Version Description
- 2020-04-15 =
- Prevent XSS attack (CVE-2020-11727). Thank Jack Misiura for reporting this vulnerability!
Download this release
Release Info
| Developer | algol.plus |
| Plugin |  Advanced Order Export For WooCommerce |
| Version | 3.1.4 |
| Comparing to | |
| See all releases | |
Code changes from version 3.1.3 to 3.1.4
- classes/admin/class-wc-order-export-settings.php +1 -1
- classes/admin/tabs/ajax/class-wc-order-export-ajax.php +1 -1
- classes/core/class-wc-order-export-data-extractor.php +9 -8
- classes/core/class-wc-order-export-order-product-fields.php +6 -0
- classes/formats/abstract-class-woe-formatter.php +6 -2
- i18n/languages/woo-order-export-lite.pot +4 -4
- readme.txt +4 -1
- view/settings-form.php +4 -4
- woo-order-export-lite.php +7 -4
classes/admin/class-wc-order-export-settings.php
CHANGED
|
@@ -9,7 +9,7 @@ class WC_Order_Export_Main_Settings {
|
|
| 9 |
|
| 10 |
$settings = array(
|
| 11 |
'default_tab' => 'export',
|
| 12 |
-
'cron_tasks_active' =>
|
| 13 |
'show_export_status_column' => '1',
|
| 14 |
'show_export_actions_in_bulk' => '1',
|
| 15 |
'show_export_in_status_change_job' => '0',
|
| 9 |
|
| 10 |
$settings = array(
|
| 11 |
'default_tab' => 'export',
|
| 12 |
+
'cron_tasks_active' => true,
|
| 13 |
'show_export_status_column' => '1',
|
| 14 |
'show_export_actions_in_bulk' => '1',
|
| 15 |
'show_export_in_status_change_job' => '0',
|
classes/admin/tabs/ajax/class-wc-order-export-ajax.php
CHANGED
|
@@ -45,7 +45,7 @@ class WC_Order_Export_Ajax {
|
|
| 45 |
$logger->info( $output, $logger_context );
|
| 46 |
}
|
| 47 |
|
| 48 |
-
//admin will see
|
| 49 |
if ( !empty( $result ) AND $settings['title'] )
|
| 50 |
set_transient( WC_Order_Export_Admin::last_bulk_export_results, $output );
|
| 51 |
if ( !$browser_output ) { // we don't send file to user, so we must redirect to previous page!
|
| 45 |
$logger->info( $output, $logger_context );
|
| 46 |
}
|
| 47 |
|
| 48 |
+
//admin will see non-emty message in any case , later
|
| 49 |
if ( !empty( $result ) AND $settings['title'] )
|
| 50 |
set_transient( WC_Order_Export_Admin::last_bulk_export_results, $output );
|
| 51 |
if ( !$browser_output ) { // we don't send file to user, so we must redirect to previous page!
|
classes/core/class-wc-order-export-data-extractor.php
CHANGED
|
@@ -503,7 +503,7 @@ class WC_Order_Export_Data_Extractor {
|
|
| 503 |
$pairs = array();
|
| 504 |
foreach ( $values as $v ) {
|
| 505 |
$pairs[] = self::operator_compare_field_and_value( "`productmeta_cf_{$pos}`.meta_value",
|
| 506 |
-
$operator, $v );
|
| 507 |
}
|
| 508 |
$pairs = join( "OR", $pairs );
|
| 509 |
$product_meta_where[] = " ($pairs) ";
|
|
@@ -638,14 +638,15 @@ class WC_Order_Export_Data_Extractor {
|
|
| 638 |
return $product_where;
|
| 639 |
}
|
| 640 |
|
| 641 |
-
static function operator_compare_field_and_value( $field, $operator, $value ) {
|
|
|
|
| 642 |
if ( $operator == "LIKE" ) {
|
| 643 |
$value = "'%$value%'";
|
| 644 |
} else { // compare numbers!
|
| 645 |
-
$
|
|
|
|
| 646 |
}
|
| 647 |
-
|
| 648 |
-
return " $field $operator $value ";
|
| 649 |
}
|
| 650 |
|
| 651 |
public static function sql_get_order_ids_Ver1( $settings ) {
|
|
@@ -710,7 +711,7 @@ class WC_Order_Export_Data_Extractor {
|
|
| 710 |
$pairs = array();
|
| 711 |
foreach ( $values as $v ) {
|
| 712 |
$pairs[] = self::operator_compare_field_and_value( "`orderitemmeta_{$field}`.meta_value",
|
| 713 |
-
$operator, $v );
|
| 714 |
}
|
| 715 |
$pairs = join( "OR", $pairs );
|
| 716 |
$order_items_meta_where[] = " (`orderitemmeta_{$field}`.meta_key='$field' AND ($pairs) ) ";
|
|
@@ -921,7 +922,7 @@ class WC_Order_Export_Data_Extractor {
|
|
| 921 |
$pairs = array();
|
| 922 |
foreach ( $values as $v ) {
|
| 923 |
$pairs[] = self::operator_compare_field_and_value( "`ordermeta_cf_{$pos}`.meta_value",
|
| 924 |
-
$operator, $v );
|
| 925 |
}
|
| 926 |
$pairs = join( "OR", $pairs );
|
| 927 |
$order_meta_where[] = " ( $pairs ) ";
|
|
@@ -949,7 +950,7 @@ class WC_Order_Export_Data_Extractor {
|
|
| 949 |
$pairs = array();
|
| 950 |
foreach ( $values as $v ) {
|
| 951 |
$pairs[] = self::operator_compare_field_and_value( "`usermeta_cf_{$pos}`.meta_value",
|
| 952 |
-
$operator, $v );
|
| 953 |
}
|
| 954 |
$pairs = join( "OR", $pairs );
|
| 955 |
$user_meta_where[] = " ( $pairs ) ";
|
| 503 |
$pairs = array();
|
| 504 |
foreach ( $values as $v ) {
|
| 505 |
$pairs[] = self::operator_compare_field_and_value( "`productmeta_cf_{$pos}`.meta_value",
|
| 506 |
+
$operator, $v, $field );
|
| 507 |
}
|
| 508 |
$pairs = join( "OR", $pairs );
|
| 509 |
$product_meta_where[] = " ($pairs) ";
|
| 638 |
return $product_where;
|
| 639 |
}
|
| 640 |
|
| 641 |
+
static function operator_compare_field_and_value( $field, $operator, $value, $public_fieldname='' ) {
|
| 642 |
+
$value = esc_sql($value);
|
| 643 |
if ( $operator == "LIKE" ) {
|
| 644 |
$value = "'%$value%'";
|
| 645 |
} else { // compare numbers!
|
| 646 |
+
$type = apply_filters( "woe_compare_field_cast_to_type", "signed", $field, $operator, $value, $public_fieldname);
|
| 647 |
+
$field = "cast($field as $type)";
|
| 648 |
}
|
| 649 |
+
return " $field $operator '$value' ";
|
|
|
|
| 650 |
}
|
| 651 |
|
| 652 |
public static function sql_get_order_ids_Ver1( $settings ) {
|
| 711 |
$pairs = array();
|
| 712 |
foreach ( $values as $v ) {
|
| 713 |
$pairs[] = self::operator_compare_field_and_value( "`orderitemmeta_{$field}`.meta_value",
|
| 714 |
+
$operator, $v, $field );
|
| 715 |
}
|
| 716 |
$pairs = join( "OR", $pairs );
|
| 717 |
$order_items_meta_where[] = " (`orderitemmeta_{$field}`.meta_key='$field' AND ($pairs) ) ";
|
| 922 |
$pairs = array();
|
| 923 |
foreach ( $values as $v ) {
|
| 924 |
$pairs[] = self::operator_compare_field_and_value( "`ordermeta_cf_{$pos}`.meta_value",
|
| 925 |
+
$operator, $v , $field );
|
| 926 |
}
|
| 927 |
$pairs = join( "OR", $pairs );
|
| 928 |
$order_meta_where[] = " ( $pairs ) ";
|
| 950 |
$pairs = array();
|
| 951 |
foreach ( $values as $v ) {
|
| 952 |
$pairs[] = self::operator_compare_field_and_value( "`usermeta_cf_{$pos}`.meta_value",
|
| 953 |
+
$operator, $v, $field );
|
| 954 |
}
|
| 955 |
$pairs = join( "OR", $pairs );
|
| 956 |
$user_meta_where[] = " ( $pairs ) ";
|
classes/core/class-wc-order-export-order-product-fields.php
CHANGED
|
@@ -255,6 +255,12 @@ class WC_Order_Export_Order_Product_Fields {
|
|
| 255 |
{
|
| 256 |
$field_value = $this->product ? $this->product->get_attribute( $field ) : '';
|
| 257 |
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 258 |
if ( $field_value === '' ) { //5. read from product/variation hidden field
|
| 259 |
$field_value = get_post_meta( $this->variation_id, "_" . $field, true );
|
| 260 |
}
|
| 255 |
{
|
| 256 |
$field_value = $this->product ? $this->product->get_attribute( $field ) : '';
|
| 257 |
}
|
| 258 |
+
if ( $field_value === '' AND !empty( $this->item['variation_id'] ) AND $this->product) // 6. try get attribute for variaton
|
| 259 |
+
{
|
| 260 |
+
$field_value = $this->product->get_attribute( $field );
|
| 261 |
+
if( $field_value === '' AND $this->product->parent )
|
| 262 |
+
$field_value = $this->product->parent->get_attribute( $field );
|
| 263 |
+
}
|
| 264 |
if ( $field_value === '' ) { //5. read from product/variation hidden field
|
| 265 |
$field_value = get_post_meta( $this->variation_id, "_" . $field, true );
|
| 266 |
}
|
classes/formats/abstract-class-woe-formatter.php
CHANGED
|
@@ -153,10 +153,14 @@ abstract class WOE_Formatter {
|
|
| 153 |
protected function format_date_field( $field_value ) {
|
| 154 |
$ts = strtotime( $field_value );
|
| 155 |
if ( $ts ) {
|
| 156 |
-
$
|
|
|
|
|
|
|
| 157 |
}
|
| 158 |
|
| 159 |
-
|
|
|
|
|
|
|
| 160 |
}
|
| 161 |
|
| 162 |
protected function format_money_field( $field_value ) {
|
| 153 |
protected function format_date_field( $field_value ) {
|
| 154 |
$ts = strtotime( $field_value );
|
| 155 |
if ( $ts ) {
|
| 156 |
+
$new_value = date( $this->date_format, $ts );
|
| 157 |
+
} else {
|
| 158 |
+
$new_value = '';
|
| 159 |
}
|
| 160 |
|
| 161 |
+
$new_value = apply_filters( 'woe_format_date', $new_value, $field_value, $this->date_format );
|
| 162 |
+
|
| 163 |
+
return $new_value;
|
| 164 |
}
|
| 165 |
|
| 166 |
protected function format_money_field( $field_value ) {
|
i18n/languages/woo-order-export-lite.pot
CHANGED
|
@@ -3,7 +3,7 @@ msgid ""
|
|
| 3 |
msgstr ""
|
| 4 |
"Project-Id-Version: Advanced Order Export For WooCommerce\n"
|
| 5 |
"Report-Msgid-Bugs-To: \n"
|
| 6 |
-
"POT-Creation-Date: 2020-
|
| 7 |
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
| 8 |
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
| 9 |
"Language-Team: \n"
|
|
@@ -13,7 +13,7 @@ msgstr ""
|
|
| 13 |
"Content-Type: text/plain; charset=UTF-8\n"
|
| 14 |
"Content-Transfer-Encoding: 8bit\n"
|
| 15 |
"X-Generator: Loco https://localise.biz/\n"
|
| 16 |
-
"X-Loco-Version: 2.3.1; wp-5.
|
| 17 |
|
| 18 |
#: classes/class-wc-order-export-admin.php:511
|
| 19 |
#, php-format
|
|
@@ -46,7 +46,7 @@ msgstr ""
|
|
| 46 |
msgid "1st row only"
|
| 47 |
msgstr ""
|
| 48 |
|
| 49 |
-
#: classes/core/class-wc-order-export-data-extractor.php:
|
| 50 |
msgid "[Rest of the World]"
|
| 51 |
msgstr ""
|
| 52 |
|
|
@@ -526,7 +526,7 @@ msgid "Embedded Product Image"
|
|
| 526 |
msgstr ""
|
| 527 |
|
| 528 |
#: classes/class-wc-order-export-admin.php:306
|
| 529 |
-
#: classes/core/class-wc-order-export-data-extractor.php:
|
| 530 |
msgid "empty"
|
| 531 |
msgstr ""
|
| 532 |
|
| 3 |
msgstr ""
|
| 4 |
"Project-Id-Version: Advanced Order Export For WooCommerce\n"
|
| 5 |
"Report-Msgid-Bugs-To: \n"
|
| 6 |
+
"POT-Creation-Date: 2020-04-14 12:09+0000\n"
|
| 7 |
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
| 8 |
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
| 9 |
"Language-Team: \n"
|
| 13 |
"Content-Type: text/plain; charset=UTF-8\n"
|
| 14 |
"Content-Transfer-Encoding: 8bit\n"
|
| 15 |
"X-Generator: Loco https://localise.biz/\n"
|
| 16 |
+
"X-Loco-Version: 2.3.1; wp-5.4-RC4-47505"
|
| 17 |
|
| 18 |
#: classes/class-wc-order-export-admin.php:511
|
| 19 |
#, php-format
|
| 46 |
msgid "1st row only"
|
| 47 |
msgstr ""
|
| 48 |
|
| 49 |
+
#: classes/core/class-wc-order-export-data-extractor.php:1821
|
| 50 |
msgid "[Rest of the World]"
|
| 51 |
msgstr ""
|
| 52 |
|
| 526 |
msgstr ""
|
| 527 |
|
| 528 |
#: classes/class-wc-order-export-admin.php:306
|
| 529 |
+
#: classes/core/class-wc-order-export-data-extractor.php:316
|
| 530 |
msgid "empty"
|
| 531 |
msgstr ""
|
| 532 |
|
readme.txt
CHANGED
|
@@ -5,7 +5,7 @@ Tags: woocommerce,export,order,xls,csv,xml,woo export lite,export orders,orders
|
|
| 5 |
Requires PHP: 5.4.0
|
| 6 |
Requires at least: 4.7
|
| 7 |
Tested up to: 5.4
|
| 8 |
-
Stable tag: 3.1.
|
| 9 |
License: GPLv2 or later
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 11 |
|
|
@@ -112,6 +112,9 @@ Yes, you can email a request to aprokaev@gmail.com. We intensively develop this
|
|
| 112 |
|
| 113 |
== Changelog ==
|
| 114 |
|
|
|
|
|
|
|
|
|
|
| 115 |
= 3.1.3 - 2020-03-24 =
|
| 116 |
* Fixed CRITICAL bug - export via "Bulk actions" (at screen >WooCommerce>Orders) works incorrectly
|
| 117 |
|
| 5 |
Requires PHP: 5.4.0
|
| 6 |
Requires at least: 4.7
|
| 7 |
Tested up to: 5.4
|
| 8 |
+
Stable tag: 3.1.4
|
| 9 |
License: GPLv2 or later
|
| 10 |
License URI: http://www.gnu.org/licenses/gpl-2.0.html
|
| 11 |
|
| 112 |
|
| 113 |
== Changelog ==
|
| 114 |
|
| 115 |
+
= 3.1.4 - 2020-04-15 =
|
| 116 |
+
* Prevent XSS attack (CVE-2020-11727). Thank Jack Misiura for reporting this vulnerability!
|
| 117 |
+
|
| 118 |
= 3.1.3 - 2020-03-24 =
|
| 119 |
* Fixed CRITICAL bug - export via "Bulk actions" (at screen >WooCommerce>Orders) works incorrectly
|
| 120 |
|
view/settings-form.php
CHANGED
|
@@ -74,7 +74,7 @@ function remove_time_from_date( $datetime ) {
|
|
| 74 |
<?php $woe_order_post_type = isset($settings['post_type']) ? $settings['post_type'] : (isset($_GET['woe_post_type']) ? $_GET['woe_post_type'] : 'shop_order'); ?>
|
| 75 |
|
| 76 |
<script>
|
| 77 |
-
var woe_order_post_type = '<?php echo $woe_order_post_type ?>';
|
| 78 |
var mode = '<?php echo $mode ?>';
|
| 79 |
var job_id = '<?php echo esc_js( $id ) ?>';
|
| 80 |
var output_format = '<?php echo $settings['format'] ?>';
|
|
@@ -104,7 +104,7 @@ function remove_time_from_date( $datetime ) {
|
|
| 104 |
<?php endif; ?>
|
| 105 |
|
| 106 |
<input type="hidden" name="settings[post_type]"
|
| 107 |
-
|
| 108 |
|
| 109 |
<?php if ($woe_order_post_type && $woe_order_post_type !== 'shop_order'): ?>
|
| 110 |
<div id="my-export-post-type" class="my-block" style="width: 100%; max-width: 993px;">
|
|
@@ -1975,5 +1975,5 @@ function remove_time_from_date( $datetime ) {
|
|
| 1975 |
<input name="mode" type="hidden" value="<?php echo $mode ?>">
|
| 1976 |
<input name="id" type="hidden" value="<?php echo $id ?>">
|
| 1977 |
<input name="json" type="hidden">
|
| 1978 |
-
<input name="woe_order_post_type" type="hidden" value="<?php echo $woe_order_post_type ?>">
|
| 1979 |
-
</form>
|
| 74 |
<?php $woe_order_post_type = isset($settings['post_type']) ? $settings['post_type'] : (isset($_GET['woe_post_type']) ? $_GET['woe_post_type'] : 'shop_order'); ?>
|
| 75 |
|
| 76 |
<script>
|
| 77 |
+
var woe_order_post_type = '<?php echo esc_js( $woe_order_post_type ) ?>';
|
| 78 |
var mode = '<?php echo $mode ?>';
|
| 79 |
var job_id = '<?php echo esc_js( $id ) ?>';
|
| 80 |
var output_format = '<?php echo $settings['format'] ?>';
|
| 104 |
<?php endif; ?>
|
| 105 |
|
| 106 |
<input type="hidden" name="settings[post_type]"
|
| 107 |
+
value="<?php echo esc_attr( $woe_order_post_type ) ?>">
|
| 108 |
|
| 109 |
<?php if ($woe_order_post_type && $woe_order_post_type !== 'shop_order'): ?>
|
| 110 |
<div id="my-export-post-type" class="my-block" style="width: 100%; max-width: 993px;">
|
| 1975 |
<input name="mode" type="hidden" value="<?php echo $mode ?>">
|
| 1976 |
<input name="id" type="hidden" value="<?php echo $id ?>">
|
| 1977 |
<input name="json" type="hidden">
|
| 1978 |
+
<input name="woe_order_post_type" type="hidden" value="<?php echo esc_attr( $woe_order_post_type ) ?>">
|
| 1979 |
+
</form>
|
woo-order-export-lite.php
CHANGED
|
@@ -5,7 +5,7 @@
|
|
| 5 |
* Description: Export orders from WooCommerce with ease (Excel/CSV/XML/JSON supported)
|
| 6 |
* Author: AlgolPlus
|
| 7 |
* Author URI: https://algolplus.com/
|
| 8 |
-
* Version: 3.1.
|
| 9 |
* Text Domain: woo-order-export-lite
|
| 10 |
* Domain Path: /i18n/languages/
|
| 11 |
* WC requires at least: 2.6.0
|
|
@@ -39,9 +39,11 @@ if ( class_exists( 'WC_Order_Export_Admin' ) ) {
|
|
| 39 |
return;
|
| 40 |
}
|
| 41 |
|
| 42 |
-
|
| 43 |
-
define( '
|
| 44 |
-
define( '
|
|
|
|
|
|
|
| 45 |
|
| 46 |
$extension_file = WOE_PLUGIN_BASEPATH.'/pro_version/pre-loader.php';
|
| 47 |
if ( file_exists( $extension_file ) ) {
|
|
@@ -91,4 +93,5 @@ register_deactivation_hook( __FILE__, array( $wc_order_export, 'deactivate' ) );
|
|
| 91 |
if ( $wc_order_export->must_run_ajax_methods() AND ! ob_get_level() ) {
|
| 92 |
ob_start();
|
| 93 |
}
|
|
|
|
| 94 |
//Done
|
| 5 |
* Description: Export orders from WooCommerce with ease (Excel/CSV/XML/JSON supported)
|
| 6 |
* Author: AlgolPlus
|
| 7 |
* Author URI: https://algolplus.com/
|
| 8 |
+
* Version: 3.1.4
|
| 9 |
* Text Domain: woo-order-export-lite
|
| 10 |
* Domain Path: /i18n/languages/
|
| 11 |
* WC requires at least: 2.6.0
|
| 39 |
return;
|
| 40 |
}
|
| 41 |
|
| 42 |
+
if ( ! defined( 'WOE_VERSION' ) ) {
|
| 43 |
+
define( 'WOE_VERSION', '3.1.4' );
|
| 44 |
+
define( 'WOE_PLUGIN_BASENAME', plugin_basename( __FILE__ ) );
|
| 45 |
+
define( 'WOE_PLUGIN_BASEPATH', dirname( __FILE__ ) );
|
| 46 |
+
}
|
| 47 |
|
| 48 |
$extension_file = WOE_PLUGIN_BASEPATH.'/pro_version/pre-loader.php';
|
| 49 |
if ( file_exists( $extension_file ) ) {
|
| 93 |
if ( $wc_order_export->must_run_ajax_methods() AND ! ob_get_level() ) {
|
| 94 |
ob_start();
|
| 95 |
}
|
| 96 |
+
|
| 97 |
//Done
|
