Version Description
- 2020-04-15 =
- Prevent XSS attack (CVE-2020-11727). Thank Jack Misiura for reporting this vulnerability!
Download this release
Release Info
Developer | algol.plus |
Plugin | Advanced Order Export For WooCommerce |
Version | 3.1.4 |
Comparing to | |
See all releases |
Code changes from version 3.1.3 to 3.1.4
- classes/admin/class-wc-order-export-settings.php +1 -1
- classes/admin/tabs/ajax/class-wc-order-export-ajax.php +1 -1
- classes/core/class-wc-order-export-data-extractor.php +9 -8
- classes/core/class-wc-order-export-order-product-fields.php +6 -0
- classes/formats/abstract-class-woe-formatter.php +6 -2
- i18n/languages/woo-order-export-lite.pot +4 -4
- readme.txt +4 -1
- view/settings-form.php +4 -4
- woo-order-export-lite.php +7 -4
classes/admin/class-wc-order-export-settings.php
CHANGED
@@ -9,7 +9,7 @@ class WC_Order_Export_Main_Settings {
|
|
9 |
|
10 |
$settings = array(
|
11 |
'default_tab' => 'export',
|
12 |
-
'cron_tasks_active' =>
|
13 |
'show_export_status_column' => '1',
|
14 |
'show_export_actions_in_bulk' => '1',
|
15 |
'show_export_in_status_change_job' => '0',
|
9 |
|
10 |
$settings = array(
|
11 |
'default_tab' => 'export',
|
12 |
+
'cron_tasks_active' => true,
|
13 |
'show_export_status_column' => '1',
|
14 |
'show_export_actions_in_bulk' => '1',
|
15 |
'show_export_in_status_change_job' => '0',
|
classes/admin/tabs/ajax/class-wc-order-export-ajax.php
CHANGED
@@ -45,7 +45,7 @@ class WC_Order_Export_Ajax {
|
|
45 |
$logger->info( $output, $logger_context );
|
46 |
}
|
47 |
|
48 |
-
//admin will see
|
49 |
if ( !empty( $result ) AND $settings['title'] )
|
50 |
set_transient( WC_Order_Export_Admin::last_bulk_export_results, $output );
|
51 |
if ( !$browser_output ) { // we don't send file to user, so we must redirect to previous page!
|
45 |
$logger->info( $output, $logger_context );
|
46 |
}
|
47 |
|
48 |
+
//admin will see non-emty message in any case , later
|
49 |
if ( !empty( $result ) AND $settings['title'] )
|
50 |
set_transient( WC_Order_Export_Admin::last_bulk_export_results, $output );
|
51 |
if ( !$browser_output ) { // we don't send file to user, so we must redirect to previous page!
|
classes/core/class-wc-order-export-data-extractor.php
CHANGED
@@ -503,7 +503,7 @@ class WC_Order_Export_Data_Extractor {
|
|
503 |
$pairs = array();
|
504 |
foreach ( $values as $v ) {
|
505 |
$pairs[] = self::operator_compare_field_and_value( "`productmeta_cf_{$pos}`.meta_value",
|
506 |
-
$operator, $v );
|
507 |
}
|
508 |
$pairs = join( "OR", $pairs );
|
509 |
$product_meta_where[] = " ($pairs) ";
|
@@ -638,14 +638,15 @@ class WC_Order_Export_Data_Extractor {
|
|
638 |
return $product_where;
|
639 |
}
|
640 |
|
641 |
-
static function operator_compare_field_and_value( $field, $operator, $value ) {
|
|
|
642 |
if ( $operator == "LIKE" ) {
|
643 |
$value = "'%$value%'";
|
644 |
} else { // compare numbers!
|
645 |
-
$
|
|
|
646 |
}
|
647 |
-
|
648 |
-
return " $field $operator $value ";
|
649 |
}
|
650 |
|
651 |
public static function sql_get_order_ids_Ver1( $settings ) {
|
@@ -710,7 +711,7 @@ class WC_Order_Export_Data_Extractor {
|
|
710 |
$pairs = array();
|
711 |
foreach ( $values as $v ) {
|
712 |
$pairs[] = self::operator_compare_field_and_value( "`orderitemmeta_{$field}`.meta_value",
|
713 |
-
$operator, $v );
|
714 |
}
|
715 |
$pairs = join( "OR", $pairs );
|
716 |
$order_items_meta_where[] = " (`orderitemmeta_{$field}`.meta_key='$field' AND ($pairs) ) ";
|
@@ -921,7 +922,7 @@ class WC_Order_Export_Data_Extractor {
|
|
921 |
$pairs = array();
|
922 |
foreach ( $values as $v ) {
|
923 |
$pairs[] = self::operator_compare_field_and_value( "`ordermeta_cf_{$pos}`.meta_value",
|
924 |
-
$operator, $v );
|
925 |
}
|
926 |
$pairs = join( "OR", $pairs );
|
927 |
$order_meta_where[] = " ( $pairs ) ";
|
@@ -949,7 +950,7 @@ class WC_Order_Export_Data_Extractor {
|
|
949 |
$pairs = array();
|
950 |
foreach ( $values as $v ) {
|
951 |
$pairs[] = self::operator_compare_field_and_value( "`usermeta_cf_{$pos}`.meta_value",
|
952 |
-
$operator, $v );
|
953 |
}
|
954 |
$pairs = join( "OR", $pairs );
|
955 |
$user_meta_where[] = " ( $pairs ) ";
|
503 |
$pairs = array();
|
504 |
foreach ( $values as $v ) {
|
505 |
$pairs[] = self::operator_compare_field_and_value( "`productmeta_cf_{$pos}`.meta_value",
|
506 |
+
$operator, $v, $field );
|
507 |
}
|
508 |
$pairs = join( "OR", $pairs );
|
509 |
$product_meta_where[] = " ($pairs) ";
|
638 |
return $product_where;
|
639 |
}
|
640 |
|
641 |
+
static function operator_compare_field_and_value( $field, $operator, $value, $public_fieldname='' ) {
|
642 |
+
$value = esc_sql($value);
|
643 |
if ( $operator == "LIKE" ) {
|
644 |
$value = "'%$value%'";
|
645 |
} else { // compare numbers!
|
646 |
+
$type = apply_filters( "woe_compare_field_cast_to_type", "signed", $field, $operator, $value, $public_fieldname);
|
647 |
+
$field = "cast($field as $type)";
|
648 |
}
|
649 |
+
return " $field $operator '$value' ";
|
|
|
650 |
}
|
651 |
|
652 |
public static function sql_get_order_ids_Ver1( $settings ) {
|
711 |
$pairs = array();
|
712 |
foreach ( $values as $v ) {
|
713 |
$pairs[] = self::operator_compare_field_and_value( "`orderitemmeta_{$field}`.meta_value",
|
714 |
+
$operator, $v, $field );
|
715 |
}
|
716 |
$pairs = join( "OR", $pairs );
|
717 |
$order_items_meta_where[] = " (`orderitemmeta_{$field}`.meta_key='$field' AND ($pairs) ) ";
|
922 |
$pairs = array();
|
923 |
foreach ( $values as $v ) {
|
924 |
$pairs[] = self::operator_compare_field_and_value( "`ordermeta_cf_{$pos}`.meta_value",
|
925 |
+
$operator, $v , $field );
|
926 |
}
|
927 |
$pairs = join( "OR", $pairs );
|
928 |
$order_meta_where[] = " ( $pairs ) ";
|
950 |
$pairs = array();
|
951 |
foreach ( $values as $v ) {
|
952 |
$pairs[] = self::operator_compare_field_and_value( "`usermeta_cf_{$pos}`.meta_value",
|
953 |
+
$operator, $v, $field );
|
954 |
}
|
955 |
$pairs = join( "OR", $pairs );
|
956 |
$user_meta_where[] = " ( $pairs ) ";
|
classes/core/class-wc-order-export-order-product-fields.php
CHANGED
@@ -255,6 +255,12 @@ class WC_Order_Export_Order_Product_Fields {
|
|
255 |
{
|
256 |
$field_value = $this->product ? $this->product->get_attribute( $field ) : '';
|
257 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
258 |
if ( $field_value === '' ) { //5. read from product/variation hidden field
|
259 |
$field_value = get_post_meta( $this->variation_id, "_" . $field, true );
|
260 |
}
|
255 |
{
|
256 |
$field_value = $this->product ? $this->product->get_attribute( $field ) : '';
|
257 |
}
|
258 |
+
if ( $field_value === '' AND !empty( $this->item['variation_id'] ) AND $this->product) // 6. try get attribute for variaton
|
259 |
+
{
|
260 |
+
$field_value = $this->product->get_attribute( $field );
|
261 |
+
if( $field_value === '' AND $this->product->parent )
|
262 |
+
$field_value = $this->product->parent->get_attribute( $field );
|
263 |
+
}
|
264 |
if ( $field_value === '' ) { //5. read from product/variation hidden field
|
265 |
$field_value = get_post_meta( $this->variation_id, "_" . $field, true );
|
266 |
}
|
classes/formats/abstract-class-woe-formatter.php
CHANGED
@@ -153,10 +153,14 @@ abstract class WOE_Formatter {
|
|
153 |
protected function format_date_field( $field_value ) {
|
154 |
$ts = strtotime( $field_value );
|
155 |
if ( $ts ) {
|
156 |
-
$
|
|
|
|
|
157 |
}
|
158 |
|
159 |
-
|
|
|
|
|
160 |
}
|
161 |
|
162 |
protected function format_money_field( $field_value ) {
|
153 |
protected function format_date_field( $field_value ) {
|
154 |
$ts = strtotime( $field_value );
|
155 |
if ( $ts ) {
|
156 |
+
$new_value = date( $this->date_format, $ts );
|
157 |
+
} else {
|
158 |
+
$new_value = '';
|
159 |
}
|
160 |
|
161 |
+
$new_value = apply_filters( 'woe_format_date', $new_value, $field_value, $this->date_format );
|
162 |
+
|
163 |
+
return $new_value;
|
164 |
}
|
165 |
|
166 |
protected function format_money_field( $field_value ) {
|
i18n/languages/woo-order-export-lite.pot
CHANGED
@@ -3,7 +3,7 @@ msgid ""
|
|
3 |
msgstr ""
|
4 |
"Project-Id-Version: Advanced Order Export For WooCommerce\n"
|
5 |
"Report-Msgid-Bugs-To: \n"
|
6 |
-
"POT-Creation-Date: 2020-
|
7 |
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
8 |
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
9 |
"Language-Team: \n"
|
@@ -13,7 +13,7 @@ msgstr ""
|
|
13 |
"Content-Type: text/plain; charset=UTF-8\n"
|
14 |
"Content-Transfer-Encoding: 8bit\n"
|
15 |
"X-Generator: Loco https://localise.biz/\n"
|
16 |
-
"X-Loco-Version: 2.3.1; wp-5.
|
17 |
|
18 |
#: classes/class-wc-order-export-admin.php:511
|
19 |
#, php-format
|
@@ -46,7 +46,7 @@ msgstr ""
|
|
46 |
msgid "1st row only"
|
47 |
msgstr ""
|
48 |
|
49 |
-
#: classes/core/class-wc-order-export-data-extractor.php:
|
50 |
msgid "[Rest of the World]"
|
51 |
msgstr ""
|
52 |
|
@@ -526,7 +526,7 @@ msgid "Embedded Product Image"
|
|
526 |
msgstr ""
|
527 |
|
528 |
#: classes/class-wc-order-export-admin.php:306
|
529 |
-
#: classes/core/class-wc-order-export-data-extractor.php:
|
530 |
msgid "empty"
|
531 |
msgstr ""
|
532 |
|
3 |
msgstr ""
|
4 |
"Project-Id-Version: Advanced Order Export For WooCommerce\n"
|
5 |
"Report-Msgid-Bugs-To: \n"
|
6 |
+
"POT-Creation-Date: 2020-04-14 12:09+0000\n"
|
7 |
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
8 |
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
9 |
"Language-Team: \n"
|
13 |
"Content-Type: text/plain; charset=UTF-8\n"
|
14 |
"Content-Transfer-Encoding: 8bit\n"
|
15 |
"X-Generator: Loco https://localise.biz/\n"
|
16 |
+
"X-Loco-Version: 2.3.1; wp-5.4-RC4-47505"
|
17 |
|
18 |
#: classes/class-wc-order-export-admin.php:511
|
19 |
#, php-format
|
46 |
msgid "1st row only"
|
47 |
msgstr ""
|
48 |
|
49 |
+
#: classes/core/class-wc-order-export-data-extractor.php:1821
|
50 |
msgid "[Rest of the World]"
|
51 |
msgstr ""
|
52 |
|
526 |
msgstr ""
|
527 |
|
528 |
#: classes/class-wc-order-export-admin.php:306
|
529 |
+
#: classes/core/class-wc-order-export-data-extractor.php:316
|
530 |
msgid "empty"
|
531 |
msgstr ""
|
532 |
|
readme.txt
CHANGED
@@ -5,7 +5,7 @@ Tags: woocommerce,export,order,xls,csv,xml,woo export lite,export orders,orders
|
|
5 |
Requires PHP: 5.4.0
|
6 |
Requires at least: 4.7
|
7 |
Tested up to: 5.4
|
8 |
-
Stable tag: 3.1.
|
9 |
License: GPLv2 or later
|
10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
11 |
|
@@ -112,6 +112,9 @@ Yes, you can email a request to aprokaev@gmail.com. We intensively develop this
|
|
112 |
|
113 |
== Changelog ==
|
114 |
|
|
|
|
|
|
|
115 |
= 3.1.3 - 2020-03-24 =
|
116 |
* Fixed CRITICAL bug - export via "Bulk actions" (at screen >WooCommerce>Orders) works incorrectly
|
117 |
|
5 |
Requires PHP: 5.4.0
|
6 |
Requires at least: 4.7
|
7 |
Tested up to: 5.4
|
8 |
+
Stable tag: 3.1.4
|
9 |
License: GPLv2 or later
|
10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
11 |
|
112 |
|
113 |
== Changelog ==
|
114 |
|
115 |
+
= 3.1.4 - 2020-04-15 =
|
116 |
+
* Prevent XSS attack (CVE-2020-11727). Thank Jack Misiura for reporting this vulnerability!
|
117 |
+
|
118 |
= 3.1.3 - 2020-03-24 =
|
119 |
* Fixed CRITICAL bug - export via "Bulk actions" (at screen >WooCommerce>Orders) works incorrectly
|
120 |
|
view/settings-form.php
CHANGED
@@ -74,7 +74,7 @@ function remove_time_from_date( $datetime ) {
|
|
74 |
<?php $woe_order_post_type = isset($settings['post_type']) ? $settings['post_type'] : (isset($_GET['woe_post_type']) ? $_GET['woe_post_type'] : 'shop_order'); ?>
|
75 |
|
76 |
<script>
|
77 |
-
var woe_order_post_type = '<?php echo $woe_order_post_type ?>';
|
78 |
var mode = '<?php echo $mode ?>';
|
79 |
var job_id = '<?php echo esc_js( $id ) ?>';
|
80 |
var output_format = '<?php echo $settings['format'] ?>';
|
@@ -104,7 +104,7 @@ function remove_time_from_date( $datetime ) {
|
|
104 |
<?php endif; ?>
|
105 |
|
106 |
<input type="hidden" name="settings[post_type]"
|
107 |
-
|
108 |
|
109 |
<?php if ($woe_order_post_type && $woe_order_post_type !== 'shop_order'): ?>
|
110 |
<div id="my-export-post-type" class="my-block" style="width: 100%; max-width: 993px;">
|
@@ -1975,5 +1975,5 @@ function remove_time_from_date( $datetime ) {
|
|
1975 |
<input name="mode" type="hidden" value="<?php echo $mode ?>">
|
1976 |
<input name="id" type="hidden" value="<?php echo $id ?>">
|
1977 |
<input name="json" type="hidden">
|
1978 |
-
<input name="woe_order_post_type" type="hidden" value="<?php echo $woe_order_post_type ?>">
|
1979 |
-
</form>
|
74 |
<?php $woe_order_post_type = isset($settings['post_type']) ? $settings['post_type'] : (isset($_GET['woe_post_type']) ? $_GET['woe_post_type'] : 'shop_order'); ?>
|
75 |
|
76 |
<script>
|
77 |
+
var woe_order_post_type = '<?php echo esc_js( $woe_order_post_type ) ?>';
|
78 |
var mode = '<?php echo $mode ?>';
|
79 |
var job_id = '<?php echo esc_js( $id ) ?>';
|
80 |
var output_format = '<?php echo $settings['format'] ?>';
|
104 |
<?php endif; ?>
|
105 |
|
106 |
<input type="hidden" name="settings[post_type]"
|
107 |
+
value="<?php echo esc_attr( $woe_order_post_type ) ?>">
|
108 |
|
109 |
<?php if ($woe_order_post_type && $woe_order_post_type !== 'shop_order'): ?>
|
110 |
<div id="my-export-post-type" class="my-block" style="width: 100%; max-width: 993px;">
|
1975 |
<input name="mode" type="hidden" value="<?php echo $mode ?>">
|
1976 |
<input name="id" type="hidden" value="<?php echo $id ?>">
|
1977 |
<input name="json" type="hidden">
|
1978 |
+
<input name="woe_order_post_type" type="hidden" value="<?php echo esc_attr( $woe_order_post_type ) ?>">
|
1979 |
+
</form>
|
woo-order-export-lite.php
CHANGED
@@ -5,7 +5,7 @@
|
|
5 |
* Description: Export orders from WooCommerce with ease (Excel/CSV/XML/JSON supported)
|
6 |
* Author: AlgolPlus
|
7 |
* Author URI: https://algolplus.com/
|
8 |
-
* Version: 3.1.
|
9 |
* Text Domain: woo-order-export-lite
|
10 |
* Domain Path: /i18n/languages/
|
11 |
* WC requires at least: 2.6.0
|
@@ -39,9 +39,11 @@ if ( class_exists( 'WC_Order_Export_Admin' ) ) {
|
|
39 |
return;
|
40 |
}
|
41 |
|
42 |
-
|
43 |
-
define( '
|
44 |
-
define( '
|
|
|
|
|
45 |
|
46 |
$extension_file = WOE_PLUGIN_BASEPATH.'/pro_version/pre-loader.php';
|
47 |
if ( file_exists( $extension_file ) ) {
|
@@ -91,4 +93,5 @@ register_deactivation_hook( __FILE__, array( $wc_order_export, 'deactivate' ) );
|
|
91 |
if ( $wc_order_export->must_run_ajax_methods() AND ! ob_get_level() ) {
|
92 |
ob_start();
|
93 |
}
|
|
|
94 |
//Done
|
5 |
* Description: Export orders from WooCommerce with ease (Excel/CSV/XML/JSON supported)
|
6 |
* Author: AlgolPlus
|
7 |
* Author URI: https://algolplus.com/
|
8 |
+
* Version: 3.1.4
|
9 |
* Text Domain: woo-order-export-lite
|
10 |
* Domain Path: /i18n/languages/
|
11 |
* WC requires at least: 2.6.0
|
39 |
return;
|
40 |
}
|
41 |
|
42 |
+
if ( ! defined( 'WOE_VERSION' ) ) {
|
43 |
+
define( 'WOE_VERSION', '3.1.4' );
|
44 |
+
define( 'WOE_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
|
45 |
+
define( 'WOE_PLUGIN_BASEPATH', dirname( __FILE__ ) );
|
46 |
+
}
|
47 |
|
48 |
$extension_file = WOE_PLUGIN_BASEPATH.'/pro_version/pre-loader.php';
|
49 |
if ( file_exists( $extension_file ) ) {
|
93 |
if ( $wc_order_export->must_run_ajax_methods() AND ! ob_get_level() ) {
|
94 |
ob_start();
|
95 |
}
|
96 |
+
|
97 |
//Done
|