest_id );
226	$shipping_manifest->cancel();
227	fs_delete_manifest( $shipping_manifest );
	@@ -238,12 +238,12 @@ class WPDesk_Flexible_Shipping_Shipping_Manifest_CPT {
238
239	public function download_manifest() {
240	if ( !empty( $_GET['flexible_shipping_download_manifest'] ) && !empty( $_GET['nonce'] ) ) {
241	- $nonce = $_GET['nonce'];
242	if ( !wp_verify_nonce( $nonce, 'flexible_shipping_download_manifest' ) ) {
243	echo __( 'Invalid nonce!', 'flexible-shipping' );
244	}
245	try {
246	- $shipping_manifest_id = $_GET['flexible_shipping_download_manifest'];
247	$shipping_manifest = fs_get_manifest( $shipping_manifest_id );
248	$manifest = $shipping_manifest->get_manifest();
249	header( "Content-type: application/octet-stream" );
	@@ -291,7 +291,7 @@ class WPDesk_Flexible_Shipping_Shipping_Manifest_CPT {
291	}
292	$integration = '';
293	if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
294	- $integration = $_GET['flexible_shipping_integration_filter'];
295	}
296	include( 'views/filter-form.php' );
297	}
	@@ -301,13 +301,13 @@ class WPDesk_Flexible_Shipping_Shipping_Manifest_CPT {
301	global $pagenow;
302	$type = 'shipping_manifest';
303	if ( isset( $_GET['post_type'] ) ) {
304	- $type = $_GET['post_type'];
305	}
306	if ( isset( $query->query_vars['post_type'] ) && $query->query_vars['post_type'] == 'shipping_manifest' ) {
307	if ( 'shipping_manifest' == $type && is_admin() && 'edit.php' == $pagenow ) {
308	$integration = '';
309	if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
310	- $integration = $_GET['flexible_shipping_integration_filter'];
311	}
312	if ( $integration != '' ) {
313	if ($integration != '') {
	@@ -325,4 +325,4 @@ class WPDesk_Flexible_Shipping_Shipping_Manifest_CPT {
325	}
326
327
328	- }


214
215	public function cancel_manifest() {
216	if ( !empty( $_GET['flexible_shipping_cancel_manifest'] ) && !empty( $_GET['nonce'] ) ) {
217	+ $nonce = sanitize_text_field( $_GET['nonce'] );
218	if ( !wp_verify_nonce( $nonce, 'flexible_shipping_cancel_manifest' ) ) {
219	echo __( 'Invalid nonce!', 'flexible-shipping' );
220	exit;
221	}
222	$sendback = admin_url( 'edit.php?post_type=shipping_manifest' );
223	try {
224	+ $shipping_manifest_id = sanitize_key( $_GET['flexible_shipping_cancel_manifest'] );
225	$shipping_manifest = fs_get_manifest( $shipping_manifest_id );
226	$shipping_manifest->cancel();
227	fs_delete_manifest( $shipping_manifest );

238
239	public function download_manifest() {
240	if ( !empty( $_GET['flexible_shipping_download_manifest'] ) && !empty( $_GET['nonce'] ) ) {
241	+ $nonce = sanitize_text_field( $_GET['nonce'] );
242	if ( !wp_verify_nonce( $nonce, 'flexible_shipping_download_manifest' ) ) {
243	echo __( 'Invalid nonce!', 'flexible-shipping' );
244	}
245	try {
246	+ $shipping_manifest_id = sanitize_key( $_GET['flexible_shipping_download_manifest'] );
247	$shipping_manifest = fs_get_manifest( $shipping_manifest_id );
248	$manifest = $shipping_manifest->get_manifest();
249	header( "Content-type: application/octet-stream" );

291	}
292	$integration = '';
293	if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
294	+ $integration = sanitize_key( $_GET['flexible_shipping_integration_filter'] );
295	}
296	include( 'views/filter-form.php' );
297	}

301	global $pagenow;
302	$type = 'shipping_manifest';
303	if ( isset( $_GET['post_type'] ) ) {
304	+ $type = sanitize_key( $_GET['post_type'] );
305	}
306	if ( isset( $query->query_vars['post_type'] ) && $query->query_vars['post_type'] == 'shipping_manifest' ) {
307	if ( 'shipping_manifest' == $type && is_admin() && 'edit.php' == $pagenow ) {
308	$integration = '';
309	if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
310	+ $integration = sanitize_key( $_GET['flexible_shipping_integration_filter'] );
311	}
312	if ( $integration != '' ) {
313	if ($integration != '') {

325	}
326
327
328	+ }

classes/wp-wpdesk-fs-shipment/metabox/ajax.php CHANGED Viewed

	@@ -20,7 +20,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Shipment_Ajax' ) ) {
20	public function wp_ajax_flexible_shipping() {
21	$json = array('status' => 'fail');
22	$json['message'] = __( 'Unknown error!', 'flexible-shipping' );
23	- if ( empty( $_REQUEST['nonce'] ) \|\| !wp_verify_nonce( $_REQUEST['nonce'], 'flexible_shipping_shipment_nonce' ) ) {
24	$json['status'] = 'fail';
25	$json['message'] = __( 'Nonce verification error! Invalid request.', 'flexible-shipping' );
26	}
	@@ -34,7 +34,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Shipment_Ajax' ) ) {
34	}
35	else {
36	$shipment = fs_get_shipment( intval( $_REQUEST['shipment_id'] ) );
37	- $action = $_REQUEST['fs_action'];
38	$data = $_REQUEST['data'];
39	try {
40	$ajax_request = $shipment->ajax_request( $action, $data );


20	public function wp_ajax_flexible_shipping() {
21	$json = array('status' => 'fail');
22	$json['message'] = __( 'Unknown error!', 'flexible-shipping' );
23	+ if ( empty( $_REQUEST['nonce'] ) \|\| !wp_verify_nonce( sanitize_text_field( $_REQUEST['nonce'] ), 'flexible_shipping_shipment_nonce' ) ) {
24	$json['status'] = 'fail';
25	$json['message'] = __( 'Nonce verification error! Invalid request.', 'flexible-shipping' );
26	}

34	}
35	else {
36	$shipment = fs_get_shipment( intval( $_REQUEST['shipment_id'] ) );
37	+ $action = sanitize_key( $_REQUEST['fs_action'] );
38	$data = $_REQUEST['data'];
39	try {
40	$ajax_request = $shipment->ajax_request( $action, $data );

classes/wp-wpdesk-fs-shipment/shipment/cpt-shipment.php CHANGED Viewed

	@@ -185,13 +185,13 @@ class WPDesk_Flexible_Shipping_Shipment_CPT {
185
186	public function flexible_shipping_get_label() {
187	if ( !empty( $_GET['flexible_shipping_get_label'] ) && !empty( $_GET['nonce'] ) ) {
188	- $nonce = $_GET['nonce'];
189	if ( !wp_verify_nonce( $nonce, 'flexible_shipping_get_label' ) ) {
190	echo __( 'Invalid nonce!', 'flexible-shipping' );
191	exit;
192	}
193	try {
194	- $shipment_id = $_GET['flexible_shipping_get_label'];
195	$shipment = fs_get_shipment( $shipment_id );
196	$label_data = $shipment->get_label();
197	header( "Content-type: application/octet-stream" );


185
186	public function flexible_shipping_get_label() {
187	if ( !empty( $_GET['flexible_shipping_get_label'] ) && !empty( $_GET['nonce'] ) ) {
188	+ $nonce = sanitize_text_field( $_GET['nonce'] );
189	if ( !wp_verify_nonce( $nonce, 'flexible_shipping_get_label' ) ) {
190	echo __( 'Invalid nonce!', 'flexible-shipping' );
191	exit;
192	}
193	try {
194	+ $shipment_id = sanitize_key( $_GET['flexible_shipping_get_label'] );
195	$shipment = fs_get_shipment( $shipment_id );
196	$label_data = $shipment->get_label();
197	header( "Content-type: application/octet-stream" );

flexible-shipping.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: Flexible Shipping
4	* Plugin URI: https://wordpress.org/plugins/flexible-shipping/
5	* Description: Create additional shipment methods in WooCommerce and enable pricing based on cart weight or total.
6	- * Version: 3.9.10
7	* Author: WP Desk
8	* Author URI: https://www.wpdesk.net/
9	* Text Domain: flexible-shipping
	@@ -11,7 +11,7 @@
11	* Requires at least: 4.5
12	* Tested up to: 5.3.2
13	* WC requires at least: 3.1.0
14	- * WC tested up to: 3.9.2
15	* Requires PHP: 5.6
16	*
17	* Copyright 2017 WP Desk Ltd.
	@@ -38,7 +38,7 @@ if ( ! defined( 'ABSPATH' ) ) {
38	} // Exit if accessed directly
39
40	/* THESE TWO VARIABLES CAN BE CHANGED AUTOMATICALLY */
41	- $plugin_version = '3.9.10';
42	$plugin_release_timestamp = '2020-02-17 14:35';
43
44	$plugin_name = 'Flexible Shipping';


3	* Plugin Name: Flexible Shipping
4	* Plugin URI: https://wordpress.org/plugins/flexible-shipping/
5	* Description: Create additional shipment methods in WooCommerce and enable pricing based on cart weight or total.
6	+ * Version: 3.9.11
7	* Author: WP Desk
8	* Author URI: https://www.wpdesk.net/
9	* Text Domain: flexible-shipping

11	* Requires at least: 4.5
12	* Tested up to: 5.3.2
13	* WC requires at least: 3.1.0
14	+ * WC tested up to: 3.9.3
15	* Requires PHP: 5.6
16	*
17	* Copyright 2017 WP Desk Ltd.

38	} // Exit if accessed directly
39
40	/* THESE TWO VARIABLES CAN BE CHANGED AUTOMATICALLY */
41	+ $plugin_version = '3.9.11';
42	$plugin_release_timestamp = '2020-02-17 14:35';
43
44	$plugin_name = 'Flexible Shipping';

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: https://flexibleshipping.com/table-rate/
4	Tags: table rate, table rate shipping, woocommerce shipping, flexible shipping, woocommerce table rate shipping, cart based shipping, weight shipping, weight based shipping, totals based shipping, order based shipping, shipping zones, shipping classes
5	Requires at least: 4.5
6	Tested up to: 5.3.2
7	- Stable tag: 3.9.10
8	Requires PHP: 5.6
9	License: GPLv3 or later
10	License URI: http://www.gnu.org/licenses/gpl-3.0.html
	@@ -171,6 +171,10 @@ If you are upgrading from the old Flexible Shipping version (1.3.2, woo-flexible
171
172	== Changelog ==
173




174	= 3.9.10 - 2020-03-02 =
175	* Added bulk labels functionality - ability to print multiple labels in one file
176


4	Tags: table rate, table rate shipping, woocommerce shipping, flexible shipping, woocommerce table rate shipping, cart based shipping, weight shipping, weight based shipping, totals based shipping, order based shipping, shipping zones, shipping classes
5	Requires at least: 4.5
6	Tested up to: 5.3.2
7	+ Stable tag: 3.9.11
8	Requires PHP: 5.6
9	License: GPLv3 or later
10	License URI: http://www.gnu.org/licenses/gpl-3.0.html

171
172	== Changelog ==
173
174	+ = 3.9.11 - 2020-03-09 =
175	+ * Added additional security hardenings
176	+ * Fixed integrations link
177	+
178	= 3.9.10 - 2020-03-02 =
179	* Added bulk labels functionality - ability to print multiple labels in one file
180

templates/cart/flexible-shipping/after-shipping-rate.php CHANGED Viewed

	@@ -12,5 +12,5 @@ if ( ! defined( 'ABSPATH' ) ) {
12	?>
13
14	<p class="shipping-method-description">
15	- <?php echo $method_description; ?>
16	</p>


12	?>
13
14	<p class="shipping-method-description">
15	+ <?php echo esc_html( $method_description ); ?>
16	</p>

templates/email/after_order_table.php CHANGED Viewed

	@@ -6,12 +6,12 @@
6	*
7	* @author WP Desk
8	* @version 1.0.0
9	- */
10	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
11	?>
12	<h2><?php _e( 'Shipment', 'flexible-shipping' ); ?></h2>
13	<?php foreach ( $shipments as $shipment ) : ?>
14	<p>
15	- <?php _e( 'Track shipment: ', 'flexible-shipping' ); ?><a target="_blank" href="<?php echo $shipment['tracking_url']; ?>"><?php echo $shipment['tracking_number']; ?></a>
16	</p>
17	<?php endforeach; ?>


6	*
7	* @author WP Desk
8	* @version 1.0.0
9	+ */
10	if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
11	?>
12	<h2><?php _e( 'Shipment', 'flexible-shipping' ); ?></h2>
13	<?php foreach ( $shipments as $shipment ) : ?>
14	<p>
15	+ <?php esc_html_e( 'Track shipment: ', 'flexible-shipping' ); ?><a target="_blank" href="<?php echo esc_attr( $shipment['tracking_url'] ); ?>"><?php echo esc_html( $shipment['tracking_number'] ); ?></a>
16	</p>
17	<?php endforeach; ?>

templates/email/after_order_table_checkout_field.php CHANGED Viewed

	@@ -16,7 +16,7 @@ if ( ! defined( 'ABSPATH' ) ) {
16	exit;
17	} // Exit if accessed directly
18	?>
19	- <h2><?php echo $field_label; ~~/* phpcs:ignore */~~ ?></h2>
20	<p>
21	- <?php echo $field_value; ~~/* phpcs:ignore */~~ ?>
22	</p>


16	exit;
17	} // Exit if accessed directly
18	?>
19	+ <h2><?php echo esc_html( $field_label ); ?></h2>
20	<p>
21	+ <?php echo esc_html( $field_value ); ?>
22	</p>

templates/myaccount/after_order_table.php CHANGED Viewed

	@@ -7,11 +7,14 @@
7	* @author WP Desk
8	* @version 1.0.0
9	*/
10	- ~~if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly~~



11	?>
12	- <h2><?php _e( 'Shipment', 'flexible-shipping' ); ?></h2>
13	<?php foreach ( $shipments as $shipment ) : ?>
14	<p>
15	- <?php _e( 'Track shipment: ', 'flexible-shipping' ); ?><a target="_blank" href="<?php echo $shipment['tracking_url']; ?>"><?php echo $shipment['tracking_number']; ?></a>
16	</p>
17	<?php endforeach; ?>


7	* @author WP Desk
8	* @version 1.0.0
9	*/
10	+
11	+ if ( ! defined( 'ABSPATH' ) ) {
12	+ exit; // Exit if accessed directly.
13	+ }
14	?>
15	+ <h2><?php esc_html_e( 'Shipment', 'flexible-shipping' ); ?></h2>
16	<?php foreach ( $shipments as $shipment ) : ?>
17	<p>
18	+ <?php esc_html_e( 'Track shipment: ', 'flexible-shipping' ); ?><a target="_blank" href="<?php echo esc_attr( $shipment['tracking_url'] ); ?>"><?php echo esc_attr( $shipment['tracking_number'] ); ?></a>
19	</p>
20	<?php endforeach; ?>

templates/myaccount/after_order_table_checkout_field.php CHANGED Viewed

	@@ -16,7 +16,7 @@ if ( ! defined( 'ABSPATH' ) ) {
16	exit;
17	} // Exit if accessed directly
18	?>
19	- <h2><?php echo $field_label; ~~/* phpcs:ignore */~~ ?></h2>
20	<p>
21	- <?php echo $field_value; ~~/* phpcs:ignore */~~ ?>
22	</p>


16	exit;
17	} // Exit if accessed directly
18	?>
19	+ <h2><?php echo esc_html( $field_label ); ?></h2>
20	<p>
21	+ <?php echo esc_html( $field_value ); ?>
22	</p>

vendor/autoload.php CHANGED Viewed

	@@ -4,4 +4,4 @@
4
5	require_once __DIR__ . '/composer/autoload_real.php';
6
7	- return ~~ComposerAutoloaderInit57fb0a1fdd483f653392652aa77134ec~~::getLoader();


4
5	require_once __DIR__ . '/composer/autoload_real.php';
6
7	+ return ComposerAutoloaderInite8b2dea9a12e7d1dfee420665a16a727::getLoader();

vendor/composer/autoload_real.php CHANGED Viewed

	@@ -2,7 +2,7 @@
2
3	// autoload_real.php @generated by Composer
4
5	- class ~~ComposerAutoloaderInit57fb0a1fdd483f653392652aa77134ec~~
6	{
7	private static $loader;
8
	@@ -19,15 +19,15 @@ class ComposerAutoloaderInit57fb0a1fdd483f653392652aa77134ec
19	return self::$loader;
20	}
21
22	- spl_autoload_register(array('~~ComposerAutoloaderInit57fb0a1fdd483f653392652aa77134ec~~', 'loadClassLoader'), true, true);
23	self::$loader = $loader = new \Composer\Autoload\ClassLoader();
24	- spl_autoload_unregister(array('~~ComposerAutoloaderInit57fb0a1fdd483f653392652aa77134ec~~', 'loadClassLoader'));
25
26	$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') \|\| !zend_loader_file_encoded());
27	if ($useStaticLoader) {
28	require_once __DIR__ . '/autoload_static.php';
29
30	- call_user_func(\Composer\Autoload\~~ComposerStaticInit57fb0a1fdd483f653392652aa77134ec~~::getInitializer($loader));
31	} else {
32	$map = require __DIR__ . '/autoload_namespaces.php';
33	foreach ($map as $namespace => $path) {


2
3	// autoload_real.php @generated by Composer
4
5	+ class ComposerAutoloaderInite8b2dea9a12e7d1dfee420665a16a727
6	{
7	private static $loader;
8

19	return self::$loader;
20	}
21
22	+ spl_autoload_register(array('ComposerAutoloaderInite8b2dea9a12e7d1dfee420665a16a727', 'loadClassLoader'), true, true);
23	self::$loader = $loader = new \Composer\Autoload\ClassLoader();
24	+ spl_autoload_unregister(array('ComposerAutoloaderInite8b2dea9a12e7d1dfee420665a16a727', 'loadClassLoader'));
25
26	$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') \|\| !zend_loader_file_encoded());
27	if ($useStaticLoader) {
28	require_once __DIR__ . '/autoload_static.php';
29
30	+ call_user_func(\Composer\Autoload\ComposerStaticInite8b2dea9a12e7d1dfee420665a16a727::getInitializer($loader));
31	} else {
32	$map = require __DIR__ . '/autoload_namespaces.php';
33	foreach ($map as $namespace => $path) {

vendor/composer/autoload_static.php CHANGED Viewed

	@@ -4,7 +4,7 @@
4
5	namespace Composer\Autoload;
6
7	- class ~~ComposerStaticInit57fb0a1fdd483f653392652aa77134ec~~
8	{
9	public static $prefixLengthsPsr4 = array (
10	'P' =>
	@@ -358,9 +358,9 @@ class ComposerStaticInit57fb0a1fdd483f653392652aa77134ec
358	public static function getInitializer(ClassLoader $loader)
359	{
360	return \Closure::bind(function () use ($loader) {
361	- $loader->prefixLengthsPsr4 = ~~ComposerStaticInit57fb0a1fdd483f653392652aa77134ec~~::$prefixLengthsPsr4;
362	- $loader->prefixDirsPsr4 = ~~ComposerStaticInit57fb0a1fdd483f653392652aa77134ec~~::$prefixDirsPsr4;
363	- $loader->classMap = ~~ComposerStaticInit57fb0a1fdd483f653392652aa77134ec~~::$classMap;
364
365	}, null, ClassLoader::class);
366	}


4
5	namespace Composer\Autoload;
6
7	+ class ComposerStaticInite8b2dea9a12e7d1dfee420665a16a727
8	{
9	public static $prefixLengthsPsr4 = array (
10	'P' =>

358	public static function getInitializer(ClassLoader $loader)
359	{
360	return \Closure::bind(function () use ($loader) {
361	+ $loader->prefixLengthsPsr4 = ComposerStaticInite8b2dea9a12e7d1dfee420665a16a727::$prefixLengthsPsr4;
362	+ $loader->prefixDirsPsr4 = ComposerStaticInite8b2dea9a12e7d1dfee420665a16a727::$prefixDirsPsr4;
363	+ $loader->classMap = ComposerStaticInite8b2dea9a12e7d1dfee420665a16a727::$classMap;
364
365	}, null, ClassLoader::class);
366	}

Flexible Shipping for WooCommerce - Version 3.9.11

Version Description

Release Info

Code changes from version 3.9.10 to 3.9.11