Version Description
- 2020-03-09 =
- Added additional security hardenings
- Fixed integrations link
Download this release
Release Info
Developer | wpdesk |
Plugin | Flexible Shipping for WooCommerce |
Version | 3.9.11 |
Comparing to | |
See all releases |
Code changes from version 3.9.10 to 3.9.11
- classes/table-rate/bulk-actions.php +11 -11
- classes/table-rate/csv/flexible-shipping-export.php +3 -3
- classes/table-rate/flexible-shipping-settings.php +2 -2
- classes/table-rate/settings/shipping-method-form.php +1 -1
- classes/table-rate/shipping-method.php +32 -20
- classes/table-rate/views/html-shipping-method-rules.php +3 -3
- classes/table-rate/views/html-shipping-method-settings.php +8 -8
- classes/tracker/tracker.php +1 -1
- classes/wp-wpdesk-fs-shipment/admin-notices.php +2 -2
- classes/wp-wpdesk-fs-shipment/class-order-add-shipping.php +3 -3
- classes/wp-wpdesk-fs-shipment/manifest/cpt-shipping-manifest.php +8 -8
- classes/wp-wpdesk-fs-shipment/metabox/ajax.php +2 -2
- classes/wp-wpdesk-fs-shipment/shipment/cpt-shipment.php +2 -2
- flexible-shipping.php +3 -3
- readme.txt +5 -1
- templates/cart/flexible-shipping/after-shipping-rate.php +1 -1
- templates/email/after_order_table.php +2 -2
- templates/email/after_order_table_checkout_field.php +2 -2
- templates/myaccount/after_order_table.php +6 -3
- templates/myaccount/after_order_table_checkout_field.php +2 -2
- vendor/autoload.php +1 -1
- vendor/composer/autoload_real.php +4 -4
- vendor/composer/autoload_static.php +4 -4
classes/table-rate/bulk-actions.php
CHANGED
@@ -58,17 +58,17 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Bulk_Actions' ) ) {
|
|
58 |
$query = $wp_query;
|
59 |
$type = 'shop_order';
|
60 |
if ( isset( $_GET['post_type'] ) ) {
|
61 |
-
$type = $_GET['post_type'];
|
62 |
}
|
63 |
if ( isset( $query->query_vars['post_type'] ) && $query->query_vars['post_type'] == 'shop_order' ) {
|
64 |
if ( 'shop_order' == $type && is_admin() && 'edit.php' == $pagenow ) {
|
65 |
$integration = '';
|
66 |
if (isset($_GET['flexible_shipping_integration_filter'])) {
|
67 |
-
$integration = $_GET['flexible_shipping_integration_filter'];
|
68 |
}
|
69 |
$status = '';
|
70 |
if (isset($_GET['flexible_shipping_status_filter'])) {
|
71 |
-
$status = $_GET['flexible_shipping_status_filter'];
|
72 |
}
|
73 |
if ( $integration != '' || $status != '' ) {
|
74 |
$add_where_meta_integration = '';
|
@@ -118,17 +118,17 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Bulk_Actions' ) ) {
|
|
118 |
global $pagenow;
|
119 |
$type = 'shop_order';
|
120 |
if ( isset( $_GET['post_type'] ) ) {
|
121 |
-
$type = $_GET['post_type'];
|
122 |
}
|
123 |
if ( isset( $query->query_vars['post_type'] ) && $query->query_vars['post_type'] == 'shop_order' ) {
|
124 |
if ( 'shop_order' == $type && is_admin() && 'edit.php' == $pagenow ) {
|
125 |
$integration = '';
|
126 |
if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
|
127 |
-
$integration = $_GET['flexible_shipping_integration_filter'];
|
128 |
}
|
129 |
$status = '';
|
130 |
if ( isset( $_GET['flexible_shipping_status_filter'] ) ) {
|
131 |
-
$status = $_GET['flexible_shipping_status_filter'];
|
132 |
}
|
133 |
if ( $integration != '' || $status != '' ) {
|
134 |
if ($integration != '') {
|
@@ -172,11 +172,11 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Bulk_Actions' ) ) {
|
|
172 |
$statuses = apply_filters( 'flexible_shipping_status', array() );
|
173 |
$integration = '';
|
174 |
if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
|
175 |
-
$integration = $_GET['flexible_shipping_integration_filter'];
|
176 |
}
|
177 |
$status = '';
|
178 |
if ( isset( $_GET['flexible_shipping_status_filter'] ) ) {
|
179 |
-
$status = $_GET['flexible_shipping_status_filter'];
|
180 |
}
|
181 |
include( 'views/html-orders-filter-form.php' );
|
182 |
}
|
@@ -425,14 +425,14 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Bulk_Actions' ) ) {
|
|
425 |
|
426 |
public function admin_notices() {
|
427 |
if ( ! empty( $_REQUEST['bulk_flexible_shipping_send'] ) ) {
|
428 |
-
$bulk_flexible_shipping_send_count = intval( $_REQUEST['bulk_flexible_shipping_send'] );
|
429 |
printf( '<div id="message" class="updated fade"><p>' .
|
430 |
__( 'Bulk send shipment - processed orders: %d', 'flexible-shipping' ).
|
431 |
'</p></div>', $bulk_flexible_shipping_send_count
|
432 |
);
|
433 |
}
|
434 |
if ( ! empty( $_REQUEST['bulk_flexible_shipping_labels'] ) ) {
|
435 |
-
$bulk_flexible_shipping_labels_count = intval( $_REQUEST['bulk_flexible_shipping_labels'] );
|
436 |
if ( ! empty( $_REQUEST['bulk_flexible_shipping_no_labels_created'] ) ) {
|
437 |
printf( '<div id="message" class="updated fade"><p>' .
|
438 |
__( 'Bulk labels - processed orders: %d. No labels for processed orders.', 'flexible-shipping' ) .
|
@@ -461,7 +461,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Bulk_Actions' ) ) {
|
|
461 |
}
|
462 |
}
|
463 |
if ( ! empty( $_REQUEST['bulk_flexible_shipping_manifests'] ) ) {
|
464 |
-
$bulk_flexible_shipping_manifest_count = intval( $_REQUEST['bulk_flexible_shipping_manifests'] );
|
465 |
printf( '<div id="message" class="updated fade"><p>' .
|
466 |
__( 'Bulk shipping manifest - processed orders: %d', 'flexible-shipping' ).
|
467 |
'</p></div>', $bulk_flexible_shipping_manifest_count
|
58 |
$query = $wp_query;
|
59 |
$type = 'shop_order';
|
60 |
if ( isset( $_GET['post_type'] ) ) {
|
61 |
+
$type = sanitize_key( $_GET['post_type'] );
|
62 |
}
|
63 |
if ( isset( $query->query_vars['post_type'] ) && $query->query_vars['post_type'] == 'shop_order' ) {
|
64 |
if ( 'shop_order' == $type && is_admin() && 'edit.php' == $pagenow ) {
|
65 |
$integration = '';
|
66 |
if (isset($_GET['flexible_shipping_integration_filter'])) {
|
67 |
+
$integration = sanitize_key( $_GET['flexible_shipping_integration_filter'] );
|
68 |
}
|
69 |
$status = '';
|
70 |
if (isset($_GET['flexible_shipping_status_filter'])) {
|
71 |
+
$status = sanitize_key( $_GET['flexible_shipping_status_filter'] );
|
72 |
}
|
73 |
if ( $integration != '' || $status != '' ) {
|
74 |
$add_where_meta_integration = '';
|
118 |
global $pagenow;
|
119 |
$type = 'shop_order';
|
120 |
if ( isset( $_GET['post_type'] ) ) {
|
121 |
+
$type = sanitize_key( $_GET['post_type'] );
|
122 |
}
|
123 |
if ( isset( $query->query_vars['post_type'] ) && $query->query_vars['post_type'] == 'shop_order' ) {
|
124 |
if ( 'shop_order' == $type && is_admin() && 'edit.php' == $pagenow ) {
|
125 |
$integration = '';
|
126 |
if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
|
127 |
+
$integration = sanitize_key( $_GET['flexible_shipping_integration_filter'] );
|
128 |
}
|
129 |
$status = '';
|
130 |
if ( isset( $_GET['flexible_shipping_status_filter'] ) ) {
|
131 |
+
$status = sanitize_key( $_GET['flexible_shipping_status_filter'] );
|
132 |
}
|
133 |
if ( $integration != '' || $status != '' ) {
|
134 |
if ($integration != '') {
|
172 |
$statuses = apply_filters( 'flexible_shipping_status', array() );
|
173 |
$integration = '';
|
174 |
if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
|
175 |
+
$integration = sanitize_key( $_GET['flexible_shipping_integration_filter'] );
|
176 |
}
|
177 |
$status = '';
|
178 |
if ( isset( $_GET['flexible_shipping_status_filter'] ) ) {
|
179 |
+
$status = sanitize_key( $_GET['flexible_shipping_status_filter'] );
|
180 |
}
|
181 |
include( 'views/html-orders-filter-form.php' );
|
182 |
}
|
425 |
|
426 |
public function admin_notices() {
|
427 |
if ( ! empty( $_REQUEST['bulk_flexible_shipping_send'] ) ) {
|
428 |
+
$bulk_flexible_shipping_send_count = intval( sanitize_text_field( $_REQUEST['bulk_flexible_shipping_send'] ) );
|
429 |
printf( '<div id="message" class="updated fade"><p>' .
|
430 |
__( 'Bulk send shipment - processed orders: %d', 'flexible-shipping' ).
|
431 |
'</p></div>', $bulk_flexible_shipping_send_count
|
432 |
);
|
433 |
}
|
434 |
if ( ! empty( $_REQUEST['bulk_flexible_shipping_labels'] ) ) {
|
435 |
+
$bulk_flexible_shipping_labels_count = intval( sanitize_text_field( $_REQUEST['bulk_flexible_shipping_labels'] ) );
|
436 |
if ( ! empty( $_REQUEST['bulk_flexible_shipping_no_labels_created'] ) ) {
|
437 |
printf( '<div id="message" class="updated fade"><p>' .
|
438 |
__( 'Bulk labels - processed orders: %d. No labels for processed orders.', 'flexible-shipping' ) .
|
461 |
}
|
462 |
}
|
463 |
if ( ! empty( $_REQUEST['bulk_flexible_shipping_manifests'] ) ) {
|
464 |
+
$bulk_flexible_shipping_manifest_count = intval( sanitize_text_field( $_REQUEST['bulk_flexible_shipping_manifests'] ) );
|
465 |
printf( '<div id="message" class="updated fade"><p>' .
|
466 |
__( 'Bulk shipping manifest - processed orders: %d', 'flexible-shipping' ).
|
467 |
'</p></div>', $bulk_flexible_shipping_manifest_count
|
classes/table-rate/csv/flexible-shipping-export.php
CHANGED
@@ -38,17 +38,17 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Export' ) ) {
|
|
38 |
$ret = array( 'status' => 'ok' );
|
39 |
$flexible_shipping_action = '';
|
40 |
if ( isset( $_REQUEST['flexible_shipping_action'] ) ) {
|
41 |
-
$flexible_shipping_action = $_REQUEST['flexible_shipping_action'];
|
42 |
}
|
43 |
if ( $flexible_shipping_action == 'export' ) {
|
44 |
$instance_id = '';
|
45 |
if ( isset( $_REQUEST['instance_id'] ) ) {
|
46 |
-
$instance_id = $_REQUEST['instance_id'];
|
47 |
}
|
48 |
$ret['instance_id'] = $instance_id;
|
49 |
$methods = '';
|
50 |
if ( isset( $_REQUEST['methods'] ) ) {
|
51 |
-
$methods = $_REQUEST['methods'];
|
52 |
}
|
53 |
$methods_array = explode( ',', $methods );
|
54 |
$shipping_method = WC_Shipping_Zones::get_shipping_method( $instance_id );
|
38 |
$ret = array( 'status' => 'ok' );
|
39 |
$flexible_shipping_action = '';
|
40 |
if ( isset( $_REQUEST['flexible_shipping_action'] ) ) {
|
41 |
+
$flexible_shipping_action = sanitize_key( $_REQUEST['flexible_shipping_action'] );
|
42 |
}
|
43 |
if ( $flexible_shipping_action == 'export' ) {
|
44 |
$instance_id = '';
|
45 |
if ( isset( $_REQUEST['instance_id'] ) ) {
|
46 |
+
$instance_id = sanitize_key( $_REQUEST['instance_id'] );
|
47 |
}
|
48 |
$ret['instance_id'] = $instance_id;
|
49 |
$methods = '';
|
50 |
if ( isset( $_REQUEST['methods'] ) ) {
|
51 |
+
$methods = sanitize_text_field( $_REQUEST['methods'] );
|
52 |
}
|
53 |
$methods_array = explode( ',', $methods );
|
54 |
$shipping_method = WC_Shipping_Zones::get_shipping_method( $instance_id );
|
classes/table-rate/flexible-shipping-settings.php
CHANGED
@@ -70,8 +70,8 @@ class WPDesk_Flexible_Shipping_Settings extends WC_Shipping_Method {
|
|
70 |
*/
|
71 |
public function is_in_settings() {
|
72 |
if ( is_admin() && isset( $_GET['page'] ) && isset( $_GET['section'] ) ) {
|
73 |
-
$page = $_GET['page'];
|
74 |
-
$section = $_GET['section'];
|
75 |
if ( self::WOOCOMMERCE_PAGE_WC_SETTINGS === $page && self::METHOD_ID === $section ) {
|
76 |
return true;
|
77 |
}
|
70 |
*/
|
71 |
public function is_in_settings() {
|
72 |
if ( is_admin() && isset( $_GET['page'] ) && isset( $_GET['section'] ) ) {
|
73 |
+
$page = sanitize_key( $_GET['page'] );
|
74 |
+
$section = sanitize_key( $_GET['section'] );
|
75 |
if ( self::WOOCOMMERCE_PAGE_WC_SETTINGS === $page && self::METHOD_ID === $section ) {
|
76 |
return true;
|
77 |
}
|
classes/table-rate/settings/shipping-method-form.php
CHANGED
@@ -32,7 +32,7 @@ switch ( $base_location['country'] ) {
|
|
32 |
default:
|
33 |
$integrations = __( 'Integrate with DPD.', 'flexible-shipping' ) . ' ' .
|
34 |
// Translators: link.
|
35 |
-
sprintf( __( '%1$sAdd integration%2$s', 'flexible-shipping' ), '<a class="button button-primary" href="https://
|
36 |
break;
|
37 |
}
|
38 |
|
32 |
default:
|
33 |
$integrations = __( 'Integrate with DPD.', 'flexible-shipping' ) . ' ' .
|
34 |
// Translators: link.
|
35 |
+
sprintf( __( '%1$sAdd integration%2$s', 'flexible-shipping' ), '<a class="button button-primary" href="https://flexibleshipping.com/products/dpd-uk-dpd-local-woocommerce/?utm_source=flexible-shipping-method&utm_medium=button&utm_campaign=flexible-shipping-integrations" target="_blank">', ' →</a>' );
|
36 |
break;
|
37 |
}
|
38 |
|
classes/table-rate/shipping-method.php
CHANGED
@@ -239,7 +239,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
|
|
239 |
public function process_admin_options() {
|
240 |
$action = false;
|
241 |
if ( isset( $_POST['method_action'] ) ) {
|
242 |
-
$action = $_POST['method_action'];
|
243 |
}
|
244 |
if ( $action == 'new' || $action == 'edit' ) {
|
245 |
$this->add_method_creation_date();
|
@@ -260,8 +260,8 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
|
|
260 |
$method_id_for_shipping = $this->id . '_' . $this->instance_id . '_' . $method_id;
|
261 |
}
|
262 |
else {
|
263 |
-
$method_id = $_POST['method_id'];
|
264 |
-
$method_id_for_shipping = $_POST['method_id_for_shipping'];
|
265 |
if ( isset( $shipping_methods[ $method_id ] ) ) {
|
266 |
$shipping_method = $shipping_methods[ $method_id ];
|
267 |
}
|
@@ -269,17 +269,17 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
|
|
269 |
$shipping_method['woocommerce_method_instance_id'] = $this->instance_id;
|
270 |
$shipping_method['id'] = $method_id;
|
271 |
$shipping_method['id_for_shipping'] = $method_id_for_shipping;
|
272 |
-
$shipping_method['method_title'] = wp_unslash( $_POST['woocommerce_' . $this->id . '_method_title'] );
|
273 |
-
$shipping_method['method_description'] = wp_unslash( $_POST['woocommerce_' . $this->id . '_method_description'] );
|
274 |
$shipping_method[self::FIELD_METHOD_FREE_SHIPPING] = '';
|
275 |
|
276 |
if ( isset( $_POST['woocommerce_' . $this->id . '_method_free_shipping'] ) && $_POST['woocommerce_' . $this->id . '_method_free_shipping'] != '' ) {
|
277 |
-
$shipping_method[self::FIELD_METHOD_FREE_SHIPPING] = wc_format_decimal( $_POST['woocommerce_' . $this->id . '_method_free_shipping'] );
|
278 |
}
|
279 |
if ( version_compare( WC()->version, '2.6' ) >= 0 ) {
|
280 |
-
$shipping_method['method_free_shipping_label'] = wp_unslash( $_POST['woocommerce_' . $this->id . '_method_free_shipping_label'] );
|
281 |
}
|
282 |
-
$shipping_method['method_calculation_method'] = $_POST['woocommerce_' . $this->id . '_method_calculation_method'];
|
283 |
$shipping_method['method_visibility'] = 'no';
|
284 |
if ( isset( $_POST['woocommerce_' . $this->id . '_method_visibility'] ) && $_POST['woocommerce_' . $this->id . '_method_visibility'] == 1 )
|
285 |
$shipping_method['method_visibility'] = 'yes';
|
@@ -292,7 +292,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
|
|
292 |
if ( isset( $_POST['woocommerce_' . $this->id . '_method_enabled'] ) && $_POST['woocommerce_' . $this->id . '_method_enabled'] == 1 )
|
293 |
$shipping_method['method_enabled'] = 'yes';
|
294 |
//
|
295 |
-
$shipping_method['method_integration'] = $_POST['woocommerce_' . $this->id . '_method_integration'];
|
296 |
//
|
297 |
$shipping_method = apply_filters( 'flexible_shipping_process_admin_options', $shipping_method );
|
298 |
//
|
@@ -302,10 +302,10 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
|
|
302 |
foreach ( $_POST['method_rules'] as $rule ) {
|
303 |
$count++;
|
304 |
$method_rule = array();
|
305 |
-
$method_rule['based_on'] = $rule['based_on'];
|
306 |
-
$method_rule['min'] = wc_format_decimal( $rule['min'] );
|
307 |
-
$method_rule['max'] = wc_format_decimal( $rule['max'] );
|
308 |
-
$method_rule['cost_per_order'] = wc_format_decimal( $rule['cost_per_order'] );
|
309 |
$method_rule = apply_filters( 'flexible_shipping_method_rule_save', $method_rule, $rule );
|
310 |
$shipping_method['method_rules'][$count] = $method_rule;
|
311 |
}
|
@@ -349,7 +349,19 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
|
|
349 |
else {
|
350 |
parent::process_admin_options();
|
351 |
if ( isset( $_POST['method_order'] ) ) {
|
352 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
353 |
}
|
354 |
}
|
355 |
}
|
@@ -367,7 +379,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
|
|
367 |
$action = false;
|
368 |
if ( isset( $_GET['action'] ) )
|
369 |
{
|
370 |
-
$action = $_GET['action'];
|
371 |
}
|
372 |
if ( $action == 'new' || $action == 'edit' ) {
|
373 |
$shipping_methods = get_option( $this->shipping_methods_option, array() );
|
@@ -385,7 +397,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
|
|
385 |
);
|
386 |
$method_id = '';
|
387 |
if ( $action == 'edit' ) {
|
388 |
-
$method_id = $_GET['method_id'];
|
389 |
$shipping_method = $shipping_methods[$method_id];
|
390 |
$method_id_for_shipping = $this->id . '_' . $this->instance_id . '_' . sanitize_title( $shipping_method['method_title'] );
|
391 |
$method_id_for_shipping = apply_filters( 'flexible_shipping_method_rate_id', $method_id_for_shipping, $shipping_method );
|
@@ -405,7 +417,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
|
|
405 |
<?php endif; ?>
|
406 |
<?php
|
407 |
if ( isset( $_GET['added'] ) ) {
|
408 |
-
$method_id = $_GET['added'];
|
409 |
$shipping_methods = get_option( $this->shipping_methods_option, array() );
|
410 |
if ( isset( $shipping_methods[$method_id] ) )
|
411 |
{
|
@@ -423,7 +435,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
|
|
423 |
else if ( $action == 'delete' ) {
|
424 |
$methods_id = '';
|
425 |
if ( isset( $_GET['methods_id'] ) ) {
|
426 |
-
$methods_id = explode( ',' , $_GET['methods_id'] );
|
427 |
}
|
428 |
$shipping_methods = get_option( $this->shipping_methods_option, array() );
|
429 |
$shipping_method_order = get_option( $this->shipping_method_order_option, array() );
|
@@ -447,7 +459,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
|
|
447 |
}
|
448 |
else {
|
449 |
if ( isset( $_GET['added'] ) ) {
|
450 |
-
$method_id = $_GET['added'];
|
451 |
$shipping_methods = get_option( $this->shipping_methods_option, array() );
|
452 |
if ( isset( $shipping_methods[$method_id] ) )
|
453 |
{
|
@@ -460,7 +472,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping' ) ) {
|
|
460 |
WC_Admin_Settings::show_messages();
|
461 |
}
|
462 |
if ( isset( $_GET['updated'] ) ) {
|
463 |
-
$method_id = $_GET['updated'];
|
464 |
$shipping_methods = get_option( $this->shipping_methods_option, array() );
|
465 |
if ( isset( $shipping_methods[$method_id] ) )
|
466 |
{
|
239 |
public function process_admin_options() {
|
240 |
$action = false;
|
241 |
if ( isset( $_POST['method_action'] ) ) {
|
242 |
+
$action = sanitize_key( $_POST['method_action'] );
|
243 |
}
|
244 |
if ( $action == 'new' || $action == 'edit' ) {
|
245 |
$this->add_method_creation_date();
|
260 |
$method_id_for_shipping = $this->id . '_' . $this->instance_id . '_' . $method_id;
|
261 |
}
|
262 |
else {
|
263 |
+
$method_id = sanitize_text_field( wp_unslash( $_POST['method_id'] ) );
|
264 |
+
$method_id_for_shipping = sanitize_text_field( wp_unslash( $_POST['method_id_for_shipping'] ) );
|
265 |
if ( isset( $shipping_methods[ $method_id ] ) ) {
|
266 |
$shipping_method = $shipping_methods[ $method_id ];
|
267 |
}
|
269 |
$shipping_method['woocommerce_method_instance_id'] = $this->instance_id;
|
270 |
$shipping_method['id'] = $method_id;
|
271 |
$shipping_method['id_for_shipping'] = $method_id_for_shipping;
|
272 |
+
$shipping_method['method_title'] = sanitize_text_field( wp_unslash( $_POST['woocommerce_' . $this->id . '_method_title'] ) );
|
273 |
+
$shipping_method['method_description'] = sanitize_text_field( wp_unslash( $_POST['woocommerce_' . $this->id . '_method_description'] ) );
|
274 |
$shipping_method[self::FIELD_METHOD_FREE_SHIPPING] = '';
|
275 |
|
276 |
if ( isset( $_POST['woocommerce_' . $this->id . '_method_free_shipping'] ) && $_POST['woocommerce_' . $this->id . '_method_free_shipping'] != '' ) {
|
277 |
+
$shipping_method[self::FIELD_METHOD_FREE_SHIPPING] = wc_format_decimal( sanitize_text_field( wp_unslash( $_POST['woocommerce_' . $this->id . '_method_free_shipping'] ) ) );
|
278 |
}
|
279 |
if ( version_compare( WC()->version, '2.6' ) >= 0 ) {
|
280 |
+
$shipping_method['method_free_shipping_label'] = sanitize_text_field( wp_unslash( $_POST['woocommerce_' . $this->id . '_method_free_shipping_label'] ) );
|
281 |
}
|
282 |
+
$shipping_method['method_calculation_method'] = sanitize_text_field( wp_unslash( $_POST['woocommerce_' . $this->id . '_method_calculation_method'] ) );
|
283 |
$shipping_method['method_visibility'] = 'no';
|
284 |
if ( isset( $_POST['woocommerce_' . $this->id . '_method_visibility'] ) && $_POST['woocommerce_' . $this->id . '_method_visibility'] == 1 )
|
285 |
$shipping_method['method_visibility'] = 'yes';
|
292 |
if ( isset( $_POST['woocommerce_' . $this->id . '_method_enabled'] ) && $_POST['woocommerce_' . $this->id . '_method_enabled'] == 1 )
|
293 |
$shipping_method['method_enabled'] = 'yes';
|
294 |
//
|
295 |
+
$shipping_method['method_integration'] = sanitize_text_field( wp_unslash( $_POST['woocommerce_' . $this->id . '_method_integration'] ) );
|
296 |
//
|
297 |
$shipping_method = apply_filters( 'flexible_shipping_process_admin_options', $shipping_method );
|
298 |
//
|
302 |
foreach ( $_POST['method_rules'] as $rule ) {
|
303 |
$count++;
|
304 |
$method_rule = array();
|
305 |
+
$method_rule['based_on'] = sanitize_text_field( wp_unslash( $rule['based_on'] ) );
|
306 |
+
$method_rule['min'] = wc_format_decimal( sanitize_text_field( wp_unslash( $rule['min'] ) ) );
|
307 |
+
$method_rule['max'] = wc_format_decimal( sanitize_text_field( wp_unslash( $rule['max'] ) ) );
|
308 |
+
$method_rule['cost_per_order'] = wc_format_decimal( sanitize_text_field( wp_unslash( $rule['cost_per_order'] ) ) );
|
309 |
$method_rule = apply_filters( 'flexible_shipping_method_rule_save', $method_rule, $rule );
|
310 |
$shipping_method['method_rules'][$count] = $method_rule;
|
311 |
}
|
349 |
else {
|
350 |
parent::process_admin_options();
|
351 |
if ( isset( $_POST['method_order'] ) ) {
|
352 |
+
$method_order = $_POST['method_order'];
|
353 |
+
$method_order_security_alert = false;
|
354 |
+
foreach ( $method_order as $method_order_key => $method_id ) {
|
355 |
+
if ( strval( $method_order_key ) !== strval( sanitize_key( $method_order_key ) ) || strval( $method_id ) !== strval( sanitize_key( $method_id ) ) ) {
|
356 |
+
$method_order_security_alert = true;
|
357 |
+
}
|
358 |
+
}
|
359 |
+
if ( $method_order_security_alert ) {
|
360 |
+
WC_Admin_Settings::add_error( __( 'Flexible Shipping: security check error. Shipping method order not saved!', 'flexible-shipping' ) );
|
361 |
+
WC_Admin_Settings::show_messages();
|
362 |
+
} else {
|
363 |
+
update_option( $this->shipping_method_order_option, $method_order );
|
364 |
+
}
|
365 |
}
|
366 |
}
|
367 |
}
|
379 |
$action = false;
|
380 |
if ( isset( $_GET['action'] ) )
|
381 |
{
|
382 |
+
$action = sanitize_key( $_GET['action'] );
|
383 |
}
|
384 |
if ( $action == 'new' || $action == 'edit' ) {
|
385 |
$shipping_methods = get_option( $this->shipping_methods_option, array() );
|
397 |
);
|
398 |
$method_id = '';
|
399 |
if ( $action == 'edit' ) {
|
400 |
+
$method_id = sanitize_key( $_GET['method_id'] );
|
401 |
$shipping_method = $shipping_methods[$method_id];
|
402 |
$method_id_for_shipping = $this->id . '_' . $this->instance_id . '_' . sanitize_title( $shipping_method['method_title'] );
|
403 |
$method_id_for_shipping = apply_filters( 'flexible_shipping_method_rate_id', $method_id_for_shipping, $shipping_method );
|
417 |
<?php endif; ?>
|
418 |
<?php
|
419 |
if ( isset( $_GET['added'] ) ) {
|
420 |
+
$method_id = sanitize_key( $_GET['added'] );
|
421 |
$shipping_methods = get_option( $this->shipping_methods_option, array() );
|
422 |
if ( isset( $shipping_methods[$method_id] ) )
|
423 |
{
|
435 |
else if ( $action == 'delete' ) {
|
436 |
$methods_id = '';
|
437 |
if ( isset( $_GET['methods_id'] ) ) {
|
438 |
+
$methods_id = explode( ',' , sanitize_text_field( $_GET['methods_id'] ) );
|
439 |
}
|
440 |
$shipping_methods = get_option( $this->shipping_methods_option, array() );
|
441 |
$shipping_method_order = get_option( $this->shipping_method_order_option, array() );
|
459 |
}
|
460 |
else {
|
461 |
if ( isset( $_GET['added'] ) ) {
|
462 |
+
$method_id = sanitize_key( $_GET['added'] );
|
463 |
$shipping_methods = get_option( $this->shipping_methods_option, array() );
|
464 |
if ( isset( $shipping_methods[$method_id] ) )
|
465 |
{
|
472 |
WC_Admin_Settings::show_messages();
|
473 |
}
|
474 |
if ( isset( $_GET['updated'] ) ) {
|
475 |
+
$method_id = sanitize_key( $_GET['updated'] );
|
476 |
$shipping_methods = get_option( $this->shipping_methods_option, array() );
|
477 |
if ( isset( $shipping_methods[$method_id] ) )
|
478 |
{
|
classes/table-rate/views/html-shipping-method-rules.php
CHANGED
@@ -226,11 +226,11 @@
|
|
226 |
?>
|
227 |
<script type="text/javascript">
|
228 |
<?php
|
229 |
-
$zone = WC_Shipping_Zones::get_zone_by( 'instance_id', $_GET['instance_id'] );
|
230 |
-
$shipping_method_woo = WC_Shipping_Zones::get_shipping_method( $_GET['instance_id'] );
|
231 |
$content = '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping' ) . '">' . __( 'Shipping Zones', 'woocommerce' ) . '</a> > ';
|
232 |
$content .= '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping&zone_id=' . absint( $zone->get_id() ) ) . '">' . esc_html( $zone->get_zone_name() ) . '</a> > ';
|
233 |
-
$content .= '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping&instance_id=' . $_GET['instance_id'] ) . '">' . esc_html( $shipping_method_woo->get_title() ) . '</a>';
|
234 |
if ( isset( $data['method_title'] ) && $data['method_title'] != '' ) {
|
235 |
$content .= ' > ';
|
236 |
$content .= esc_html( $data['method_title'] );
|
226 |
?>
|
227 |
<script type="text/javascript">
|
228 |
<?php
|
229 |
+
$zone = WC_Shipping_Zones::get_zone_by( 'instance_id', sanitize_key( $_GET['instance_id'] ) );
|
230 |
+
$shipping_method_woo = WC_Shipping_Zones::get_shipping_method( sanitize_key( $_GET['instance_id'] ) );
|
231 |
$content = '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping' ) . '">' . __( 'Shipping Zones', 'woocommerce' ) . '</a> > ';
|
232 |
$content .= '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping&zone_id=' . absint( $zone->get_id() ) ) . '">' . esc_html( $zone->get_zone_name() ) . '</a> > ';
|
233 |
+
$content .= '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping&instance_id=' . sanitize_key( $_GET['instance_id'] ) ) . '">' . esc_html( $shipping_method_woo->get_title() ) . '</a>';
|
234 |
if ( isset( $data['method_title'] ) && $data['method_title'] != '' ) {
|
235 |
$content .= ' > ';
|
236 |
$content .= esc_html( $data['method_title'] );
|
classes/table-rate/views/html-shipping-method-settings.php
CHANGED
@@ -20,8 +20,8 @@
|
|
20 |
<?php if ( isset( $shipping_method_order ) && is_array( $shipping_method_order ) ) : ?>
|
21 |
<?php foreach ( $shipping_method_order as $shipping_method_id ) : $shipping_method = $shipping_methods[$shipping_method_id]; ?>
|
22 |
<?php $tr_class = ''; ?>
|
23 |
-
<?php if ( isset( $_GET['added'] ) && $_GET['added'] == $shipping_method_id ) $tr_class = 'highlight'; ?>
|
24 |
-
<?php if ( isset( $_GET['updated'] ) && $_GET['updated'] == $shipping_method_id ) $tr_class = 'highlight'; ?>
|
25 |
<tr id="method_<?php echo $shipping_method_id; ?>" class="<?php echo $tr_class; ?>">
|
26 |
<td width="1%" class="sort">
|
27 |
<input type="hidden" name="method_order[<?php echo esc_attr( $shipping_method['id'] ); ?>]" value="<?php echo esc_attr( $shipping_method['id'] ); ?>" />
|
@@ -76,8 +76,8 @@
|
|
76 |
<input id="flexible_shipping_import_file" type="file" name="import_file" style="display:none;" accept=".csv" />
|
77 |
<input id="flexible_shipping_import_action" type="hidden" name="import_action" value="0" />
|
78 |
<button id="flexible_shipping_import_cancel" class="button" style="display:none;"><?php _e( 'Cancel import', 'flexible-shipping' ); ?></button>
|
79 |
-
<input id="flexible_shipping_do_import" style="display:none;" class="button button-primary" data-instance-id="<?php echo isset( $_GET['instance_id'] ) ? $_GET['instance_id'] : '1'; ?>" data-nonce="<?php echo wp_create_nonce( "flexible_shipping" ); ?>" type="submit" value="<?php _e( 'Import', 'flexible-shipping' ); ?>" />
|
80 |
-
<button id="flexible_shipping_import" class="button" data-instance-id="<?php isset( $_GET['instance_id'] ) ? $_GET['instance_id'] : '1'; ?>" data-nonce="<?php echo wp_create_nonce( "flexible_shipping" ); ?>" ><?php _e( 'Import', 'flexible-shipping' ); ?></button>
|
81 |
<?php do_action( 'flexible_shipping_actions_row' ); ?>
|
82 |
</div>
|
83 |
<div style="clear:both;"></div>
|
@@ -101,8 +101,8 @@
|
|
101 |
if( version_compare( WC()->version, '2.6.0', ">=" ) ) :
|
102 |
?>
|
103 |
<?php
|
104 |
-
$zone = WC_Shipping_Zones::get_zone_by( 'instance_id', $_GET['instance_id'] );
|
105 |
-
$shipping_method_woo = WC_Shipping_Zones::get_shipping_method( $_GET['instance_id'] );
|
106 |
$content = '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping' ) . '">' . __( 'Shipping Zones', 'woocommerce' ) . '</a> > ';
|
107 |
$content .= '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping&zone_id=' . absint( $zone->get_id() ) ) . '">' . esc_html( $zone->get_zone_name() ) . '</a> >';
|
108 |
$content .= esc_html( $shipping_method_woo->get_title() );
|
@@ -111,7 +111,7 @@
|
|
111 |
|
112 |
<?php
|
113 |
global $wp;
|
114 |
-
$current_url = 'admin.php?page=wc-settings&tab=shipping&instance_id=' . $_GET['instance_id'];
|
115 |
?>
|
116 |
|
117 |
jQuery('#mainform').attr('action', '<?php echo $current_url; ?>' );
|
@@ -194,7 +194,7 @@
|
|
194 |
})
|
195 |
|
196 |
<?php
|
197 |
-
if ( isset( $_POST['import_action'] ) && $_POST['import_action'] == '1' ) {
|
198 |
?>
|
199 |
jQuery('.updated.inline:lt(1)').hide();
|
200 |
jQuery('.updated.inline:lt(2)').hide();
|
20 |
<?php if ( isset( $shipping_method_order ) && is_array( $shipping_method_order ) ) : ?>
|
21 |
<?php foreach ( $shipping_method_order as $shipping_method_id ) : $shipping_method = $shipping_methods[$shipping_method_id]; ?>
|
22 |
<?php $tr_class = ''; ?>
|
23 |
+
<?php if ( isset( $_GET['added'] ) && sanitize_key( $_GET['added'] ) == $shipping_method_id ) $tr_class = 'highlight'; ?>
|
24 |
+
<?php if ( isset( $_GET['updated'] ) && sanitize_key( $_GET['updated'] ) == $shipping_method_id ) $tr_class = 'highlight'; ?>
|
25 |
<tr id="method_<?php echo $shipping_method_id; ?>" class="<?php echo $tr_class; ?>">
|
26 |
<td width="1%" class="sort">
|
27 |
<input type="hidden" name="method_order[<?php echo esc_attr( $shipping_method['id'] ); ?>]" value="<?php echo esc_attr( $shipping_method['id'] ); ?>" />
|
76 |
<input id="flexible_shipping_import_file" type="file" name="import_file" style="display:none;" accept=".csv" />
|
77 |
<input id="flexible_shipping_import_action" type="hidden" name="import_action" value="0" />
|
78 |
<button id="flexible_shipping_import_cancel" class="button" style="display:none;"><?php _e( 'Cancel import', 'flexible-shipping' ); ?></button>
|
79 |
+
<input id="flexible_shipping_do_import" style="display:none;" class="button button-primary" data-instance-id="<?php echo isset( $_GET['instance_id'] ) ? sanitize_key( $_GET['instance_id'] ) : '1'; ?>" data-nonce="<?php echo wp_create_nonce( "flexible_shipping" ); ?>" type="submit" value="<?php _e( 'Import', 'flexible-shipping' ); ?>" />
|
80 |
+
<button id="flexible_shipping_import" class="button" data-instance-id="<?php isset( $_GET['instance_id'] ) ? sanitize_key( $_GET['instance_id'] ) : '1'; ?>" data-nonce="<?php echo wp_create_nonce( "flexible_shipping" ); ?>" ><?php _e( 'Import', 'flexible-shipping' ); ?></button>
|
81 |
<?php do_action( 'flexible_shipping_actions_row' ); ?>
|
82 |
</div>
|
83 |
<div style="clear:both;"></div>
|
101 |
if( version_compare( WC()->version, '2.6.0', ">=" ) ) :
|
102 |
?>
|
103 |
<?php
|
104 |
+
$zone = WC_Shipping_Zones::get_zone_by( 'instance_id', sanitize_key( $_GET['instance_id'] ) );
|
105 |
+
$shipping_method_woo = WC_Shipping_Zones::get_shipping_method( sanitize_key( $_GET['instance_id'] ) );
|
106 |
$content = '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping' ) . '">' . __( 'Shipping Zones', 'woocommerce' ) . '</a> > ';
|
107 |
$content .= '<a href="' . admin_url( 'admin.php?page=wc-settings&tab=shipping&zone_id=' . absint( $zone->get_id() ) ) . '">' . esc_html( $zone->get_zone_name() ) . '</a> >';
|
108 |
$content .= esc_html( $shipping_method_woo->get_title() );
|
111 |
|
112 |
<?php
|
113 |
global $wp;
|
114 |
+
$current_url = 'admin.php?page=wc-settings&tab=shipping&instance_id=' . sanitize_key( $_GET['instance_id'] );
|
115 |
?>
|
116 |
|
117 |
jQuery('#mainform').attr('action', '<?php echo $current_url; ?>' );
|
194 |
})
|
195 |
|
196 |
<?php
|
197 |
+
if ( isset( $_POST['import_action'] ) && sanitize_key( $_POST['import_action'] ) == '1' ) {
|
198 |
?>
|
199 |
jQuery('.updated.inline:lt(1)').hide();
|
200 |
jQuery('.updated.inline:lt(2)').hide();
|
classes/tracker/tracker.php
CHANGED
@@ -179,7 +179,7 @@ class WPDesk_Flexible_Shipping_Tracker implements Hookable {
|
|
179 |
public function wpdesk_tracker_notice_screens( $screens ) {
|
180 |
$current_screen = get_current_screen();
|
181 |
if ( 'woocommerce_page_wc-settings' === $current_screen->id ) {
|
182 |
-
if ( isset( $_GET['tab'] ) && 'shipping' === $_GET['tab'] ) {
|
183 |
$screens[] = $current_screen->id;
|
184 |
}
|
185 |
}
|
179 |
public function wpdesk_tracker_notice_screens( $screens ) {
|
180 |
$current_screen = get_current_screen();
|
181 |
if ( 'woocommerce_page_wc-settings' === $current_screen->id ) {
|
182 |
+
if ( isset( $_GET['tab'] ) && 'shipping' === sanitize_key( $_GET['tab'] ) ) {
|
183 |
$screens[] = $current_screen->id;
|
184 |
}
|
185 |
}
|
classes/wp-wpdesk-fs-shipment/admin-notices.php
CHANGED
@@ -135,8 +135,8 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Admin_Notices' ) ) {
|
|
135 |
* @return bool
|
136 |
*/
|
137 |
public function is_in_zones() {
|
138 |
-
if ( isset( $_GET['page'] ) && $_GET['page'] == 'wc-settings'
|
139 |
-
&& isset( $_GET['tab'] ) && $_GET['tab'] == 'shipping'
|
140 |
&& ( !isset( $_GET['section'] ) || $_GET['section'] == '' )
|
141 |
) {
|
142 |
return true;
|
135 |
* @return bool
|
136 |
*/
|
137 |
public function is_in_zones() {
|
138 |
+
if ( isset( $_GET['page'] ) && sanitize_key( $_GET['page'] ) == 'wc-settings'
|
139 |
+
&& isset( $_GET['tab'] ) && sanitize_key( $_GET['tab'] ) == 'shipping'
|
140 |
&& ( !isset( $_GET['section'] ) || $_GET['section'] == '' )
|
141 |
) {
|
142 |
return true;
|
classes/wp-wpdesk-fs-shipment/class-order-add-shipping.php
CHANGED
@@ -30,10 +30,10 @@ class WPDesk_Flexible_Shipping_Add_Shipping implements \FSVendor\WPDesk\PluginBu
|
|
30 |
private function add_shipping( $integration ) {
|
31 |
$class_name = apply_filters( 'flexible_shipping_shipment_class', 'WPDesk_Flexible_Shipping_Shipment_' . $integration, $integration );
|
32 |
if ( class_exists( $class_name ) ) {
|
33 |
-
$order = wc_get_order( $_GET['post'] );
|
34 |
if ( $order ) {
|
35 |
$order_id = $order->get_id();
|
36 |
-
$integration = $_GET['fs_add_shipping'];
|
37 |
// Translators: order id and integration.
|
38 |
$post_title = sprintf( __( 'Shipment for order %1$s, %2$s', 'flexible-shipping' ), $order_id, $integration );
|
39 |
$shipment_post = array(
|
@@ -63,7 +63,7 @@ class WPDesk_Flexible_Shipping_Add_Shipping implements \FSVendor\WPDesk\PluginBu
|
|
63 |
if ( isset( $_GET['fs_add_shipping'] ) && isset( $_GET['post'] ) ) {
|
64 |
if ( isset( $_GET['_wpnonce'] ) ) {
|
65 |
if ( wp_verify_nonce( $_GET['_wpnonce'], 'fs_add_shipping' ) ) {
|
66 |
-
$integration = $_GET['fs_add_shipping'];
|
67 |
$this->add_shipping( $integration );
|
68 |
}
|
69 |
}
|
30 |
private function add_shipping( $integration ) {
|
31 |
$class_name = apply_filters( 'flexible_shipping_shipment_class', 'WPDesk_Flexible_Shipping_Shipment_' . $integration, $integration );
|
32 |
if ( class_exists( $class_name ) ) {
|
33 |
+
$order = wc_get_order( sanitize_key( $_GET['post'] ) );
|
34 |
if ( $order ) {
|
35 |
$order_id = $order->get_id();
|
36 |
+
$integration = sanitize_key( $_GET['fs_add_shipping'] );
|
37 |
// Translators: order id and integration.
|
38 |
$post_title = sprintf( __( 'Shipment for order %1$s, %2$s', 'flexible-shipping' ), $order_id, $integration );
|
39 |
$shipment_post = array(
|
63 |
if ( isset( $_GET['fs_add_shipping'] ) && isset( $_GET['post'] ) ) {
|
64 |
if ( isset( $_GET['_wpnonce'] ) ) {
|
65 |
if ( wp_verify_nonce( $_GET['_wpnonce'], 'fs_add_shipping' ) ) {
|
66 |
+
$integration = sanitize_key( $_GET['fs_add_shipping'] );
|
67 |
$this->add_shipping( $integration );
|
68 |
}
|
69 |
}
|
classes/wp-wpdesk-fs-shipment/manifest/cpt-shipping-manifest.php
CHANGED
@@ -214,14 +214,14 @@ class WPDesk_Flexible_Shipping_Shipping_Manifest_CPT {
|
|
214 |
|
215 |
public function cancel_manifest() {
|
216 |
if ( !empty( $_GET['flexible_shipping_cancel_manifest'] ) && !empty( $_GET['nonce'] ) ) {
|
217 |
-
$nonce = $_GET['nonce'];
|
218 |
if ( !wp_verify_nonce( $nonce, 'flexible_shipping_cancel_manifest' ) ) {
|
219 |
echo __( 'Invalid nonce!', 'flexible-shipping' );
|
220 |
exit;
|
221 |
}
|
222 |
$sendback = admin_url( 'edit.php?post_type=shipping_manifest' );
|
223 |
try {
|
224 |
-
$shipping_manifest_id = $_GET['flexible_shipping_cancel_manifest'];
|
225 |
$shipping_manifest = fs_get_manifest( $shipping_manifest_id );
|
226 |
$shipping_manifest->cancel();
|
227 |
fs_delete_manifest( $shipping_manifest );
|
@@ -238,12 +238,12 @@ class WPDesk_Flexible_Shipping_Shipping_Manifest_CPT {
|
|
238 |
|
239 |
public function download_manifest() {
|
240 |
if ( !empty( $_GET['flexible_shipping_download_manifest'] ) && !empty( $_GET['nonce'] ) ) {
|
241 |
-
$nonce = $_GET['nonce'];
|
242 |
if ( !wp_verify_nonce( $nonce, 'flexible_shipping_download_manifest' ) ) {
|
243 |
echo __( 'Invalid nonce!', 'flexible-shipping' );
|
244 |
}
|
245 |
try {
|
246 |
-
$shipping_manifest_id = $_GET['flexible_shipping_download_manifest'];
|
247 |
$shipping_manifest = fs_get_manifest( $shipping_manifest_id );
|
248 |
$manifest = $shipping_manifest->get_manifest();
|
249 |
header( "Content-type: application/octet-stream" );
|
@@ -291,7 +291,7 @@ class WPDesk_Flexible_Shipping_Shipping_Manifest_CPT {
|
|
291 |
}
|
292 |
$integration = '';
|
293 |
if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
|
294 |
-
$integration = $_GET['flexible_shipping_integration_filter'];
|
295 |
}
|
296 |
include( 'views/filter-form.php' );
|
297 |
}
|
@@ -301,13 +301,13 @@ class WPDesk_Flexible_Shipping_Shipping_Manifest_CPT {
|
|
301 |
global $pagenow;
|
302 |
$type = 'shipping_manifest';
|
303 |
if ( isset( $_GET['post_type'] ) ) {
|
304 |
-
$type = $_GET['post_type'];
|
305 |
}
|
306 |
if ( isset( $query->query_vars['post_type'] ) && $query->query_vars['post_type'] == 'shipping_manifest' ) {
|
307 |
if ( 'shipping_manifest' == $type && is_admin() && 'edit.php' == $pagenow ) {
|
308 |
$integration = '';
|
309 |
if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
|
310 |
-
$integration = $_GET['flexible_shipping_integration_filter'];
|
311 |
}
|
312 |
if ( $integration != '' ) {
|
313 |
if ($integration != '') {
|
@@ -325,4 +325,4 @@ class WPDesk_Flexible_Shipping_Shipping_Manifest_CPT {
|
|
325 |
}
|
326 |
|
327 |
|
328 |
-
}
|
214 |
|
215 |
public function cancel_manifest() {
|
216 |
if ( !empty( $_GET['flexible_shipping_cancel_manifest'] ) && !empty( $_GET['nonce'] ) ) {
|
217 |
+
$nonce = sanitize_text_field( $_GET['nonce'] );
|
218 |
if ( !wp_verify_nonce( $nonce, 'flexible_shipping_cancel_manifest' ) ) {
|
219 |
echo __( 'Invalid nonce!', 'flexible-shipping' );
|
220 |
exit;
|
221 |
}
|
222 |
$sendback = admin_url( 'edit.php?post_type=shipping_manifest' );
|
223 |
try {
|
224 |
+
$shipping_manifest_id = sanitize_key( $_GET['flexible_shipping_cancel_manifest'] );
|
225 |
$shipping_manifest = fs_get_manifest( $shipping_manifest_id );
|
226 |
$shipping_manifest->cancel();
|
227 |
fs_delete_manifest( $shipping_manifest );
|
238 |
|
239 |
public function download_manifest() {
|
240 |
if ( !empty( $_GET['flexible_shipping_download_manifest'] ) && !empty( $_GET['nonce'] ) ) {
|
241 |
+
$nonce = sanitize_text_field( $_GET['nonce'] );
|
242 |
if ( !wp_verify_nonce( $nonce, 'flexible_shipping_download_manifest' ) ) {
|
243 |
echo __( 'Invalid nonce!', 'flexible-shipping' );
|
244 |
}
|
245 |
try {
|
246 |
+
$shipping_manifest_id = sanitize_key( $_GET['flexible_shipping_download_manifest'] );
|
247 |
$shipping_manifest = fs_get_manifest( $shipping_manifest_id );
|
248 |
$manifest = $shipping_manifest->get_manifest();
|
249 |
header( "Content-type: application/octet-stream" );
|
291 |
}
|
292 |
$integration = '';
|
293 |
if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
|
294 |
+
$integration = sanitize_key( $_GET['flexible_shipping_integration_filter'] );
|
295 |
}
|
296 |
include( 'views/filter-form.php' );
|
297 |
}
|
301 |
global $pagenow;
|
302 |
$type = 'shipping_manifest';
|
303 |
if ( isset( $_GET['post_type'] ) ) {
|
304 |
+
$type = sanitize_key( $_GET['post_type'] );
|
305 |
}
|
306 |
if ( isset( $query->query_vars['post_type'] ) && $query->query_vars['post_type'] == 'shipping_manifest' ) {
|
307 |
if ( 'shipping_manifest' == $type && is_admin() && 'edit.php' == $pagenow ) {
|
308 |
$integration = '';
|
309 |
if ( isset( $_GET['flexible_shipping_integration_filter'] ) ) {
|
310 |
+
$integration = sanitize_key( $_GET['flexible_shipping_integration_filter'] );
|
311 |
}
|
312 |
if ( $integration != '' ) {
|
313 |
if ($integration != '') {
|
325 |
}
|
326 |
|
327 |
|
328 |
+
}
|
classes/wp-wpdesk-fs-shipment/metabox/ajax.php
CHANGED
@@ -20,7 +20,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Shipment_Ajax' ) ) {
|
|
20 |
public function wp_ajax_flexible_shipping() {
|
21 |
$json = array('status' => 'fail');
|
22 |
$json['message'] = __( 'Unknown error!', 'flexible-shipping' );
|
23 |
-
if ( empty( $_REQUEST['nonce'] ) || !wp_verify_nonce( $_REQUEST['nonce'], 'flexible_shipping_shipment_nonce' ) ) {
|
24 |
$json['status'] = 'fail';
|
25 |
$json['message'] = __( 'Nonce verification error! Invalid request.', 'flexible-shipping' );
|
26 |
}
|
@@ -34,7 +34,7 @@ if ( ! class_exists( 'WPDesk_Flexible_Shipping_Shipment_Ajax' ) ) {
|
|
34 |
}
|
35 |
else {
|
36 |
$shipment = fs_get_shipment( intval( $_REQUEST['shipment_id'] ) );
|
37 |
-
$action = $_REQUEST['fs_action'];
|
38 |
$data = $_REQUEST['data'];
|
39 |
try {
|
40 |
$ajax_request = $shipment->ajax_request( $action, $data );
|
20 |
public function wp_ajax_flexible_shipping() {
|
21 |
$json = array('status' => 'fail');
|
22 |
$json['message'] = __( 'Unknown error!', 'flexible-shipping' );
|
23 |
+
if ( empty( $_REQUEST['nonce'] ) || !wp_verify_nonce( sanitize_text_field( $_REQUEST['nonce'] ), 'flexible_shipping_shipment_nonce' ) ) {
|
24 |
$json['status'] = 'fail';
|
25 |
$json['message'] = __( 'Nonce verification error! Invalid request.', 'flexible-shipping' );
|
26 |
}
|
34 |
}
|
35 |
else {
|
36 |
$shipment = fs_get_shipment( intval( $_REQUEST['shipment_id'] ) );
|
37 |
+
$action = sanitize_key( $_REQUEST['fs_action'] );
|
38 |
$data = $_REQUEST['data'];
|
39 |
try {
|
40 |
$ajax_request = $shipment->ajax_request( $action, $data );
|
classes/wp-wpdesk-fs-shipment/shipment/cpt-shipment.php
CHANGED
@@ -185,13 +185,13 @@ class WPDesk_Flexible_Shipping_Shipment_CPT {
|
|
185 |
|
186 |
public function flexible_shipping_get_label() {
|
187 |
if ( !empty( $_GET['flexible_shipping_get_label'] ) && !empty( $_GET['nonce'] ) ) {
|
188 |
-
$nonce = $_GET['nonce'];
|
189 |
if ( !wp_verify_nonce( $nonce, 'flexible_shipping_get_label' ) ) {
|
190 |
echo __( 'Invalid nonce!', 'flexible-shipping' );
|
191 |
exit;
|
192 |
}
|
193 |
try {
|
194 |
-
$shipment_id = $_GET['flexible_shipping_get_label'];
|
195 |
$shipment = fs_get_shipment( $shipment_id );
|
196 |
$label_data = $shipment->get_label();
|
197 |
header( "Content-type: application/octet-stream" );
|
185 |
|
186 |
public function flexible_shipping_get_label() {
|
187 |
if ( !empty( $_GET['flexible_shipping_get_label'] ) && !empty( $_GET['nonce'] ) ) {
|
188 |
+
$nonce = sanitize_text_field( $_GET['nonce'] );
|
189 |
if ( !wp_verify_nonce( $nonce, 'flexible_shipping_get_label' ) ) {
|
190 |
echo __( 'Invalid nonce!', 'flexible-shipping' );
|
191 |
exit;
|
192 |
}
|
193 |
try {
|
194 |
+
$shipment_id = sanitize_key( $_GET['flexible_shipping_get_label'] );
|
195 |
$shipment = fs_get_shipment( $shipment_id );
|
196 |
$label_data = $shipment->get_label();
|
197 |
header( "Content-type: application/octet-stream" );
|
flexible-shipping.php
CHANGED
@@ -3,7 +3,7 @@
|
|
3 |
* Plugin Name: Flexible Shipping
|
4 |
* Plugin URI: https://wordpress.org/plugins/flexible-shipping/
|
5 |
* Description: Create additional shipment methods in WooCommerce and enable pricing based on cart weight or total.
|
6 |
-
* Version: 3.9.
|
7 |
* Author: WP Desk
|
8 |
* Author URI: https://www.wpdesk.net/
|
9 |
* Text Domain: flexible-shipping
|
@@ -11,7 +11,7 @@
|
|
11 |
* Requires at least: 4.5
|
12 |
* Tested up to: 5.3.2
|
13 |
* WC requires at least: 3.1.0
|
14 |
-
* WC tested up to: 3.9.
|
15 |
* Requires PHP: 5.6
|
16 |
*
|
17 |
* Copyright 2017 WP Desk Ltd.
|
@@ -38,7 +38,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|
38 |
} // Exit if accessed directly
|
39 |
|
40 |
/* THESE TWO VARIABLES CAN BE CHANGED AUTOMATICALLY */
|
41 |
-
$plugin_version = '3.9.
|
42 |
$plugin_release_timestamp = '2020-02-17 14:35';
|
43 |
|
44 |
$plugin_name = 'Flexible Shipping';
|
3 |
* Plugin Name: Flexible Shipping
|
4 |
* Plugin URI: https://wordpress.org/plugins/flexible-shipping/
|
5 |
* Description: Create additional shipment methods in WooCommerce and enable pricing based on cart weight or total.
|
6 |
+
* Version: 3.9.11
|
7 |
* Author: WP Desk
|
8 |
* Author URI: https://www.wpdesk.net/
|
9 |
* Text Domain: flexible-shipping
|
11 |
* Requires at least: 4.5
|
12 |
* Tested up to: 5.3.2
|
13 |
* WC requires at least: 3.1.0
|
14 |
+
* WC tested up to: 3.9.3
|
15 |
* Requires PHP: 5.6
|
16 |
*
|
17 |
* Copyright 2017 WP Desk Ltd.
|
38 |
} // Exit if accessed directly
|
39 |
|
40 |
/* THESE TWO VARIABLES CAN BE CHANGED AUTOMATICALLY */
|
41 |
+
$plugin_version = '3.9.11';
|
42 |
$plugin_release_timestamp = '2020-02-17 14:35';
|
43 |
|
44 |
$plugin_name = 'Flexible Shipping';
|
readme.txt
CHANGED
@@ -4,7 +4,7 @@ Donate link: https://flexibleshipping.com/table-rate/
|
|
4 |
Tags: table rate, table rate shipping, woocommerce shipping, flexible shipping, woocommerce table rate shipping, cart based shipping, weight shipping, weight based shipping, totals based shipping, order based shipping, shipping zones, shipping classes
|
5 |
Requires at least: 4.5
|
6 |
Tested up to: 5.3.2
|
7 |
-
Stable tag: 3.9.
|
8 |
Requires PHP: 5.6
|
9 |
License: GPLv3 or later
|
10 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
@@ -171,6 +171,10 @@ If you are upgrading from the old Flexible Shipping version (1.3.2, woo-flexible
|
|
171 |
|
172 |
== Changelog ==
|
173 |
|
|
|
|
|
|
|
|
|
174 |
= 3.9.10 - 2020-03-02 =
|
175 |
* Added bulk labels functionality - ability to print multiple labels in one file
|
176 |
|
4 |
Tags: table rate, table rate shipping, woocommerce shipping, flexible shipping, woocommerce table rate shipping, cart based shipping, weight shipping, weight based shipping, totals based shipping, order based shipping, shipping zones, shipping classes
|
5 |
Requires at least: 4.5
|
6 |
Tested up to: 5.3.2
|
7 |
+
Stable tag: 3.9.11
|
8 |
Requires PHP: 5.6
|
9 |
License: GPLv3 or later
|
10 |
License URI: http://www.gnu.org/licenses/gpl-3.0.html
|
171 |
|
172 |
== Changelog ==
|
173 |
|
174 |
+
= 3.9.11 - 2020-03-09 =
|
175 |
+
* Added additional security hardenings
|
176 |
+
* Fixed integrations link
|
177 |
+
|
178 |
= 3.9.10 - 2020-03-02 =
|
179 |
* Added bulk labels functionality - ability to print multiple labels in one file
|
180 |
|
templates/cart/flexible-shipping/after-shipping-rate.php
CHANGED
@@ -12,5 +12,5 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|
12 |
?>
|
13 |
|
14 |
<p class="shipping-method-description">
|
15 |
-
|
16 |
</p>
|
12 |
?>
|
13 |
|
14 |
<p class="shipping-method-description">
|
15 |
+
<?php echo esc_html( $method_description ); ?>
|
16 |
</p>
|
templates/email/after_order_table.php
CHANGED
@@ -6,12 +6,12 @@
|
|
6 |
*
|
7 |
* @author WP Desk
|
8 |
* @version 1.0.0
|
9 |
-
*/
|
10 |
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
11 |
?>
|
12 |
<h2><?php _e( 'Shipment', 'flexible-shipping' ); ?></h2>
|
13 |
<?php foreach ( $shipments as $shipment ) : ?>
|
14 |
<p>
|
15 |
-
<?php
|
16 |
</p>
|
17 |
<?php endforeach; ?>
|
6 |
*
|
7 |
* @author WP Desk
|
8 |
* @version 1.0.0
|
9 |
+
*/
|
10 |
if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
|
11 |
?>
|
12 |
<h2><?php _e( 'Shipment', 'flexible-shipping' ); ?></h2>
|
13 |
<?php foreach ( $shipments as $shipment ) : ?>
|
14 |
<p>
|
15 |
+
<?php esc_html_e( 'Track shipment: ', 'flexible-shipping' ); ?><a target="_blank" href="<?php echo esc_attr( $shipment['tracking_url'] ); ?>"><?php echo esc_html( $shipment['tracking_number'] ); ?></a>
|
16 |
</p>
|
17 |
<?php endforeach; ?>
|
templates/email/after_order_table_checkout_field.php
CHANGED
@@ -16,7 +16,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|
16 |
exit;
|
17 |
} // Exit if accessed directly
|
18 |
?>
|
19 |
-
<h2><?php echo $field_label;
|
20 |
<p>
|
21 |
-
<?php echo $field_value;
|
22 |
</p>
|
16 |
exit;
|
17 |
} // Exit if accessed directly
|
18 |
?>
|
19 |
+
<h2><?php echo esc_html( $field_label ); ?></h2>
|
20 |
<p>
|
21 |
+
<?php echo esc_html( $field_value ); ?>
|
22 |
</p>
|
templates/myaccount/after_order_table.php
CHANGED
@@ -7,11 +7,14 @@
|
|
7 |
* @author WP Desk
|
8 |
* @version 1.0.0
|
9 |
*/
|
10 |
-
|
|
|
|
|
|
|
11 |
?>
|
12 |
-
<h2><?php
|
13 |
<?php foreach ( $shipments as $shipment ) : ?>
|
14 |
<p>
|
15 |
-
<?php
|
16 |
</p>
|
17 |
<?php endforeach; ?>
|
7 |
* @author WP Desk
|
8 |
* @version 1.0.0
|
9 |
*/
|
10 |
+
|
11 |
+
if ( ! defined( 'ABSPATH' ) ) {
|
12 |
+
exit; // Exit if accessed directly.
|
13 |
+
}
|
14 |
?>
|
15 |
+
<h2><?php esc_html_e( 'Shipment', 'flexible-shipping' ); ?></h2>
|
16 |
<?php foreach ( $shipments as $shipment ) : ?>
|
17 |
<p>
|
18 |
+
<?php esc_html_e( 'Track shipment: ', 'flexible-shipping' ); ?><a target="_blank" href="<?php echo esc_attr( $shipment['tracking_url'] ); ?>"><?php echo esc_attr( $shipment['tracking_number'] ); ?></a>
|
19 |
</p>
|
20 |
<?php endforeach; ?>
|
templates/myaccount/after_order_table_checkout_field.php
CHANGED
@@ -16,7 +16,7 @@ if ( ! defined( 'ABSPATH' ) ) {
|
|
16 |
exit;
|
17 |
} // Exit if accessed directly
|
18 |
?>
|
19 |
-
<h2><?php echo $field_label;
|
20 |
<p>
|
21 |
-
<?php echo $field_value;
|
22 |
</p>
|
16 |
exit;
|
17 |
} // Exit if accessed directly
|
18 |
?>
|
19 |
+
<h2><?php echo esc_html( $field_label ); ?></h2>
|
20 |
<p>
|
21 |
+
<?php echo esc_html( $field_value ); ?>
|
22 |
</p>
|
vendor/autoload.php
CHANGED
@@ -4,4 +4,4 @@
|
|
4 |
|
5 |
require_once __DIR__ . '/composer/autoload_real.php';
|
6 |
|
7 |
-
return
|
4 |
|
5 |
require_once __DIR__ . '/composer/autoload_real.php';
|
6 |
|
7 |
+
return ComposerAutoloaderInite8b2dea9a12e7d1dfee420665a16a727::getLoader();
|
vendor/composer/autoload_real.php
CHANGED
@@ -2,7 +2,7 @@
|
|
2 |
|
3 |
// autoload_real.php @generated by Composer
|
4 |
|
5 |
-
class
|
6 |
{
|
7 |
private static $loader;
|
8 |
|
@@ -19,15 +19,15 @@ class ComposerAutoloaderInit57fb0a1fdd483f653392652aa77134ec
|
|
19 |
return self::$loader;
|
20 |
}
|
21 |
|
22 |
-
spl_autoload_register(array('
|
23 |
self::$loader = $loader = new \Composer\Autoload\ClassLoader();
|
24 |
-
spl_autoload_unregister(array('
|
25 |
|
26 |
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
|
27 |
if ($useStaticLoader) {
|
28 |
require_once __DIR__ . '/autoload_static.php';
|
29 |
|
30 |
-
call_user_func(\Composer\Autoload\
|
31 |
} else {
|
32 |
$map = require __DIR__ . '/autoload_namespaces.php';
|
33 |
foreach ($map as $namespace => $path) {
|
2 |
|
3 |
// autoload_real.php @generated by Composer
|
4 |
|
5 |
+
class ComposerAutoloaderInite8b2dea9a12e7d1dfee420665a16a727
|
6 |
{
|
7 |
private static $loader;
|
8 |
|
19 |
return self::$loader;
|
20 |
}
|
21 |
|
22 |
+
spl_autoload_register(array('ComposerAutoloaderInite8b2dea9a12e7d1dfee420665a16a727', 'loadClassLoader'), true, true);
|
23 |
self::$loader = $loader = new \Composer\Autoload\ClassLoader();
|
24 |
+
spl_autoload_unregister(array('ComposerAutoloaderInite8b2dea9a12e7d1dfee420665a16a727', 'loadClassLoader'));
|
25 |
|
26 |
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
|
27 |
if ($useStaticLoader) {
|
28 |
require_once __DIR__ . '/autoload_static.php';
|
29 |
|
30 |
+
call_user_func(\Composer\Autoload\ComposerStaticInite8b2dea9a12e7d1dfee420665a16a727::getInitializer($loader));
|
31 |
} else {
|
32 |
$map = require __DIR__ . '/autoload_namespaces.php';
|
33 |
foreach ($map as $namespace => $path) {
|
vendor/composer/autoload_static.php
CHANGED
@@ -4,7 +4,7 @@
|
|
4 |
|
5 |
namespace Composer\Autoload;
|
6 |
|
7 |
-
class
|
8 |
{
|
9 |
public static $prefixLengthsPsr4 = array (
|
10 |
'P' =>
|
@@ -358,9 +358,9 @@ class ComposerStaticInit57fb0a1fdd483f653392652aa77134ec
|
|
358 |
public static function getInitializer(ClassLoader $loader)
|
359 |
{
|
360 |
return \Closure::bind(function () use ($loader) {
|
361 |
-
$loader->prefixLengthsPsr4 =
|
362 |
-
$loader->prefixDirsPsr4 =
|
363 |
-
$loader->classMap =
|
364 |
|
365 |
}, null, ClassLoader::class);
|
366 |
}
|
4 |
|
5 |
namespace Composer\Autoload;
|
6 |
|
7 |
+
class ComposerStaticInite8b2dea9a12e7d1dfee420665a16a727
|
8 |
{
|
9 |
public static $prefixLengthsPsr4 = array (
|
10 |
'P' =>
|
358 |
public static function getInitializer(ClassLoader $loader)
|
359 |
{
|
360 |
return \Closure::bind(function () use ($loader) {
|
361 |
+
$loader->prefixLengthsPsr4 = ComposerStaticInite8b2dea9a12e7d1dfee420665a16a727::$prefixLengthsPsr4;
|
362 |
+
$loader->prefixDirsPsr4 = ComposerStaticInite8b2dea9a12e7d1dfee420665a16a727::$prefixDirsPsr4;
|
363 |
+
$loader->classMap = ComposerStaticInite8b2dea9a12e7d1dfee420665a16a727::$classMap;
|
364 |
|
365 |
}, null, ClassLoader::class);
|
366 |
}
|