WC Vendors - Version 1.7.0

Version Description

No Upgrade required at this time.

Release Info

Developer	digitalchild
Plugin	WC Vendors
Version	1.7.0
Comparing to
See all releases

Code changes from version 1.6.2 to 1.7.0

Files changed (10) hide show

changelog.txt +7 -0
class-wc-vendors.php +7 -6
classes/admin/class-admin-page.php +0 -1
classes/admin/class-vendor-admin-dashboard.php +457 -0
classes/admin/views/html-vendor-settings-page.php +76 -0
classes/class-vendors.php +1 -1
classes/front/dashboard/class-vendor-dashboard.php +33 -31
classes/gateways/PayPal_AdvPayments/paypal_ap.php +2 -2
readme.txt +9 -2
templates/dashboard/orders.php +2 -1

changelog.txt CHANGED Viewed

	@@ -1,5 +1,12 @@
1	Changelog for WC Vendors
2







3	Version 1.6.2
4
5	* Added: Option to change sold by vendor name #106


1	Changelog for WC Vendors
2
3	+ Version 1.7.0
4	+
5	+ * Fixed: add_query_arg/remove_query_arg XSS issue
6	+ * Fixed: Hide Notice not working for admin settings
7	+ * Added: Shop Settings page in WordPress dashboard
8	+ * Added: Orders page in WordPress dashboard
9	+
10	Version 1.6.2
11
12	* Added: Option to change sold by vendor name #106

class-wc-vendors.php CHANGED Viewed

	@@ -7,9 +7,9 @@
7	* Author: WC Vendors
8	* Author URI: http://wcvendors.com
9	*
10	- * Version: 1.6.2
11	* Requires at least: 4.0.0
12	- * Tested up to: 4.1.1
13	*
14	* Text Domain: wcvendors
15	* Domain Path: /languages/
	@@ -83,8 +83,6 @@ if ( is_woocommerce_activated() ) {
83	add_action( 'current_screen', array( $this, 'include_assets' ) );
84
85	add_filter( 'plugin_row_meta', array($this, 'plugin_row_meta'), 10, 2 );
86	-
87	-
88	add_action( self::$id . '_options_updated', array( $this, 'option_updates' ), 10, 2 );
89
90	// Start a PHP session, if not yet started
	@@ -163,8 +161,10 @@ if ( is_woocommerce_activated() ) {
163	require_once wcv_plugin_dir . 'classes/admin/class-admin-reports.php';
164	require_once wcv_plugin_dir . 'classes/admin/class-admin-users.php';
165	require_once wcv_plugin_dir . 'classes/admin/class-admin-page.php';

166	require_once wcv_plugin_dir . 'classes/includes/class-wcv-shortcodes.php';
167

168	if ( !function_exists( 'woocommerce_wp_text_input' ) && !is_admin() ) {
169	include_once(WC()->plugin_path() . '/includes/admin/wc-meta-box-functions.php');
170	}
	@@ -179,6 +179,7 @@ if ( is_woocommerce_activated() ) {
179	new WCV_Product_Meta;
180	new WCV_Vendor_Reports;
181	new WCV_Admin_Setup;

182	new WCV_Admin_Reports;
183	new WCV_Vendor_Applicants;
184	new WCV_Admin_Users;
	@@ -304,7 +305,7 @@ if ( is_woocommerce_activated() ) {
304
305	if ( WC_Vendors::$pv_options->get_option( 'vendor_shop_permalink' ) == null && ! get_user_meta( $current_user_id, 'wcv_shop_ignore_notice' ) ) {
306	echo '<div class="updated">
307	- <p>'.sprintf (__('WC Vendors requires the Vendor shop page value be set <a href="%s">click here to set it.</a> \| <a href="%s">Hide Notice</a>','wcvendors'), 'admin.php?page=wc_prd_vendor' ,add_query_arg( 'wcv_shop_ignore_notice', '0' )).'</p>
308	</div>';
309	}
310
	@@ -312,7 +313,7 @@ if ( is_woocommerce_activated() ) {
312
313	if ( isset( $_GET['page'] ) && 'wc_prd_vendor' == $_GET['page'] && isset( $_GET[ 'settings-updated' ] ) && $general_tab == true && ! get_user_meta( $current_user_id, 'wcv_pl_ignore_notice' ) ) {
314	echo '<div class="updated">
315	- <p>'.sprintf (__('You must save your permalinks once you have modified your vendor page. <a href="%s">click here to save</a>. \| <a href="%s">Hide Notice</a>','wcvendors'), 'options-permalink.php', add_query_arg( '~~cron_mail_ignore~~', '0' )).'</p>
316	</div>';
317	}
318	}


7	* Author: WC Vendors
8	* Author URI: http://wcvendors.com
9	*
10	+ * Version: 1.7.0
11	* Requires at least: 4.0.0
12	+ * Tested up to: 4.2.0
13	*
14	* Text Domain: wcvendors
15	* Domain Path: /languages/

83	add_action( 'current_screen', array( $this, 'include_assets' ) );
84
85	add_filter( 'plugin_row_meta', array($this, 'plugin_row_meta'), 10, 2 );


86	add_action( self::$id . '_options_updated', array( $this, 'option_updates' ), 10, 2 );
87
88	// Start a PHP session, if not yet started

161	require_once wcv_plugin_dir . 'classes/admin/class-admin-reports.php';
162	require_once wcv_plugin_dir . 'classes/admin/class-admin-users.php';
163	require_once wcv_plugin_dir . 'classes/admin/class-admin-page.php';
164	+ require_once wcv_plugin_dir . 'classes/admin/class-vendor-admin-dashboard.php';
165	require_once wcv_plugin_dir . 'classes/includes/class-wcv-shortcodes.php';
166
167	+
168	if ( !function_exists( 'woocommerce_wp_text_input' ) && !is_admin() ) {
169	include_once(WC()->plugin_path() . '/includes/admin/wc-meta-box-functions.php');
170	}

179	new WCV_Product_Meta;
180	new WCV_Vendor_Reports;
181	new WCV_Admin_Setup;
182	+ new WCV_Vendor_Admin_Dashboard;
183	new WCV_Admin_Reports;
184	new WCV_Vendor_Applicants;
185	new WCV_Admin_Users;

305
306	if ( WC_Vendors::$pv_options->get_option( 'vendor_shop_permalink' ) == null && ! get_user_meta( $current_user_id, 'wcv_shop_ignore_notice' ) ) {
307	echo '<div class="updated">
308	+ <p>'.sprintf (__('WC Vendors requires the Vendor shop page value be set <a href="%s">click here to set it.</a> \| <a href="%s">Hide Notice</a>','wcvendors'), 'admin.php?page=wc_prd_vendor', esc_url( add_query_arg( 'wcv_shop_ignore_notice', '0' ) ) ).'</p>
309	</div>';
310	}
311

313
314	if ( isset( $_GET['page'] ) && 'wc_prd_vendor' == $_GET['page'] && isset( $_GET[ 'settings-updated' ] ) && $general_tab == true && ! get_user_meta( $current_user_id, 'wcv_pl_ignore_notice' ) ) {
315	echo '<div class="updated">
316	+ <p>'.sprintf (__('You must save your permalinks once you have modified your vendor page. <a href="%s">click here to save</a>. \| <a href="%s">Hide Notice</a>','wcvendors'), 'options-permalink.php', esc_url( add_query_arg( 'wcv_pl_ignore_notice', '0' ) ) ).'</p>
317	</div>';
318	}
319	}

classes/admin/class-admin-page.php CHANGED Viewed

	@@ -6,7 +6,6 @@ class WCV_Admin_Setup
6	* WC > Referrals menu
7	*/
8
9	-
10	public function __construct()
11	{
12	add_filter( 'set-screen-option', array( 'WCV_Admin_Setup', 'set_table_option' ), 10, 3 );


6	* WC > Referrals menu
7	*/
8

9	public function __construct()
10	{
11	add_filter( 'set-screen-option', array( 'WCV_Admin_Setup', 'set_table_option' ), 10, 3 );

classes/admin/class-vendor-admin-dashboard.php ADDED Viewed

	@@ -0,0 +1,457 @@


1	+ <?php
2	+ /**
3	+ * WC Vendor Admin Dashboard - Vendor WP-Admin Dashboard Pages
4	+ *
5	+ * @author Jamie Madden <http://wcvendors.com / https://github.com/digitalchild>
6	+ * @package WCVendors
7	+ */
8	+
9	+ Class WCV_Vendor_Admin_Dashboard {
10	+
11	+ function __construct(){
12	+ // Add Shop Settings page
13	+ add_action( 'admin_menu', array( $this, 'vendor_dashboard_pages') );
14	+ // Hook into init for form processing
15	+ add_action( 'init', array( $this, 'save_shop_settings' ) );
16	+ }
17	+
18	+ function vendor_dashboard_pages(){
19	+ add_menu_page( __('Shop Settings', 'wcvendors'), __('Shop Settings', 'wcvendors'), 'manage_product', 'wcv-vendor-shopsettings', array( $this, 'settings_page' ) );
20	+ $hook = add_menu_page( __( 'Orders', 'wcvendors' ), __( 'Orders', 'wcvendors' ), 'manage_product', 'wcv-vendor-orders', array( 'WCV_Vendor_Admin_Dashboard', 'orders_page' ) );
21	+ add_action( "load-$hook", array( 'WCV_Vendor_Admin_Dashboard', 'add_options' ) );
22	+ }
23	+
24	+ function settings_page() {
25	+ $user_id = get_current_user_id();
26	+ $paypal_address = true;
27	+ $shop_description = true;
28	+ $description = get_user_meta( $user_id, 'pv_shop_description', true );
29	+ $seller_info = get_user_meta( $user_id, 'pv_seller_info', true );
30	+ $has_html = get_user_meta( $user_id, 'pv_shop_html_enabled', true );
31	+ $shop_page = WCV_Vendors::get_vendor_shop_page( wp_get_current_user()->user_login );
32	+ $global_html = WC_Vendors::$pv_options->get_option( 'shop_html_enabled' );
33	+ include('views/html-vendor-settings-page.php');
34	+ }
35	+
36	+ /**
37	+ * Save shop settings
38	+ */
39	+ public function save_shop_settings()
40	+ {
41	+ $user_id = get_current_user_id();
42	+ $error = false;
43	+ $error_msg = '';
44	+
45	+ if (isset ( $_POST[ 'wc-vendors-nonce' ] ) ) {
46	+
47	+ if ( !wp_verify_nonce( $_POST[ 'wc-vendors-nonce' ], 'save-shop-settings-admin' ) ) {
48	+ return false;
49	+ }
50	+
51	+ if ( isset( $_POST[ 'pv_paypal' ] ) ) {
52	+ if ( !is_email( $_POST[ 'pv_paypal' ] ) ) {
53	+ $error_msg .= __( 'Your PayPal address is not a valid email address.', 'wcvendors' );
54	+ $error = true;
55	+ } else {
56	+ update_user_meta( $user_id, 'pv_paypal', $_POST[ 'pv_paypal' ] );
57	+ }
58	+ }
59	+
60	+ if ( !empty( $_POST[ 'pv_shop_name' ] ) ) {
61	+ $users = get_users( array( 'meta_key' => 'pv_shop_slug', 'meta_value' => sanitize_title( $_POST[ 'pv_shop_name' ] ) ) );
62	+ if ( !empty( $users ) && $users[ 0 ]->ID != $user_id ) {
63	+ $error_msg .= __( 'That shop name is already taken. Your shop name must be unique.', 'wcvendors' );
64	+ $error = true;
65	+ } else {
66	+ update_user_meta( $user_id, 'pv_shop_name', $_POST[ 'pv_shop_name' ] );
67	+ update_user_meta( $user_id, 'pv_shop_slug', sanitize_title( $_POST[ 'pv_shop_name' ] ) );
68	+ }
69	+ }
70	+
71	+ if ( isset( $_POST[ 'pv_shop_description' ] ) ) {
72	+ update_user_meta( $user_id, 'pv_shop_description', $_POST[ 'pv_shop_description' ] );
73	+ }
74	+
75	+ if ( isset( $_POST[ 'pv_seller_info' ] ) ) {
76	+ update_user_meta( $user_id, 'pv_seller_info', $_POST[ 'pv_seller_info' ] );
77	+ }
78	+
79	+ do_action( 'wcvendors_shop_settings_admin_saved', $user_id );
80	+
81	+ if ( ! $error ) {
82	+ echo '<div class="updated"><p>';
83	+ echo __( 'Settings saved.', 'wcvendors' );
84	+ echo '</p></div>';
85	+ } else {
86	+ echo '<div class="error"><p>';
87	+ echo $error_msg;
88	+ echo '</p></div>';
89	+ }
90	+ }
91	+ }
92	+
93	+ /**
94	+ *
95	+ *
96	+ * @param unknown $status
97	+ * @param unknown $option
98	+ * @param unknown $value
99	+ *
100	+ * @return unknown
101	+ */
102	+ public static function set_table_option( $status, $option, $value )
103	+ {
104	+ if ( $option == 'orders_per_page' ) {
105	+ return $value;
106	+ }
107	+ }
108	+
109	+
110	+ /**
111	+ *
112	+ */
113	+ public static function add_options()
114	+ {
115	+ global $WCV_Vendor_Order_Page;
116	+
117	+ $args = array(
118	+ 'label' => 'Rows',
119	+ 'default' => 10,
120	+ 'option' => 'orders_per_page'
121	+ );
122	+ add_screen_option( 'per_page', $args );
123	+
124	+ $WCV_Vendor_Order_Page = new WCV_Vendor_Order_Page();
125	+
126	+ }
127	+
128	+
129	+ /**
130	+ * HTML setup for the Orders Page
131	+ */
132	+ public static function orders_page()
133	+ {
134	+ global $woocommerce, $WCV_Vendor_Order_Page;
135	+
136	+ $WCV_Vendor_Order_Page->prepare_items();
137	+
138	+ ?>
139	+ <div class="wrap">
140	+
141	+ <div id="icon-woocommerce" class="icon32 icon32-woocommerce-reports"><br/></div>
142	+ <h2><?php _e( 'Orders', 'wcvendors' ); ?></h2>
143	+
144	+ <form id="posts-filter" method="get">
145	+
146	+ <input type="hidden" name="page" value="wcv-vendor-orders"/>
147	+ <?php $WCV_Vendor_Order_Page->display() ?>
148	+
149	+ </form>
150	+ <div id="ajax-response"></div>
151	+ <br class="clear"/>
152	+ </div>
153	+
154	+ <?php }
155	+
156	+ } // End WCV_Vendor_Admin_Dashboard
157	+
158	+ if ( !class_exists( 'WP_List_Table' ) ) require_once ABSPATH . 'wp-admin/includes/class-wp-list-table.php';
159	+
160	+ /**
161	+ * WCV Vendor Order Page
162	+ *
163	+ * @author Jamie Madden <http://wcvendors.com / https://github.com/digitalchild>
164	+ * @package WCVendors
165	+ * @extends WP_List_Table
166	+ */
167	+ class WCV_Vendor_Order_Page extends WP_List_Table
168	+ {
169	+
170	+ public $index;
171	+
172	+
173	+ /**
174	+ * __construct function.
175	+ *
176	+ * @access public
177	+ */
178	+ function __construct()
179	+ {
180	+ global $status, $page;
181	+
182	+ $this->index = 0;
183	+
184	+ //Set parent defaults
185	+ parent::__construct( array(
186	+ 'singular' => 'order',
187	+ 'plural' => 'orders',
188	+ 'ajax' => false
189	+ ) );
190	+ }
191	+
192	+
193	+ /**
194	+ * column_default function.
195	+ *
196	+ * @access public
197	+ *
198	+ * @param unknown $item
199	+ * @param mixed $column_name
200	+ *
201	+ * @return unknown
202	+ */
203	+ function column_default( $item, $column_name )
204	+ {
205	+ global $wpdb;
206	+
207	+ switch ( $column_name ) {
208	+ case 'order_id' :
209	+ return $item->order_id;
210	+ case 'customer' :
211	+ return $item->customer;
212	+ case 'products' :
213	+ return $item->products;
214	+ case 'total' :
215	+ return $item->total;
216	+ case 'date' :
217	+ return $item->date;
218	+ case 'status' :
219	+ return $item->status;
220	+ }
221	+ }
222	+
223	+
224	+ /**
225	+ * column_cb function.
226	+ *
227	+ * @access public
228	+ *
229	+ * @param mixed $item
230	+ *
231	+ * @return unknown
232	+ */
233	+ function column_cb( $item )
234	+ {
235	+ return sprintf(
236	+ '<input type="checkbox" name="%1$s[]" value="%2$s" />',
237	+ /$1%s/
238	+ 'order_id',
239	+ /$2%s/
240	+ $item->order_id
241	+ );
242	+ }
243	+
244	+
245	+ /**
246	+ * get_columns function.
247	+ *
248	+ * @access public
249	+ * @return unknown
250	+ */
251	+ function get_columns()
252	+ {
253	+ $columns = array(
254	+ 'cb' => '<input type="checkbox" />',
255	+ 'order_id' => __( 'Order ID', 'wcvendors' ),
256	+ 'customer' => __( 'Customer', 'wcvendors' ),
257	+ 'products' => __( 'Products', 'wcvendors' ),
258	+ 'total' => __( 'Total', 'wcvendors' ),
259	+ 'date' => __( 'Date', 'wcvendors' ),
260	+ 'status' => __( 'Shipped', 'wcvendors' ),
261	+ );
262	+
263	+ return $columns;
264	+ }
265	+
266	+
267	+ /**
268	+ * get_sortable_columns function.
269	+ *
270	+ * @access public
271	+ * @return unknown
272	+ */
273	+ function get_sortable_columns()
274	+ {
275	+ $sortable_columns = array(
276	+ 'order_id' => array( 'order_id', false ),
277	+ 'total' => array( 'total', false ),
278	+ 'status' => array( 'status', false ),
279	+ );
280	+
281	+ return $sortable_columns;
282	+ }
283	+
284	+
285	+ /**
286	+ * Get bulk actions
287	+ *
288	+ * @return unknown
289	+ */
290	+ function get_bulk_actions()
291	+ {
292	+ $actions = array(
293	+ 'mark_shipped' => __( 'Mark shipped', 'wcvendors' ),
294	+ );
295	+
296	+ return $actions;
297	+ }
298	+
299	+
300	+ /**
301	+ * Process bulk actions
302	+ *
303	+ * @return unknown
304	+ */
305	+ function process_bulk_action()
306	+ {
307	+ if ( !isset( $_GET[ 'order_id' ] ) ) return;
308	+
309	+ $items = array_map( 'intval', $_GET[ 'order_id' ] );
310	+
311	+ switch ( $this->current_action() ) {
312	+ case 'mark_shipped':
313	+
314	+ $result = $this->mark_shipped( $items );
315	+
316	+ if ( $result )
317	+ echo '<div class="updated"><p>' . __( 'Orders marked shipped.', 'wcvendors' ) . '</p></div>';
318	+ break;
319	+
320	+ default:
321	+ // code...
322	+ break;
323	+ }
324	+
325	+ }
326	+
327	+
328	+ /**
329	+ * Mark orders as shipped
330	+ *
331	+ * @param unknown $ids (optional)
332	+ *
333	+ * @return unknown
334	+ */
335	+ public function mark_shipped( $ids = array() )
336	+ {
337	+ global $woocommerce;
338	+
339	+ $user_id = get_current_user_id();
340	+
341	+ if ( !empty( $ids ) ) {
342	+ foreach ($ids as $order_id ) {
343	+ $shippers = (array) get_post_meta( $order_id, 'wc_pv_shipped', true );
344	+ if( !in_array($user_id, $shippers)) {
345	+ $shippers[] = $user_id;
346	+ $mails = $woocommerce->mailer()->get_emails();
347	+ if ( !empty( $mails ) ) {
348	+ $mails[ 'WC_Email_Notify_Shipped' ]->trigger( $order_id, $user_id );
349	+ }
350	+ do_action('wcvendors_vendor_ship', $order_id, $user_id);
351	+ }
352	+ update_post_meta( $order_id, 'wc_pv_shipped', $shippers );
353	+ }
354	+ return true;
355	+ }
356	+ return false;
357	+ }
358	+
359	+
360	+ function get_orders() {
361	+
362	+ $user_id = get_current_user_id();
363	+
364	+ $orders = array();
365	+
366	+
367	+ $vendor_products = WCV_Queries::get_commission_products( $user_id );
368	+ $products = array();
369	+
370	+ foreach ($vendor_products as $_product) {
371	+ $products[] = $_product->ID;
372	+ }
373	+
374	+ $_orders = WCV_Queries::get_orders_for_products( $products );
375	+
376	+ foreach ( $_orders as $order ) {
377	+
378	+ $order = new WC_Order( $order->order_id );
379	+ $valid_items = WCV_Queries::get_products_for_order( $order->id );
380	+ $valid = array();
381	+
382	+ $items = $order->get_items();
383	+
384	+ foreach ($items as $key => $value) {
385	+ if ( in_array($value['variation_id'], $valid_items) \|\| in_array($value['product_id'], $valid_items)) {
386	+ $valid[] = $value;
387	+ }
388	+ }
389	+
390	+ $products = '';
391	+
392	+ foreach ($valid as $key => $item) {
393	+ $item_meta = new WC_Order_Item_Meta( $item[ 'item_meta' ] );
394	+ // $item_meta = $item_meta->display( false, true );
395	+ $item_meta = $item_meta->get_formatted( );
396	+ $products .= '<strong>'. $item['qty'] . ' x ' . $item['name'] . '</strong><br />';
397	+ foreach ($item_meta as $key => $meta) {
398	+ // Remove the sold by meta key for display
399	+ if (strtolower($key) != 'sold by' ) $products .= $meta[ 'label' ] .' : ' . $meta[ 'value' ]. '<br />';
400	+ }
401	+ }
402	+
403	+ $shippers = (array) get_post_meta( $order->id, 'wc_pv_shipped', true );
404	+ $shipped = in_array($user_id, $shippers) ? 'Yes' : 'No' ;
405	+
406	+ $sum = WCV_Queries::sum_for_orders( array( $order->id ), array('vendor_id' =>get_current_user_id() ) );
407	+ $total = $sum[0]->line_total;
408	+
409	+ $order_items = array();
410	+ $order_items[ 'order_id' ] = $order->id;
411	+ $order_items[ 'customer' ] = $order->get_formatted_shipping_address();
412	+ $order_items[ 'products' ] = $products;
413	+ $order_items[ 'total' ] = woocommerce_price( $total );
414	+ $order_items[ 'date' ] = date_i18n( wc_date_format(), strtotime( $order->order_date ) );
415	+ $order_items[ 'status' ] = $shipped;
416	+
417	+ $orders[] = (object) $order_items;
418	+ }
419	+ return $orders;
420	+
421	+ }
422	+
423	+
424	+
425	+ /**
426	+ * prepare_items function.
427	+ *
428	+ * @access public
429	+ */
430	+ function prepare_items()
431	+ {
432	+
433	+
434	+ /**
435	+ * Init column headers
436	+ */
437	+ $this->_column_headers = $this->get_column_info();
438	+
439	+
440	+ /**
441	+ * Process bulk actions
442	+ */
443	+ $this->process_bulk_action();
444	+
445	+ /**
446	+ * Get items
447	+ */
448	+
449	+ $this->items = $this->get_orders();
450	+
451	+ /**
452	+ * Pagination
453	+ */
454	+ }
455	+
456	+
457	+ }

classes/admin/views/html-vendor-settings-page.php ADDED Viewed

	@@ -0,0 +1,76 @@


1	+ <div class="wrap">
2	+ <h2>Shop Settings</h2>
3	+ <table class="form-table">
4	+
5	+ <form method="post">
6	+ <?php do_action( 'wcvendors_settings_before_paypal' );
7	+
8	+ if ( $paypal_address !== 'false' ) { ?>
9	+
10	+ <tr>
11	+ <th><?php _e( 'PayPal Address', 'wcvendors' ); ?></th>
12	+ <td><input type="email" name="pv_paypal" id="pv_paypal" placeholder="some@email.com"
13	+ value="<?php echo get_user_meta( $user_id, 'pv_paypal', true ); ?>"/>
14	+ <p class="description">
15	+ <?php _e( 'Your PayPal address is used to send you your commission.', 'wcvendors' ); ?><br/>
16	+ </p>
17	+ </td>
18	+ </tr>
19	+ <?php } ?>
20	+ <?php do_action( 'wcvendors_settings_after_paypal' ); ?>
21	+ <tr>
22	+ <th><?php _e( 'Shop Name', 'wcvendors' ); ?></th>
23	+ <td><input type="text" name="pv_shop_name" id="pv_shop_name" placeholder="Your shop name" value="<?php echo get_user_meta( $user_id, 'pv_shop_name', true ); ?>"/>
24	+ <p class="description"><?php _e( 'Your shop name is public and must be unique.', 'wcvendors' ); ?></p>
25	+ </td>
26	+ </tr>
27	+ <?php do_action( 'wcvendors_settings_after_shop_name' ); ?>
28	+
29	+ <tr>
30	+ <th><?php echo apply_filters( 'wcvendors_seller_info_label', __( 'Seller info', 'wcvendors' ) ); ?></th>
31	+ <td><?php
32	+
33	+ if ( $global_html \|\| $has_html ) {
34	+ $old_post = $GLOBALS[ 'post' ];
35	+ $GLOBALS[ 'post' ] = 0;
36	+ wp_editor( $seller_info, 'pv_seller_info' );
37	+ $GLOBALS[ 'post' ] = $old_post;
38	+ } else {
39	+ ?><textarea class="large-text" rows="10" id="pv_seller_info_unhtml" style="width:95%"
40	+ name="pv_seller_info"><?php echo $seller_info; ?></textarea><?php
41	+ }
42	+ ?>
43	+ <p class="description"><?php _e( 'This is displayed on each of your products.', 'wcvendors' ); ?></p>
44	+ </td>
45	+ </tr>
46	+ <?php do_action( 'wcvendors_settings_after_seller_info' ); ?>
47	+ <?php if ( $shop_description !== 'false' ) { ?>
48	+ <tr>
49	+ <th><?php _e( 'Shop Description', 'wcvendors' ); ?></th>
50	+ <td><?php
51	+
52	+ if ( $global_html \|\| $has_html ) {
53	+ $old_post = $GLOBALS[ 'post' ];
54	+ $GLOBALS[ 'post' ] = 0;
55	+ wp_editor( $description, 'pv_shop_description' );
56	+ $GLOBALS[ 'post' ] = $old_post;
57	+ } else {
58	+ ?><textarea class="large-text" rows="10" id="pv_shop_description_unhtml" style="width:95%" name="pv_shop_description"><?php echo $description; ?></textarea><?php
59	+ }
60	+ ?>
61	+ <p class="description"><?php printf( __( 'This is displayed on your <a href="%s">shop page</a>.', 'wcvendors' ), $shop_page ); ?></p>
62	+ </td>
63	+ </tr>
64	+
65	+ <?php do_action( 'wcvendors_settings_after_shop_description' ); ?>
66	+ <?php } ?>
67	+ <?php wp_nonce_field( 'save-shop-settings-admin', 'wc-vendors-nonce' ); ?>
68	+ <tr>
69	+ <td colspa="2">
70	+ <input type="submit" class="button button-primary" name="vendor_application_submit" value="<?php _e( 'Save Shop Settings', 'wcvendors' ); ?>"/>
71	+ </td>
72	+ </tr>
73	+ </form>
74	+ </table>
75	+ </div>
76	+

classes/class-vendors.php CHANGED Viewed

	@@ -346,7 +346,7 @@ class WCV_Vendors
346
347	return trailingslashit( home_url( sprintf( '/%s%s', $permalink, $vendor ) ) );
348	} else {
349	- return add_query_arg( array( 'vendor_shop' => $vendor ), get_post_type_archive_link( 'product' ) );
350	}
351	}
352


346
347	return trailingslashit( home_url( sprintf( '/%s%s', $permalink, $vendor ) ) );
348	} else {
349	+ return esc_url( add_query_arg( array( 'vendor_shop' => $vendor ), get_post_type_archive_link( 'product' ) ) );
350	}
351	}
352

classes/front/dashboard/class-vendor-dashboard.php CHANGED Viewed

	@@ -1,10 +1,11 @@
1	<?php
2
3	/**
4	- * My ~~account~~ ~~views~~
5	*
6	* @author Matt Gates <http://mgates.me>
7	- * @~~package~~ ~~ProductVendor~~

8	*/
9
10
	@@ -88,41 +89,44 @@ class WCV_Vendor_Dashboard
88	return false;
89	}
90
91	- if ( ~~!wp_verify_nonce~~( $_POST[ 'wc-product-vendor-nonce' ], ~~'save-shop-settings'~~ ) ) {
92	- ~~return false;~~
93	- }


94
95
96	- if ( isset( $_POST[ 'pv_paypal' ] ) ) {
97	- if ( !is_email( $_POST[ 'pv_paypal' ] ) ) {
98	- wc_add_notice( __( 'Your PayPal address is not a valid email address.', 'wcvendors' ), 'error' );
99	- } else {
100	- update_user_meta( $user_id, 'pv_paypal', $_POST[ 'pv_paypal' ] );

101	}
102	- }
103
104	- if ( !empty( $_POST[ 'pv_shop_name' ] ) ) {
105	- $users = get_users( array( 'meta_key' => 'pv_shop_slug', 'meta_value' => sanitize_title( $_POST[ 'pv_shop_name' ] ) ) );
106	- if ( !empty( $users ) && $users[ 0 ]->ID != $user_id ) {
107	- wc_add_notice( __( 'That shop name is already taken. Your shop name must be unique.', 'wcvendors' ), 'error' );
108	- } else {
109	- update_user_meta( $user_id, 'pv_shop_name', $_POST[ 'pv_shop_name' ] );
110	- update_user_meta( $user_id, 'pv_shop_slug', sanitize_title( $_POST[ 'pv_shop_name' ] ) );

111	}
112	- }
113
114	- if ( isset( $_POST[ 'pv_shop_description' ] ) ) {
115	- update_user_meta( $user_id, 'pv_shop_description', $_POST[ 'pv_shop_description' ] );
116	- }
117
118	- if ( isset( $_POST[ 'pv_seller_info' ] ) ) {
119	- update_user_meta( $user_id, 'pv_seller_info', $_POST[ 'pv_seller_info' ] );
120	- }
121
122	- do_action( 'wcvendors_shop_settings_saved', $user_id );
123
124	- if ( !wc_notice_count() ) {
125	- wc_add_notice( __( 'Settings saved.', 'wcvendors' ), 'success' );

126	}
127	}
128
	@@ -373,6 +377,4 @@ class WCV_Vendor_Dashboard
373	{
374	return strcasecmp( $a[ 'title' ], $b[ 'title' ] );
375	}
376	-
377	-
378	- }


1	<?php
2
3	/**
4	+ * WCV Vendor Dashboard
5	*
6	* @author Matt Gates <http://mgates.me>
7	+ * @author Jamie Madden <http://wcvendors.com>
8	+ * @package WCVendors
9	*/
10
11

89	return false;
90	}
91
92	+ if (isset ( $_POST[ 'wc-product-vendor-nonce' ] ) ) {
93	+
94	+ if ( !wp_verify_nonce( $_POST[ 'wc-product-vendor-nonce' ], 'save-shop-settings' ) ) {
95	+ return false;
96	+ }
97
98
99	+ if ( isset( $_POST[ 'pv_paypal' ] ) ) {
100	+ if ( !is_email( $_POST[ 'pv_paypal' ] ) ) {
101	+ wc_add_notice( __( 'Your PayPal address is not a valid email address.', 'wcvendors' ), 'error' );
102	+ } else {
103	+ update_user_meta( $user_id, 'pv_paypal', $_POST[ 'pv_paypal' ] );
104	+ }
105	}

106
107	+ if ( !empty( $_POST[ 'pv_shop_name' ] ) ) {
108	+ $users = get_users( array( 'meta_key' => 'pv_shop_slug', 'meta_value' => sanitize_title( $_POST[ 'pv_shop_name' ] ) ) );
109	+ if ( !empty( $users ) && $users[ 0 ]->ID != $user_id ) {
110	+ wc_add_notice( __( 'That shop name is already taken. Your shop name must be unique.', 'wcvendors' ), 'error' );
111	+ } else {
112	+ update_user_meta( $user_id, 'pv_shop_name', $_POST[ 'pv_shop_name' ] );
113	+ update_user_meta( $user_id, 'pv_shop_slug', sanitize_title( $_POST[ 'pv_shop_name' ] ) );
114	+ }
115	}

116
117	+ if ( isset( $_POST[ 'pv_shop_description' ] ) ) {
118	+ update_user_meta( $user_id, 'pv_shop_description', $_POST[ 'pv_shop_description' ] );
119	+ }
120
121	+ if ( isset( $_POST[ 'pv_seller_info' ] ) ) {
122	+ update_user_meta( $user_id, 'pv_seller_info', $_POST[ 'pv_seller_info' ] );
123	+ }
124
125	+ do_action( 'wcvendors_shop_settings_saved', $user_id );
126
127	+ if ( !wc_notice_count() ) {
128	+ wc_add_notice( __( 'Settings saved.', 'wcvendors' ), 'success' );
129	+ }
130	}
131	}
132

377	{
378	return strcasecmp( $a[ 'title' ], $b[ 'title' ] );
379	}
380	+ }

classes/gateways/PayPal_AdvPayments/paypal_ap.php CHANGED Viewed

	@@ -340,7 +340,7 @@ class WC_PaypalAP extends WC_Payment_Gateway
340	$actionType = 'CREATE';
341	$cancelUrl = $order->get_cancel_order_url();
342	$currencyCode = get_woocommerce_currency();
343	- $returnUrl = add_query_arg( 'key', $order->order_key, add_query_arg( 'order', $order->id, $order->get_checkout_order_received_url() ) );
344
345	$payRequest = new PayRequest( new RequestEnvelope( "en_US" ), $actionType, $cancelUrl, $currencyCode, $receiverList, $returnUrl );
346
	@@ -358,7 +358,7 @@ class WC_PaypalAP extends WC_Payment_Gateway
358	'order_id' => $order_id,
359	);
360
361	- $payRequest->ipnNotificationUrl = str_replace( 'https:', 'http:', add_query_arg( $args, home_url( '/' ) ) );
362	$payRequest->memo = !empty( $order->customer_note ) ? $order->customer_note : '';
363	$payRequest->reverseAllParallelPaymentsOnError = true;
364


340	$actionType = 'CREATE';
341	$cancelUrl = $order->get_cancel_order_url();
342	$currencyCode = get_woocommerce_currency();
343	+ $returnUrl = esc_url( add_query_arg( 'key', $order->order_key, add_query_arg( 'order', $order->id, $order->get_checkout_order_received_url() ) ) );
344
345	$payRequest = new PayRequest( new RequestEnvelope( "en_US" ), $actionType, $cancelUrl, $currencyCode, $receiverList, $returnUrl );
346

358	'order_id' => $order_id,
359	);
360
361	+ $payRequest->ipnNotificationUrl = esc_url( str_replace( 'https:', 'http:', add_query_arg( $args, home_url( '/' ) ) ) );
362	$payRequest->memo = !empty( $order->customer_note ) ? $order->customer_note : '';
363	$payRequest->reverseAllParallelPaymentsOnError = true;
364

readme.txt CHANGED Viewed

	@@ -5,8 +5,8 @@ Donate link: http://www.wcvendors.com/
5	Author URI: http://www.wcvendors.com/
6	Plugin URI: http://www.wcvendors.com/
7	Requires at least: 4.0
8	- Tested up to: 4.1.1
9	- Stable tag: 1.6.2
10	License: GPLv2 or later
11
12	The free multi-vendor plugin for WooCommerce. Now you can allow anyone to open a store on your site!
	@@ -58,6 +58,13 @@ No Upgrade required at this time.
58
59	== Changelog ==
60







61	= Version 1.6.2 - April 17th 2015 =
62
63	* Added: Option to change sold by vendor name #106


5	Author URI: http://www.wcvendors.com/
6	Plugin URI: http://www.wcvendors.com/
7	Requires at least: 4.0
8	+ Tested up to: 4.2.0
9	+ Stable tag: 1.7.0
10	License: GPLv2 or later
11
12	The free multi-vendor plugin for WooCommerce. Now you can allow anyone to open a store on your site!

58
59	== Changelog ==
60
61	+ = Version 1.7.0 - April 23rd 2015 =
62	+
63	+ * Fixed: add_query_arg/remove_query_arg XSS issue
64	+ * Fixed: Hide Notice not working for admin settings
65	+ * Added: Shop Settings page in WordPress dashboard
66	+ * Added: Orders page in WordPress dashboard
67	+
68	= Version 1.6.2 - April 17th 2015 =
69
70	* Added: Option to change sold by vendor name #106

templates/dashboard/orders.php CHANGED Viewed

	@@ -57,7 +57,8 @@ jQuery(function () {
57
58	$shippers = (array) get_post_meta( $order->id, 'wc_pv_shipped', true );
59	$shipped = in_array($user_id, $shippers);
60	- ?>

61
62	<tr>
63	<td><?php echo $order->get_order_number(); ?></td>


57
58	$shippers = (array) get_post_meta( $order->id, 'wc_pv_shipped', true );
59	$shipped = in_array($user_id, $shippers);
60	+
61	+ ?>
62
63	<tr>
64	<td><?php echo $order->get_order_number(); ?></td>