Discount Rules for WooCommerce - Version 2.1.2

Version Description

  • 22/08/20 =
  • Fix - Security fix: though a major release was made in 2.1.0 in August 13th, a few sites might had older versions. In case, they were affected due to cross-site scripting, this fix will clean up the html before displaying in the front end.
Download this release

Release Info

Developer flycart
Plugin Icon 128x128 Discount Rules for WooCommerce
Version 2.1.2
Comparing to
See all releases

Code changes from version 2.1.1 to 2.1.2

Files changed (5) hide show
  1. readme.txt +4 -1
  2. v2/App/Controllers/ManageDiscount.php +4 -0
  3. v2/App/Controllers/ShortCodeManager.php +4 -2
  4. v2/App/Helpers/Helper.php +17 -0
  5. woo-discount-rules.php +9 -4
readme.txt CHANGED
@@ -4,7 +4,7 @@ Donate link: https://flycart.org/
4
  Tags: woocommerce, coupons, discounts, dynamic pricing, Buy One Get One Free, pricing deals, bulk discount, discount
5
  Requires at least: 4.4.1
6
  Tested up to: 5.5
7
- Stable tag: 2.1.1
8
  License: GPLv3 or later
9
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
 
@@ -336,6 +336,9 @@ Discount - Enter minimum & Maximum quantity -> Adjustment Type -> Product Discou
336
 
337
  == Changelog ==
338
 
 
 
 
339
  = 2.1.1 - 17/08/20 =
340
  * Fix - Country and state field doesn't loads when have multiple
341
  * Fix - Warning while having BOGO rule.
4
  Tags: woocommerce, coupons, discounts, dynamic pricing, Buy One Get One Free, pricing deals, bulk discount, discount
5
  Requires at least: 4.4.1
6
  Tested up to: 5.5
7
+ Stable tag: 2.1.2
8
  License: GPLv3 or later
9
  License URI: http://www.gnu.org/licenses/gpl-3.0.html
10
 
336
 
337
  == Changelog ==
338
 
339
+ = 2.1.2 - 22/08/20 =
340
+ * Fix - Security fix: though a major release was made in 2.1.0 in August 13th, a few sites might had older versions. In case, they were affected due to cross-site scripting, this fix will clean up the html before displaying in the front end.
341
+
342
  = 2.1.1 - 17/08/20 =
343
  * Fix - Country and state field doesn't loads when have multiple
344
  * Fix - Warning while having BOGO rule.
v2/App/Controllers/ManageDiscount.php CHANGED
@@ -123,6 +123,7 @@ class ManageDiscount extends Base
123
  $product_id = Woocommerce::getProductId($_product);
124
  if(self::isProductOnSale($product_id) || $use_sale_badge_customize){
125
  $on_sale_badge_html = self::$config->getConfig('on_sale_badge_html', '<span class="onsale">Sale!</span>');
 
126
  $html = __($on_sale_badge_html, WDR_TEXT_DOMAIN);
127
  $html = apply_filters('advanced_woo_discount_rules_on_sale_badge_html', $html, $post, $_product);
128
  }
@@ -660,6 +661,7 @@ class ManageDiscount extends Base
660
  //Combine all discounts and add as single discounts
661
  if (!empty($total_combined_discounts) && !empty($combine_all_discounts)) {
662
  $label = self::$config->getConfig('discount_label_for_combined_discounts', __('cart discount', WDR_TEXT_DOMAIN));
 
663
  if ($discount_apply_type == 'fee') {
664
  $total_combined_discounts = -1 * $total_combined_discounts;
665
  self::$woocommerce_helper->addCartFee($cart, apply_filters('advanced_woo_discount_rules_additional_fee_label', $label, $cart), apply_filters('advanced_woo_discount_rules_additional_fee_value', $total_combined_discounts, $cart));
@@ -1266,6 +1268,7 @@ class ManageDiscount extends Base
1266
  function showAppliedRulesMessages()
1267
  {
1268
  $message = self::$config->getConfig('applied_rule_message', 'Discount <strong>"{{title}}"</strong> has been applied to your cart.');
 
1269
  $calc = self::$calculator;
1270
  $applied_rules = $calc::$applied_rules;
1271
  if (!empty($applied_rules)) {
@@ -1373,6 +1376,7 @@ class ManageDiscount extends Base
1373
  {
1374
  if (!empty($discount)) {
1375
  $text = self::$config->getConfig('you_saved_text');
 
1376
  $message = str_replace('{{total_discount}}', $discount, $text);
1377
  return '<div class="awdr-you-saved-text" style="color: green">' . $message . '</div>';
1378
  }
123
  $product_id = Woocommerce::getProductId($_product);
124
  if(self::isProductOnSale($product_id) || $use_sale_badge_customize){
125
  $on_sale_badge_html = self::$config->getConfig('on_sale_badge_html', '<span class="onsale">Sale!</span>');
126
+ $on_sale_badge_html = Helper::getCleanHtml($on_sale_badge_html);
127
  $html = __($on_sale_badge_html, WDR_TEXT_DOMAIN);
128
  $html = apply_filters('advanced_woo_discount_rules_on_sale_badge_html', $html, $post, $_product);
129
  }
661
  //Combine all discounts and add as single discounts
662
  if (!empty($total_combined_discounts) && !empty($combine_all_discounts)) {
663
  $label = self::$config->getConfig('discount_label_for_combined_discounts', __('cart discount', WDR_TEXT_DOMAIN));
664
+ $label = Helper::getCleanHtml($label);
665
  if ($discount_apply_type == 'fee') {
666
  $total_combined_discounts = -1 * $total_combined_discounts;
667
  self::$woocommerce_helper->addCartFee($cart, apply_filters('advanced_woo_discount_rules_additional_fee_label', $label, $cart), apply_filters('advanced_woo_discount_rules_additional_fee_value', $total_combined_discounts, $cart));
1268
  function showAppliedRulesMessages()
1269
  {
1270
  $message = self::$config->getConfig('applied_rule_message', 'Discount <strong>"{{title}}"</strong> has been applied to your cart.');
1271
+ $message = Helper::getCleanHtml($message);
1272
  $calc = self::$calculator;
1273
  $applied_rules = $calc::$applied_rules;
1274
  if (!empty($applied_rules)) {
1376
  {
1377
  if (!empty($discount)) {
1378
  $text = self::$config->getConfig('you_saved_text');
1379
+ $text = Helper::getCleanHtml($text);
1380
  $message = str_replace('{{total_discount}}', $discount, $text);
1381
  return '<div class="awdr-you-saved-text" style="color: green">' . $message . '</div>';
1382
  }
v2/App/Controllers/ShortCodeManager.php CHANGED
@@ -670,11 +670,13 @@ class ShortCodeManager extends ManageDiscount
670
  }
671
 
672
  function bannerContent(){
673
- $awdr_banner_editer = self::$config->getConfig('awdr_banner_editor', '');
 
674
  if(!empty($awdr_banner_editer) && $awdr_banner_editer != ''){
 
675
  echo "<div class='awdr_banner_content'>".$awdr_banner_editer."</div>";
676
  }else{
677
  echo "<div class='awdr_banner_content'>"._e('No Banner Content', WDR_TEXT_DOMAIN);".</div>";
678
- }
679
  }
680
  }
670
  }
671
 
672
  function bannerContent(){
673
+ echo "";
674
+ /*$awdr_banner_editer = self::$config->getConfig('awdr_banner_editor', '');
675
  if(!empty($awdr_banner_editer) && $awdr_banner_editer != ''){
676
+ $awdr_banner_editer = $this->getCleanHtml($awdr_banner_editer);
677
  echo "<div class='awdr_banner_content'>".$awdr_banner_editer."</div>";
678
  }else{
679
  echo "<div class='awdr_banner_content'>"._e('No Banner Content', WDR_TEXT_DOMAIN);".</div>";
680
+ }*/
681
  }
682
  }
v2/App/Helpers/Helper.php CHANGED
@@ -267,4 +267,21 @@ class Helper
267
  return false;
268
  }
269
  }
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
270
  }
267
  return false;
268
  }
269
  }
270
+
271
+ public static function getCleanHtml($html) {
272
+ try {
273
+ $html = html_entity_decode($html);
274
+ $html = preg_replace('/(<(script|style|iframe)\b[^>]*>).*?(<\/\2>)/is', "$1$3", $html);
275
+ $allowed_html = array(
276
+ 'br' => array(),
277
+ 'strong' => array(),
278
+ 'span' => array('class' => array()),
279
+ 'div' => array('class' => array()),
280
+ 'p' => array('class' => array()),
281
+ );
282
+ return wp_kses($html, $allowed_html);
283
+ } catch (\Exception $e){
284
+ return '';
285
+ }
286
+ }
287
  }
woo-discount-rules.php CHANGED
@@ -5,7 +5,7 @@
5
  * Description: Simple to complex discount rules for your WooCommerce store. Core package.
6
  * Author: Flycart Technologies LLP
7
  * Author URI: https://www.flycart.org
8
- * Version: 2.1.1
9
  * Slug: woo-discount-rules
10
  * Text Domain: woo-discount-rules
11
  * Domain Path: /i18n/languages/
@@ -21,7 +21,7 @@ if (!defined('ABSPATH')) {
21
  * Current version of our app
22
  */
23
  if (!defined('WDR_VERSION')) {
24
- define('WDR_VERSION', '2.1.1');
25
  }
26
 
27
  global $awdr_load_version, $awdr_switched_to_version;
@@ -29,8 +29,13 @@ global $awdr_load_version, $awdr_switched_to_version;
29
  * Save the load version of the plugin
30
  */
31
  if (isset($_GET['awdr_switch_plugin_to']) && in_array($_GET['awdr_switch_plugin_to'], array('v1', 'v2'))) {
32
- $awdr_switched_to_version = $version = sanitize_text_field($_GET['awdr_switch_plugin_to']);
33
- update_option('advanced_woo_discount_rules_load_version', $version);
 
 
 
 
 
34
  }
35
  $awdr_load_version = get_option('advanced_woo_discount_rules_load_version', null);
36
 
5
  * Description: Simple to complex discount rules for your WooCommerce store. Core package.
6
  * Author: Flycart Technologies LLP
7
  * Author URI: https://www.flycart.org
8
+ * Version: 2.1.2
9
  * Slug: woo-discount-rules
10
  * Text Domain: woo-discount-rules
11
  * Domain Path: /i18n/languages/
21
  * Current version of our app
22
  */
23
  if (!defined('WDR_VERSION')) {
24
+ define('WDR_VERSION', '2.1.2');
25
  }
26
 
27
  global $awdr_load_version, $awdr_switched_to_version;
29
  * Save the load version of the plugin
30
  */
31
  if (isset($_GET['awdr_switch_plugin_to']) && in_array($_GET['awdr_switch_plugin_to'], array('v1', 'v2'))) {
32
+ if(is_admin() && function_exists('current_user_can')){
33
+ include_once(ABSPATH . 'wp-includes/pluggable.php');
34
+ if (current_user_can( 'manage_woocommerce' )) {
35
+ $awdr_switched_to_version = $version = sanitize_text_field($_GET['awdr_switch_plugin_to']);
36
+ update_option('advanced_woo_discount_rules_load_version', $version);
37
+ }
38
+ }
39
  }
40
  $awdr_load_version = get_option('advanced_woo_discount_rules_load_version', null);
41