Advanced Order Export For WooCommerce - Version 3.1.4

Version Description

  • 2020-04-15 =
  • Prevent XSS attack (CVE-2020-11727). Thank Jack Misiura for reporting this vulnerability!
Download this release

Release Info

Developer algol.plus
Plugin Icon 128x128 Advanced Order Export For WooCommerce
Version 3.1.4
Comparing to
See all releases

Code changes from version 3.1.3 to 3.1.4

classes/admin/class-wc-order-export-settings.php CHANGED
@@ -9,7 +9,7 @@ class WC_Order_Export_Main_Settings {
9
10
$settings = array(
11
'default_tab' => 'export',
12
- 'cron_tasks_active' => '1',
13
'show_export_status_column' => '1',
14
'show_export_actions_in_bulk' => '1',
15
'show_export_in_status_change_job' => '0',
9
10
$settings = array(
11
'default_tab' => 'export',
12
+ 'cron_tasks_active' => true,
13
'show_export_status_column' => '1',
14
'show_export_actions_in_bulk' => '1',
15
'show_export_in_status_change_job' => '0',
classes/admin/tabs/ajax/class-wc-order-export-ajax.php CHANGED
@@ -45,7 +45,7 @@ class WC_Order_Export_Ajax {
45
$logger->info( $output, $logger_context );
46
}
47
48
- //admin will see this message in any case , later
49
if ( !empty( $result ) AND $settings['title'] )
50
set_transient( WC_Order_Export_Admin::last_bulk_export_results, $output );
51
if ( !$browser_output ) { // we don't send file to user, so we must redirect to previous page!
45
$logger->info( $output, $logger_context );
46
}
47
48
+ //admin will see non-emty message in any case , later
49
if ( !empty( $result ) AND $settings['title'] )
50
set_transient( WC_Order_Export_Admin::last_bulk_export_results, $output );
51
if ( !$browser_output ) { // we don't send file to user, so we must redirect to previous page!
classes/core/class-wc-order-export-data-extractor.php CHANGED
@@ -503,7 +503,7 @@ class WC_Order_Export_Data_Extractor {
503
$pairs = array();
504
foreach ( $values as $v ) {
505
$pairs[] = self::operator_compare_field_and_value( "`productmeta_cf_{$pos}`.meta_value",
506
- $operator, $v );
507
}
508
$pairs = join( "OR", $pairs );
509
$product_meta_where[] = " ($pairs) ";
@@ -638,14 +638,15 @@ class WC_Order_Export_Data_Extractor {
638
return $product_where;
639
}
640
641
- static function operator_compare_field_and_value( $field, $operator, $value ) {
642
if ( $operator == "LIKE" ) {
643
$value = "'%$value%'";
644
} else { // compare numbers!
645
- $field = "cast($field as signed)";
646
}
647
-
648
- return " $field $operator $value ";
649
}
650
651
public static function sql_get_order_ids_Ver1( $settings ) {
@@ -710,7 +711,7 @@ class WC_Order_Export_Data_Extractor {
710
$pairs = array();
711
foreach ( $values as $v ) {
712
$pairs[] = self::operator_compare_field_and_value( "`orderitemmeta_{$field}`.meta_value",
713
- $operator, $v );
714
}
715
$pairs = join( "OR", $pairs );
716
$order_items_meta_where[] = " (`orderitemmeta_{$field}`.meta_key='$field' AND ($pairs) ) ";
@@ -921,7 +922,7 @@ class WC_Order_Export_Data_Extractor {
921
$pairs = array();
922
foreach ( $values as $v ) {
923
$pairs[] = self::operator_compare_field_and_value( "`ordermeta_cf_{$pos}`.meta_value",
924
- $operator, $v );
925
}
926
$pairs = join( "OR", $pairs );
927
$order_meta_where[] = " ( $pairs ) ";
@@ -949,7 +950,7 @@ class WC_Order_Export_Data_Extractor {
949
$pairs = array();
950
foreach ( $values as $v ) {
951
$pairs[] = self::operator_compare_field_and_value( "`usermeta_cf_{$pos}`.meta_value",
952
- $operator, $v );
953
}
954
$pairs = join( "OR", $pairs );
955
$user_meta_where[] = " ( $pairs ) ";
503
$pairs = array();
504
foreach ( $values as $v ) {
505
$pairs[] = self::operator_compare_field_and_value( "`productmeta_cf_{$pos}`.meta_value",
506
+ $operator, $v, $field );
507
}
508
$pairs = join( "OR", $pairs );
509
$product_meta_where[] = " ($pairs) ";
638
return $product_where;
639
}
640
641
+ static function operator_compare_field_and_value( $field, $operator, $value, $public_fieldname='' ) {
642
+ $value = esc_sql($value);
643
if ( $operator == "LIKE" ) {
644
$value = "'%$value%'";
645
} else { // compare numbers!
646
+ $type = apply_filters( "woe_compare_field_cast_to_type", "signed", $field, $operator, $value, $public_fieldname);
647
+ $field = "cast($field as $type)";
648
}
649
+ return " $field $operator '$value' ";
650
}
651
652
public static function sql_get_order_ids_Ver1( $settings ) {
711
$pairs = array();
712
foreach ( $values as $v ) {
713
$pairs[] = self::operator_compare_field_and_value( "`orderitemmeta_{$field}`.meta_value",
714
+ $operator, $v, $field );
715
}
716
$pairs = join( "OR", $pairs );
717
$order_items_meta_where[] = " (`orderitemmeta_{$field}`.meta_key='$field' AND ($pairs) ) ";
922
$pairs = array();
923
foreach ( $values as $v ) {
924
$pairs[] = self::operator_compare_field_and_value( "`ordermeta_cf_{$pos}`.meta_value",
925
+ $operator, $v , $field );
926
}
927
$pairs = join( "OR", $pairs );
928
$order_meta_where[] = " ( $pairs ) ";
950
$pairs = array();
951
foreach ( $values as $v ) {
952
$pairs[] = self::operator_compare_field_and_value( "`usermeta_cf_{$pos}`.meta_value",
953
+ $operator, $v, $field );
954
}
955
$pairs = join( "OR", $pairs );
956
$user_meta_where[] = " ( $pairs ) ";
classes/core/class-wc-order-export-order-product-fields.php CHANGED
@@ -255,6 +255,12 @@ class WC_Order_Export_Order_Product_Fields {
255
{
256
$field_value = $this->product ? $this->product->get_attribute( $field ) : '';
257
}
258
if ( $field_value === '' ) { //5. read from product/variation hidden field
259
$field_value = get_post_meta( $this->variation_id, "_" . $field, true );
260
}
255
{
256
$field_value = $this->product ? $this->product->get_attribute( $field ) : '';
257
}
258
+ if ( $field_value === '' AND !empty( $this->item['variation_id'] ) AND $this->product) // 6. try get attribute for variaton
259
+ {
260
+ $field_value = $this->product->get_attribute( $field );
261
+ if( $field_value === '' AND $this->product->parent )
262
+ $field_value = $this->product->parent->get_attribute( $field );
263
+ }
264
if ( $field_value === '' ) { //5. read from product/variation hidden field
265
$field_value = get_post_meta( $this->variation_id, "_" . $field, true );
266
}
classes/formats/abstract-class-woe-formatter.php CHANGED
@@ -153,10 +153,14 @@ abstract class WOE_Formatter {
153
protected function format_date_field( $field_value ) {
154
$ts = strtotime( $field_value );
155
if ( $ts ) {
156
- $field_value = date( $this->date_format, $ts );
157
}
158
159
- return $field_value;
160
}
161
162
protected function format_money_field( $field_value ) {
153
protected function format_date_field( $field_value ) {
154
$ts = strtotime( $field_value );
155
if ( $ts ) {
156
+ $new_value = date( $this->date_format, $ts );
157
+ } else {
158
+ $new_value = '';
159
}
160
161
+ $new_value = apply_filters( 'woe_format_date', $new_value, $field_value, $this->date_format );
162
+
163
+ return $new_value;
164
}
165
166
protected function format_money_field( $field_value ) {
i18n/languages/woo-order-export-lite.pot CHANGED
@@ -3,7 +3,7 @@ msgid ""
3
msgstr ""
4
"Project-Id-Version: Advanced Order Export For WooCommerce\n"
5
"Report-Msgid-Bugs-To: \n"
6
- "POT-Creation-Date: 2020-03-05 10:09+0000\n"
7
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
8
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
9
"Language-Team: \n"
@@ -13,7 +13,7 @@ msgstr ""
13
"Content-Type: text/plain; charset=UTF-8\n"
14
"Content-Transfer-Encoding: 8bit\n"
15
"X-Generator: Loco https://localise.biz/\n"
16
- "X-Loco-Version: 2.3.1; wp-5.3.2"
17
18
#: classes/class-wc-order-export-admin.php:511
19
#, php-format
@@ -46,7 +46,7 @@ msgstr ""
46
msgid "1st row only"
47
msgstr ""
48
49
- #: classes/core/class-wc-order-export-data-extractor.php:1819
50
msgid "[Rest of the World]"
51
msgstr ""
52
@@ -526,7 +526,7 @@ msgid "Embedded Product Image"
526
msgstr ""
527
528
#: classes/class-wc-order-export-admin.php:306
529
- #: classes/core/class-wc-order-export-data-extractor.php:315
530
msgid "empty"
531
msgstr ""
532
3
msgstr ""
4
"Project-Id-Version: Advanced Order Export For WooCommerce\n"
5
"Report-Msgid-Bugs-To: \n"
6
+ "POT-Creation-Date: 2020-04-14 12:09+0000\n"
7
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
8
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
9
"Language-Team: \n"
13
"Content-Type: text/plain; charset=UTF-8\n"
14
"Content-Transfer-Encoding: 8bit\n"
15
"X-Generator: Loco https://localise.biz/\n"
16
+ "X-Loco-Version: 2.3.1; wp-5.4-RC4-47505"
17
18
#: classes/class-wc-order-export-admin.php:511
19
#, php-format
46
msgid "1st row only"
47
msgstr ""
48
49
+ #: classes/core/class-wc-order-export-data-extractor.php:1821
50
msgid "[Rest of the World]"
51
msgstr ""
52
526
msgstr ""
527
528
#: classes/class-wc-order-export-admin.php:306
529
+ #: classes/core/class-wc-order-export-data-extractor.php:316
530
msgid "empty"
531
msgstr ""
532
readme.txt CHANGED
@@ -5,7 +5,7 @@ Tags: woocommerce,export,order,xls,csv,xml,woo export lite,export orders,orders
5
Requires PHP: 5.4.0
6
Requires at least: 4.7
7
Tested up to: 5.4
8
- Stable tag: 3.1.3
9
License: GPLv2 or later
10
License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
@@ -112,6 +112,9 @@ Yes, you can email a request to aprokaev@gmail.com. We intensively develop this
112
113
== Changelog ==
114
115
= 3.1.3 - 2020-03-24 =
116
* Fixed CRITICAL bug - export via "Bulk actions" (at screen >WooCommerce>Orders) works incorrectly
117
5
Requires PHP: 5.4.0
6
Requires at least: 4.7
7
Tested up to: 5.4
8
+ Stable tag: 3.1.4
9
License: GPLv2 or later
10
License URI: http://www.gnu.org/licenses/gpl-2.0.html
11
112
113
== Changelog ==
114
115
+ = 3.1.4 - 2020-04-15 =
116
+ * Prevent XSS attack (CVE-2020-11727). Thank Jack Misiura‚Äč for reporting this vulnerability!
117
+
118
= 3.1.3 - 2020-03-24 =
119
* Fixed CRITICAL bug - export via "Bulk actions" (at screen >WooCommerce>Orders) works incorrectly
120
view/settings-form.php CHANGED
@@ -74,7 +74,7 @@ function remove_time_from_date( $datetime ) {
74
<?php $woe_order_post_type = isset($settings['post_type']) ? $settings['post_type'] : (isset($_GET['woe_post_type']) ? $_GET['woe_post_type'] : 'shop_order'); ?>
75
76
<script>
77
- var woe_order_post_type = '<?php echo $woe_order_post_type ?>';
78
var mode = '<?php echo $mode ?>';
79
var job_id = '<?php echo esc_js( $id ) ?>';
80
var output_format = '<?php echo $settings['format'] ?>';
@@ -104,7 +104,7 @@ function remove_time_from_date( $datetime ) {
104
<?php endif; ?>
105
106
<input type="hidden" name="settings[post_type]"
107
- value="<?php echo $woe_order_post_type ?>">
108
109
<?php if ($woe_order_post_type && $woe_order_post_type !== 'shop_order'): ?>
110
<div id="my-export-post-type" class="my-block" style="width: 100%; max-width: 993px;">
@@ -1975,5 +1975,5 @@ function remove_time_from_date( $datetime ) {
1975
<input name="mode" type="hidden" value="<?php echo $mode ?>">
1976
<input name="id" type="hidden" value="<?php echo $id ?>">
1977
<input name="json" type="hidden">
1978
- <input name="woe_order_post_type" type="hidden" value="<?php echo $woe_order_post_type ?>">
1979
- </form>
74
<?php $woe_order_post_type = isset($settings['post_type']) ? $settings['post_type'] : (isset($_GET['woe_post_type']) ? $_GET['woe_post_type'] : 'shop_order'); ?>
75
76
<script>
77
+ var woe_order_post_type = '<?php echo esc_js( $woe_order_post_type ) ?>';
78
var mode = '<?php echo $mode ?>';
79
var job_id = '<?php echo esc_js( $id ) ?>';
80
var output_format = '<?php echo $settings['format'] ?>';
104
<?php endif; ?>
105
106
<input type="hidden" name="settings[post_type]"
107
+ value="<?php echo esc_attr( $woe_order_post_type ) ?>">
108
109
<?php if ($woe_order_post_type && $woe_order_post_type !== 'shop_order'): ?>
110
<div id="my-export-post-type" class="my-block" style="width: 100%; max-width: 993px;">
1975
<input name="mode" type="hidden" value="<?php echo $mode ?>">
1976
<input name="id" type="hidden" value="<?php echo $id ?>">
1977
<input name="json" type="hidden">
1978
+ <input name="woe_order_post_type" type="hidden" value="<?php echo esc_attr( $woe_order_post_type ) ?>">
1979
+ </form>
woo-order-export-lite.php CHANGED
@@ -5,7 +5,7 @@
5
* Description: Export orders from WooCommerce with ease (Excel/CSV/XML/JSON supported)
6
* Author: AlgolPlus
7
* Author URI: https://algolplus.com/
8
- * Version: 3.1.3
9
* Text Domain: woo-order-export-lite
10
* Domain Path: /i18n/languages/
11
* WC requires at least: 2.6.0
@@ -39,9 +39,11 @@ if ( class_exists( 'WC_Order_Export_Admin' ) ) {
39
return;
40
}
41
42
- define( 'WOE_VERSION', '3.1.3' );
43
- define( 'WOE_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
44
- define( 'WOE_PLUGIN_BASEPATH', dirname( __FILE__ ) );
45
46
$extension_file = WOE_PLUGIN_BASEPATH.'/pro_version/pre-loader.php';
47
if ( file_exists( $extension_file ) ) {
@@ -91,4 +93,5 @@ register_deactivation_hook( __FILE__, array( $wc_order_export, 'deactivate' ) );
91
if ( $wc_order_export->must_run_ajax_methods() AND ! ob_get_level() ) {
92
ob_start();
93
}
94
//Done
5
* Description: Export orders from WooCommerce with ease (Excel/CSV/XML/JSON supported)
6
* Author: AlgolPlus
7
* Author URI: https://algolplus.com/
8
+ * Version: 3.1.4
9
* Text Domain: woo-order-export-lite
10
* Domain Path: /i18n/languages/
11
* WC requires at least: 2.6.0
39
return;
40
}
41
42
+ if ( ! defined( 'WOE_VERSION' ) ) {
43
+ define( 'WOE_VERSION', '3.1.4' );
44
+ define( 'WOE_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
45
+ define( 'WOE_PLUGIN_BASEPATH', dirname( __FILE__ ) );
46
+ }
47
48
$extension_file = WOE_PLUGIN_BASEPATH.'/pro_version/pre-loader.php';
49
if ( file_exists( $extension_file ) ) {
93
if ( $wc_order_export->must_run_ajax_methods() AND ! ob_get_level() ) {
94
ob_start();
95
}
96
+
97
//Done