Version Description
- Dev - Improve code security
Download this release
Release Info
| Developer | zorem |
| Plugin |  Advanced Shipment Tracking for WooCommerce |
| Version | 3.2.7 |
| Comparing to | |
| See all releases | |
Code changes from version 3.2.6 to 3.2.7
- includes/class-wc-advanced-shipment-tracking-admin.php +26 -10
- includes/class-wc-advanced-shipment-tracking-settings.php +8 -0
- includes/class-wc-advanced-shipment-tracking-trackship.php +34 -2
- includes/class-wc-advanced-shipment-tracking.php +21 -1
- readme.txt +3 -0
- woocommerce-advanced-shipment-tracking.php +2 -2
includes/class-wc-advanced-shipment-tracking-admin.php
CHANGED
|
@@ -1183,7 +1183,11 @@ class WC_Advanced_Shipment_Tracking_Admin {
|
|
| 1183 |
* settings form save
|
| 1184 |
*/
|
| 1185 |
public function wc_ast_settings_form_update_callback() {
|
| 1186 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1187 |
if ( ! empty( $_POST ) && check_admin_referer( 'wc_ast_settings_form', 'wc_ast_settings_form_nonce' ) ) {
|
| 1188 |
|
| 1189 |
$data = $this->get_add_tracking_options();
|
|
@@ -1349,6 +1353,10 @@ class WC_Advanced_Shipment_Tracking_Admin {
|
|
| 1349 |
*/
|
| 1350 |
public function upload_tracking_csv_fun() {
|
| 1351 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1352 |
check_ajax_referer( 'nonce_csv_import', 'security' );
|
| 1353 |
|
| 1354 |
$replace_tracking_info = isset( $_POST['replace_tracking_info'] ) ? wc_clean( $_POST['replace_tracking_info'] ) : '';
|
|
@@ -1716,6 +1724,10 @@ class WC_Advanced_Shipment_Tracking_Admin {
|
|
| 1716 |
*/
|
| 1717 |
public function update_email_preview_order_fun() {
|
| 1718 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1719 |
check_ajax_referer( 'ast_customizer', 'security' );
|
| 1720 |
|
| 1721 |
$wcast_preview_order_id = isset( $_POST['wcast_preview_order_id'] ) ? wc_clean( $_POST['wcast_preview_order_id'] ) : '';
|
|
@@ -2017,7 +2029,11 @@ class WC_Advanced_Shipment_Tracking_Admin {
|
|
| 2017 |
/*
|
| 2018 |
* filter shipping providers by stats
|
| 2019 |
*/
|
| 2020 |
-
public function filter_shipiing_provider_by_status_fun() {
|
|
|
|
|
|
|
|
|
|
|
|
|
| 2021 |
|
| 2022 |
check_ajax_referer( 'nonce_shipping_provider', 'security' );
|
| 2023 |
|
|
@@ -2058,7 +2074,7 @@ class WC_Advanced_Shipment_Tracking_Admin {
|
|
| 2058 |
*/
|
| 2059 |
public function update_shipment_status_fun() {
|
| 2060 |
|
| 2061 |
-
if ( ! current_user_can( '
|
| 2062 |
exit( 'You are not allowed' );
|
| 2063 |
}
|
| 2064 |
|
|
@@ -2082,7 +2098,7 @@ class WC_Advanced_Shipment_Tracking_Admin {
|
|
| 2082 |
*/
|
| 2083 |
public function update_default_provider_fun() {
|
| 2084 |
|
| 2085 |
-
if ( ! current_user_can( '
|
| 2086 |
exit( 'You are not allowed' );
|
| 2087 |
}
|
| 2088 |
|
|
@@ -2135,7 +2151,7 @@ class WC_Advanced_Shipment_Tracking_Admin {
|
|
| 2135 |
*/
|
| 2136 |
public function woocommerce_shipping_provider_delete() {
|
| 2137 |
|
| 2138 |
-
if ( ! current_user_can( '
|
| 2139 |
exit( 'You are not allowed' );
|
| 2140 |
}
|
| 2141 |
|
|
@@ -2163,7 +2179,7 @@ class WC_Advanced_Shipment_Tracking_Admin {
|
|
| 2163 |
*/
|
| 2164 |
public function get_provider_details_fun() {
|
| 2165 |
|
| 2166 |
-
if ( ! current_user_can( '
|
| 2167 |
exit( 'You are not allowed' );
|
| 2168 |
}
|
| 2169 |
|
|
@@ -2193,7 +2209,7 @@ class WC_Advanced_Shipment_Tracking_Admin {
|
|
| 2193 |
*/
|
| 2194 |
public function update_custom_shipment_provider_fun() {
|
| 2195 |
|
| 2196 |
-
if ( ! current_user_can( '
|
| 2197 |
exit( 'You are not allowed' );
|
| 2198 |
}
|
| 2199 |
|
|
@@ -2248,8 +2264,8 @@ class WC_Advanced_Shipment_Tracking_Admin {
|
|
| 2248 |
*/
|
| 2249 |
public function reset_default_provider_fun() {
|
| 2250 |
|
| 2251 |
-
if ( ! current_user_can( '
|
| 2252 |
-
exit('You are not allowed');
|
| 2253 |
}
|
| 2254 |
|
| 2255 |
check_ajax_referer( 'nonce_shipping_provider', 'security' );
|
|
@@ -2280,7 +2296,7 @@ class WC_Advanced_Shipment_Tracking_Admin {
|
|
| 2280 |
*/
|
| 2281 |
public function update_provider_status_fun() {
|
| 2282 |
|
| 2283 |
-
if ( ! current_user_can( '
|
| 2284 |
exit( 'You are not allowed' );
|
| 2285 |
}
|
| 2286 |
|
| 1183 |
* settings form save
|
| 1184 |
*/
|
| 1185 |
public function wc_ast_settings_form_update_callback() {
|
| 1186 |
+
|
| 1187 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 1188 |
+
exit( 'You are not allowed' );
|
| 1189 |
+
}
|
| 1190 |
+
|
| 1191 |
if ( ! empty( $_POST ) && check_admin_referer( 'wc_ast_settings_form', 'wc_ast_settings_form_nonce' ) ) {
|
| 1192 |
|
| 1193 |
$data = $this->get_add_tracking_options();
|
| 1353 |
*/
|
| 1354 |
public function upload_tracking_csv_fun() {
|
| 1355 |
|
| 1356 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 1357 |
+
exit( 'You are not allowed' );
|
| 1358 |
+
}
|
| 1359 |
+
|
| 1360 |
check_ajax_referer( 'nonce_csv_import', 'security' );
|
| 1361 |
|
| 1362 |
$replace_tracking_info = isset( $_POST['replace_tracking_info'] ) ? wc_clean( $_POST['replace_tracking_info'] ) : '';
|
| 1724 |
*/
|
| 1725 |
public function update_email_preview_order_fun() {
|
| 1726 |
|
| 1727 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 1728 |
+
exit( 'You are not allowed' );
|
| 1729 |
+
}
|
| 1730 |
+
|
| 1731 |
check_ajax_referer( 'ast_customizer', 'security' );
|
| 1732 |
|
| 1733 |
$wcast_preview_order_id = isset( $_POST['wcast_preview_order_id'] ) ? wc_clean( $_POST['wcast_preview_order_id'] ) : '';
|
| 2029 |
/*
|
| 2030 |
* filter shipping providers by stats
|
| 2031 |
*/
|
| 2032 |
+
public function filter_shipiing_provider_by_status_fun() {
|
| 2033 |
+
|
| 2034 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 2035 |
+
exit( 'You are not allowed' );
|
| 2036 |
+
}
|
| 2037 |
|
| 2038 |
check_ajax_referer( 'nonce_shipping_provider', 'security' );
|
| 2039 |
|
| 2074 |
*/
|
| 2075 |
public function update_shipment_status_fun() {
|
| 2076 |
|
| 2077 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 2078 |
exit( 'You are not allowed' );
|
| 2079 |
}
|
| 2080 |
|
| 2098 |
*/
|
| 2099 |
public function update_default_provider_fun() {
|
| 2100 |
|
| 2101 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 2102 |
exit( 'You are not allowed' );
|
| 2103 |
}
|
| 2104 |
|
| 2151 |
*/
|
| 2152 |
public function woocommerce_shipping_provider_delete() {
|
| 2153 |
|
| 2154 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 2155 |
exit( 'You are not allowed' );
|
| 2156 |
}
|
| 2157 |
|
| 2179 |
*/
|
| 2180 |
public function get_provider_details_fun() {
|
| 2181 |
|
| 2182 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 2183 |
exit( 'You are not allowed' );
|
| 2184 |
}
|
| 2185 |
|
| 2209 |
*/
|
| 2210 |
public function update_custom_shipment_provider_fun() {
|
| 2211 |
|
| 2212 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 2213 |
exit( 'You are not allowed' );
|
| 2214 |
}
|
| 2215 |
|
| 2264 |
*/
|
| 2265 |
public function reset_default_provider_fun() {
|
| 2266 |
|
| 2267 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 2268 |
+
exit( 'You are not allowed' );
|
| 2269 |
}
|
| 2270 |
|
| 2271 |
check_ajax_referer( 'nonce_shipping_provider', 'security' );
|
| 2296 |
*/
|
| 2297 |
public function update_provider_status_fun() {
|
| 2298 |
|
| 2299 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 2300 |
exit( 'You are not allowed' );
|
| 2301 |
}
|
| 2302 |
|
includes/class-wc-advanced-shipment-tracking-settings.php
CHANGED
|
@@ -400,6 +400,10 @@ class WC_Advanced_Shipment_Tracking_Settings {
|
|
| 400 |
|
| 401 |
public function ast_open_inline_tracking_form_fun() {
|
| 402 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 403 |
check_ajax_referer( 'ast-order-list', 'security' );
|
| 404 |
|
| 405 |
$order_id = isset( $_POST['order_id'] ) ? wc_clean( $_POST['order_id'] ) :'';
|
|
@@ -493,6 +497,10 @@ class WC_Advanced_Shipment_Tracking_Settings {
|
|
| 493 |
*/
|
| 494 |
public function sync_providers_fun() {
|
| 495 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 496 |
check_ajax_referer( 'nonce_shipping_provider', 'security' );
|
| 497 |
|
| 498 |
$reset_checked = isset( $_POST[ 'reset_checked' ] ) ? wc_clean( $_POST[ 'reset_checked' ] ) : '';
|
| 400 |
|
| 401 |
public function ast_open_inline_tracking_form_fun() {
|
| 402 |
|
| 403 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 404 |
+
exit( 'You are not allowed' );
|
| 405 |
+
}
|
| 406 |
+
|
| 407 |
check_ajax_referer( 'ast-order-list', 'security' );
|
| 408 |
|
| 409 |
$order_id = isset( $_POST['order_id'] ) ? wc_clean( $_POST['order_id'] ) :'';
|
| 497 |
*/
|
| 498 |
public function sync_providers_fun() {
|
| 499 |
|
| 500 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 501 |
+
exit( 'You are not allowed' );
|
| 502 |
+
}
|
| 503 |
+
|
| 504 |
check_ajax_referer( 'nonce_shipping_provider', 'security' );
|
| 505 |
|
| 506 |
$reset_checked = isset( $_POST[ 'reset_checked' ] ) ? wc_clean( $_POST[ 'reset_checked' ] ) : '';
|
includes/class-wc-advanced-shipment-tracking-trackship.php
CHANGED
|
@@ -466,6 +466,10 @@ class WC_Advanced_Shipment_Tracking_Trackship {
|
|
| 466 |
*/
|
| 467 |
public function wc_ast_trackship_form_update_callback() {
|
| 468 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 469 |
if ( ! empty( $_POST ) && check_admin_referer( 'wc_ast_trackship_form', 'wc_ast_trackship_form_nonce' ) ) {
|
| 470 |
|
| 471 |
$data2 = $this->get_trackship_general_data();
|
|
@@ -486,6 +490,10 @@ class WC_Advanced_Shipment_Tracking_Trackship {
|
|
| 486 |
*/
|
| 487 |
public function trackship_tracking_page_form_update_callback() {
|
| 488 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 489 |
if ( ! empty( $_POST ) && check_admin_referer( 'trackship_tracking_page_form', 'trackship_tracking_page_form_nonce' ) ) {
|
| 490 |
|
| 491 |
$data1 = $this->get_tracking_page_data();
|
|
@@ -510,6 +518,10 @@ class WC_Advanced_Shipment_Tracking_Trackship {
|
|
| 510 |
*/
|
| 511 |
public function ts_late_shipments_email_form_update_callback() {
|
| 512 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 513 |
if ( ! empty( $_POST ) && check_admin_referer( 'ts_late_shipments_email_form', 'ts_late_shipments_email_form_nonce' ) ) {
|
| 514 |
|
| 515 |
$wcast_late_shipments_days = isset( $_POST['wcast_late_shipments_days'] ) ? wc_clean( $_POST['wcast_late_shipments_days'] ) : '';
|
|
@@ -650,7 +662,13 @@ class WC_Advanced_Shipment_Tracking_Trackship {
|
|
| 650 |
* Trackship Automation form save
|
| 651 |
*/
|
| 652 |
public function wc_ast_trackship_automation_form_update() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 653 |
check_ajax_referer( 'wc_ast_trackship_automation_form', 'wc_ast_trackship_automation_form_nonce' );
|
|
|
|
| 654 |
$data = $this->get_delivered_data();
|
| 655 |
foreach ( $data as $key => $val ) {
|
| 656 |
if ( isset( $_POST[ $key ] ) ) {
|
|
@@ -772,6 +790,10 @@ class WC_Advanced_Shipment_Tracking_Trackship {
|
|
| 772 |
*/
|
| 773 |
public static function bulk_shipment_status_from_settings_fun() {
|
| 774 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 775 |
check_ajax_referer( 'bulk_shipment_status', 'security' );
|
| 776 |
|
| 777 |
$args = array(
|
|
@@ -1059,9 +1081,13 @@ class WC_Advanced_Shipment_Tracking_Trackship {
|
|
| 1059 |
* update all shipment status email status
|
| 1060 |
*/
|
| 1061 |
public function update_shipment_status_email_status_fun() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1062 |
check_ajax_referer( 'ts_late_shipments_email_form', 'security' );
|
| 1063 |
|
| 1064 |
-
|
| 1065 |
$settings_data = isset( $_POST[ 'settings_data' ] ) ? wc_clean( $_POST[ 'settings_data' ] ) : '';
|
| 1066 |
$post_id = isset( $_POST[ 'id' ] ) ? wc_clean( $_POST[ 'id' ] ) : '';
|
| 1067 |
$wcast_enable_status_email = isset( $_POST[ 'wcast_enable_status_email' ] ) ? wc_clean( $_POST[ 'wcast_enable_status_email' ] ) : '';
|
|
@@ -1077,7 +1103,13 @@ class WC_Advanced_Shipment_Tracking_Trackship {
|
|
| 1077 |
* update late shipment email status
|
| 1078 |
*/
|
| 1079 |
public function update_enable_late_shipments_email_fun() {
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1080 |
check_ajax_referer( 'ts_late_shipments_email_form', 'security' );
|
|
|
|
| 1081 |
$wcast_enable_late_shipments_email = isset( $_POST[ 'wcast_enable_late_shipments_email' ] ) ? wc_clean( $_POST[ 'wcast_enable_late_shipments_email' ] ) : '';
|
| 1082 |
$post_id = isset( $_POST[ 'id' ] ) ? wc_clean( $_POST[ 'id' ] ) : '';
|
| 1083 |
$settings_data = isset( $_POST[ 'settings_data' ] ) ? wc_clean( $_POST[ 'settings_data' ] ) : '';
|
|
@@ -1280,7 +1312,7 @@ class WC_Advanced_Shipment_Tracking_Trackship {
|
|
| 1280 |
?>
|
| 1281 |
<div class="ast-shipment-status-div">
|
| 1282 |
<span class="open_tracking_details ast-shipment-status shipment-<?php echo esc_html( $status ); ?>" data-orderid="<?php echo esc_html( $order_id ); ?>" data-tracking_id="<?php echo esc_html( $tracking_id ); ?>">
|
| 1283 |
-
<?php echo
|
| 1284 |
</span>
|
| 1285 |
<?php if ( '' != $status_date ) { ?>
|
| 1286 |
<span class="">on <?php echo esc_html( gmdate( $date_format, strtotime( $status_date ) ) ); ?></span>
|
| 466 |
*/
|
| 467 |
public function wc_ast_trackship_form_update_callback() {
|
| 468 |
|
| 469 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 470 |
+
exit( 'You are not allowed' );
|
| 471 |
+
}
|
| 472 |
+
|
| 473 |
if ( ! empty( $_POST ) && check_admin_referer( 'wc_ast_trackship_form', 'wc_ast_trackship_form_nonce' ) ) {
|
| 474 |
|
| 475 |
$data2 = $this->get_trackship_general_data();
|
| 490 |
*/
|
| 491 |
public function trackship_tracking_page_form_update_callback() {
|
| 492 |
|
| 493 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 494 |
+
exit( 'You are not allowed' );
|
| 495 |
+
}
|
| 496 |
+
|
| 497 |
if ( ! empty( $_POST ) && check_admin_referer( 'trackship_tracking_page_form', 'trackship_tracking_page_form_nonce' ) ) {
|
| 498 |
|
| 499 |
$data1 = $this->get_tracking_page_data();
|
| 518 |
*/
|
| 519 |
public function ts_late_shipments_email_form_update_callback() {
|
| 520 |
|
| 521 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 522 |
+
exit( 'You are not allowed' );
|
| 523 |
+
}
|
| 524 |
+
|
| 525 |
if ( ! empty( $_POST ) && check_admin_referer( 'ts_late_shipments_email_form', 'ts_late_shipments_email_form_nonce' ) ) {
|
| 526 |
|
| 527 |
$wcast_late_shipments_days = isset( $_POST['wcast_late_shipments_days'] ) ? wc_clean( $_POST['wcast_late_shipments_days'] ) : '';
|
| 662 |
* Trackship Automation form save
|
| 663 |
*/
|
| 664 |
public function wc_ast_trackship_automation_form_update() {
|
| 665 |
+
|
| 666 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 667 |
+
exit( 'You are not allowed' );
|
| 668 |
+
}
|
| 669 |
+
|
| 670 |
check_ajax_referer( 'wc_ast_trackship_automation_form', 'wc_ast_trackship_automation_form_nonce' );
|
| 671 |
+
|
| 672 |
$data = $this->get_delivered_data();
|
| 673 |
foreach ( $data as $key => $val ) {
|
| 674 |
if ( isset( $_POST[ $key ] ) ) {
|
| 790 |
*/
|
| 791 |
public static function bulk_shipment_status_from_settings_fun() {
|
| 792 |
|
| 793 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 794 |
+
exit( 'You are not allowed' );
|
| 795 |
+
}
|
| 796 |
+
|
| 797 |
check_ajax_referer( 'bulk_shipment_status', 'security' );
|
| 798 |
|
| 799 |
$args = array(
|
| 1081 |
* update all shipment status email status
|
| 1082 |
*/
|
| 1083 |
public function update_shipment_status_email_status_fun() {
|
| 1084 |
+
|
| 1085 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 1086 |
+
exit( 'You are not allowed' );
|
| 1087 |
+
}
|
| 1088 |
+
|
| 1089 |
check_ajax_referer( 'ts_late_shipments_email_form', 'security' );
|
| 1090 |
|
|
|
|
| 1091 |
$settings_data = isset( $_POST[ 'settings_data' ] ) ? wc_clean( $_POST[ 'settings_data' ] ) : '';
|
| 1092 |
$post_id = isset( $_POST[ 'id' ] ) ? wc_clean( $_POST[ 'id' ] ) : '';
|
| 1093 |
$wcast_enable_status_email = isset( $_POST[ 'wcast_enable_status_email' ] ) ? wc_clean( $_POST[ 'wcast_enable_status_email' ] ) : '';
|
| 1103 |
* update late shipment email status
|
| 1104 |
*/
|
| 1105 |
public function update_enable_late_shipments_email_fun() {
|
| 1106 |
+
|
| 1107 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 1108 |
+
exit( 'You are not allowed' );
|
| 1109 |
+
}
|
| 1110 |
+
|
| 1111 |
check_ajax_referer( 'ts_late_shipments_email_form', 'security' );
|
| 1112 |
+
|
| 1113 |
$wcast_enable_late_shipments_email = isset( $_POST[ 'wcast_enable_late_shipments_email' ] ) ? wc_clean( $_POST[ 'wcast_enable_late_shipments_email' ] ) : '';
|
| 1114 |
$post_id = isset( $_POST[ 'id' ] ) ? wc_clean( $_POST[ 'id' ] ) : '';
|
| 1115 |
$settings_data = isset( $_POST[ 'settings_data' ] ) ? wc_clean( $_POST[ 'settings_data' ] ) : '';
|
| 1312 |
?>
|
| 1313 |
<div class="ast-shipment-status-div">
|
| 1314 |
<span class="open_tracking_details ast-shipment-status shipment-<?php echo esc_html( $status ); ?>" data-orderid="<?php echo esc_html( $order_id ); ?>" data-tracking_id="<?php echo esc_html( $tracking_id ); ?>">
|
| 1315 |
+
<?php echo wp_kses_post( apply_filters( 'trackship_status_icon_filter', '', $status ) ); ?> <strong><?php echo esc_html( apply_filters( 'trackship_status_filter', $status ) ); ?></strong>
|
| 1316 |
</span>
|
| 1317 |
<?php if ( '' != $status_date ) { ?>
|
| 1318 |
<span class="">on <?php echo esc_html( gmdate( $date_format, strtotime( $status_date ) ) ); ?></span>
|
includes/class-wc-advanced-shipment-tracking.php
CHANGED
|
@@ -524,6 +524,10 @@ class WC_Advanced_Shipment_Tracking_Actions {
|
|
| 524 |
*/
|
| 525 |
public function get_meta_box_items_ajax() {
|
| 526 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 527 |
check_ajax_referer( 'get-tracking-item', 'security', true );
|
| 528 |
|
| 529 |
$order_id = isset( $_POST['order_id'] ) ? wc_clean( $_POST['order_id'] ) : '';
|
|
@@ -583,6 +587,10 @@ class WC_Advanced_Shipment_Tracking_Actions {
|
|
| 583 |
*/
|
| 584 |
public function save_meta_box( $post_id, $post ) {
|
| 585 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 586 |
// Check the nonce.
|
| 587 |
if ( empty( $_POST['woocommerce_meta_nonce'] ) || ! wp_verify_nonce( wp_unslash( wc_clean( $_POST['woocommerce_meta_nonce'] ) ), 'woocommerce_save_data' ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
| 588 |
return;
|
|
@@ -629,6 +637,10 @@ class WC_Advanced_Shipment_Tracking_Actions {
|
|
| 629 |
*/
|
| 630 |
public function save_meta_box_ajax() {
|
| 631 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 632 |
check_ajax_referer( 'create-tracking-item', 'security', true );
|
| 633 |
|
| 634 |
$tracking_provider = isset( $_POST['tracking_provider'] ) ? wc_clean( $_POST['tracking_provider'] ) : '';
|
|
@@ -680,7 +692,11 @@ class WC_Advanced_Shipment_Tracking_Actions {
|
|
| 680 |
* Function for saving tracking items via AJAX
|
| 681 |
*/
|
| 682 |
public function save_inline_tracking_number() {
|
| 683 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
| 684 |
check_ajax_referer( 'wc_ast_inline_tracking_form', 'wc_ast_inline_tracking_form_nonce' );
|
| 685 |
|
| 686 |
$tracking_provider = isset( $_POST['tracking_provider'] ) ? wc_clean( $_POST['tracking_provider'] ) : '';
|
|
@@ -721,6 +737,10 @@ class WC_Advanced_Shipment_Tracking_Actions {
|
|
| 721 |
*/
|
| 722 |
public function meta_box_delete_tracking() {
|
| 723 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| 724 |
check_ajax_referer( 'delete-tracking-item', 'security' );
|
| 725 |
|
| 726 |
$order_id = isset( $_POST['order_id'] ) ? wc_clean( $_POST['order_id'] ) : '';
|
| 524 |
*/
|
| 525 |
public function get_meta_box_items_ajax() {
|
| 526 |
|
| 527 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 528 |
+
exit( 'You are not allowed' );
|
| 529 |
+
}
|
| 530 |
+
|
| 531 |
check_ajax_referer( 'get-tracking-item', 'security', true );
|
| 532 |
|
| 533 |
$order_id = isset( $_POST['order_id'] ) ? wc_clean( $_POST['order_id'] ) : '';
|
| 587 |
*/
|
| 588 |
public function save_meta_box( $post_id, $post ) {
|
| 589 |
|
| 590 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 591 |
+
exit( 'You are not allowed' );
|
| 592 |
+
}
|
| 593 |
+
|
| 594 |
// Check the nonce.
|
| 595 |
if ( empty( $_POST['woocommerce_meta_nonce'] ) || ! wp_verify_nonce( wp_unslash( wc_clean( $_POST['woocommerce_meta_nonce'] ) ), 'woocommerce_save_data' ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
| 596 |
return;
|
| 637 |
*/
|
| 638 |
public function save_meta_box_ajax() {
|
| 639 |
|
| 640 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 641 |
+
exit( 'You are not allowed' );
|
| 642 |
+
}
|
| 643 |
+
|
| 644 |
check_ajax_referer( 'create-tracking-item', 'security', true );
|
| 645 |
|
| 646 |
$tracking_provider = isset( $_POST['tracking_provider'] ) ? wc_clean( $_POST['tracking_provider'] ) : '';
|
| 692 |
* Function for saving tracking items via AJAX
|
| 693 |
*/
|
| 694 |
public function save_inline_tracking_number() {
|
| 695 |
+
|
| 696 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 697 |
+
exit( 'You are not allowed' );
|
| 698 |
+
}
|
| 699 |
+
|
| 700 |
check_ajax_referer( 'wc_ast_inline_tracking_form', 'wc_ast_inline_tracking_form_nonce' );
|
| 701 |
|
| 702 |
$tracking_provider = isset( $_POST['tracking_provider'] ) ? wc_clean( $_POST['tracking_provider'] ) : '';
|
| 737 |
*/
|
| 738 |
public function meta_box_delete_tracking() {
|
| 739 |
|
| 740 |
+
if ( ! current_user_can( 'manage_woocommerce' ) ) {
|
| 741 |
+
exit( 'You are not allowed' );
|
| 742 |
+
}
|
| 743 |
+
|
| 744 |
check_ajax_referer( 'delete-tracking-item', 'security' );
|
| 745 |
|
| 746 |
$order_id = isset( $_POST['order_id'] ) ? wc_clean( $_POST['order_id'] ) : '';
|
readme.txt
CHANGED
|
@@ -112,6 +112,9 @@ Yes, if you use external shipping services that work with the WooCommerce REST A
|
|
| 112 |
|
| 113 |
== Changelog ==
|
| 114 |
|
|
|
|
|
|
|
|
|
|
| 115 |
= 3.2.6 =
|
| 116 |
* Fix - Fixed shipping provider search issue in Shipping provider settings page
|
| 117 |
* Dev - Improve code quality and security
|
| 112 |
|
| 113 |
== Changelog ==
|
| 114 |
|
| 115 |
+
= 3.2.7 =
|
| 116 |
+
* Dev - Improve code security
|
| 117 |
+
|
| 118 |
= 3.2.6 =
|
| 119 |
* Fix - Fixed shipping provider search issue in Shipping provider settings page
|
| 120 |
* Dev - Improve code quality and security
|
woocommerce-advanced-shipment-tracking.php
CHANGED
|
@@ -4,7 +4,7 @@
|
|
| 4 |
* Plugin Name: Advanced Shipment Tracking for WooCommerce
|
| 5 |
* Plugin URI: https://www.zorem.com/products/woocommerce-advanced-shipment-tracking/
|
| 6 |
* Description: Add shipment tracking information to your WooCommerce orders and provide customers with an easy way to track their orders. Shipment tracking Info will appear in customers accounts (in the order panel) and in WooCommerce order complete email.
|
| 7 |
-
* Version: 3.2.
|
| 8 |
* Author: zorem
|
| 9 |
* Author URI: https://www.zorem.com
|
| 10 |
* License: GPL-2.0+
|
|
@@ -20,7 +20,7 @@ class Zorem_Woocommerce_Advanced_Shipment_Tracking {
|
|
| 20 |
*
|
| 21 |
* @var string
|
| 22 |
*/
|
| 23 |
-
public $version = '3.2.
|
| 24 |
|
| 25 |
/**
|
| 26 |
* Initialize the main plugin function
|
| 4 |
* Plugin Name: Advanced Shipment Tracking for WooCommerce
|
| 5 |
* Plugin URI: https://www.zorem.com/products/woocommerce-advanced-shipment-tracking/
|
| 6 |
* Description: Add shipment tracking information to your WooCommerce orders and provide customers with an easy way to track their orders. Shipment tracking Info will appear in customers accounts (in the order panel) and in WooCommerce order complete email.
|
| 7 |
+
* Version: 3.2.7
|
| 8 |
* Author: zorem
|
| 9 |
* Author URI: https://www.zorem.com
|
| 10 |
* License: GPL-2.0+
|
| 20 |
*
|
| 21 |
* @var string
|
| 22 |
*/
|
| 23 |
+
public $version = '3.2.7';
|
| 24 |
|
| 25 |
/**
|
| 26 |
* Initialize the main plugin function
|
