Product Feed PRO for WooCommerce

Version Description

Fixed a XSS vulnerability issue

Release Info

Developer	jorisverwater
Plugin	Product Feed PRO for WooCommerce
Version	11.2.3
Comparing to
See all releases

Code changes from version 11.2.2 to 11.2.3

Files changed (4) hide show

js/woosea_key.js +1 -1
js/woosea_rules.js +16 -13
readme.txt +7 -1
woocommerce-sea.php +9 -9

js/woosea_key.js CHANGED Viewed

	@@ -26,7 +26,7 @@ jQuery(document).ready(function($) {
26	var license_key = $('#license-key').val();
27
28	jQuery.ajax({
29	- url: 'https://www.adtribes.io/check/license.php?key=' + license_key + '&email=' + license_email + '&domain=' + root_domain + '&version=11.2.2',
30	jsonp: 'callback',
31	dataType: 'jsonp',
32	type: 'GET',


26	var license_key = $('#license-key').val();
27
28	jQuery.ajax({
29	+ url: 'https://www.adtribes.io/check/license.php?key=' + license_key + '&email=' + license_email + '&domain=' + root_domain + '&version=11.2.3',
30	jsonp: 'callback',
31	dataType: 'jsonp',
32	type: 'GET',

js/woosea_rules.js CHANGED Viewed

@@ -93,19 +93,22 @@ jQuery(document).ready(function($) {
                             	// Check if user selected a data manipulation condition
                             	jQuery("#rules_" + rowCount).on("change", function(){
                          			if ($(this).val() == "categories") {
-            -
            					jQuery.ajax({
-            -
                 		   				method: "POST",
-            -
                    					url: ajaxurl,
-            -
                    					data: {
-            -
            							'action': 'woosea_categories_dropdown',
-            -
            							'rowCount': rowCount
-            -
            						}
-            -
                  					})
-            -
-            -
                            			.done(function( data ) {
-            -
            			                        data = JSON.parse( data );
-            -
                                                   		jQuery("#criteria_" + rowCount).replaceWith('' + data.dropdown + '');
-            -
            					});
+            				}
             			});
                   		})


93	// Check if user selected a data manipulation condition
94	jQuery("#rules_" + rowCount).on("change", function(){
95	if ($(this).val() == "categories") {
96	+ var checkNumeric = $.isNumeric(rowCount);
97	+ if(checkNumeric) {
98	+ jQuery.ajax({
99	+ method: "POST",
100	+ url: ajaxurl,
101	+ data: {
102	+ 'action': 'woosea_categories_dropdown',
103	+ 'rowCount': rowCount
104	+ }
105	+ })
106	+
107	+ .done(function( data ) {
108	+ data = JSON.parse( data );
109	+ jQuery("#criteria_" + rowCount).replaceWith('' + data.dropdown + '');
110	+ });
111	+ }
112	}
113	});
114	})

readme.txt CHANGED Viewed

	@@ -5,7 +5,7 @@ License URI: http://www.gnu.org/licenses/gpl.html
5	Tags: Google Shopping Feed, WooCommerce Product Feed, Facebook Product Feed, Bing Shopping Feed, Bing Product Feed, Google Merchant Feed, Skroutz, Google Product Feed, Pinterest, Idealo, Facebook Pixel, Facebook Conversion API
6	Requires at least: 4.5
7	Tested up to: 5.9
8	- Stable tag: 11.2.2
9
10	== Description ==
11
	@@ -337,6 +337,9 @@ Questions left or unanswered? Please do not hesitate to contact us at support@ad
337
338	=== Changelog ===
339



340	= 11.2.2 (2022-01-31) =
341	* Fixed a XSS vulnerability issue
342
	@@ -3584,6 +3587,9 @@ Questions left or unanswered? Please do not hesitate to contact us at support@ad
3584
3585	== Upgrade Notice ==
3586



3587	= 11.2.2 =
3588	Fixed a XSS vulnerability issue
3589


5	Tags: Google Shopping Feed, WooCommerce Product Feed, Facebook Product Feed, Bing Shopping Feed, Bing Product Feed, Google Merchant Feed, Skroutz, Google Product Feed, Pinterest, Idealo, Facebook Pixel, Facebook Conversion API
6	Requires at least: 4.5
7	Tested up to: 5.9
8	+ Stable tag: 11.2.3
9
10	== Description ==
11

337
338	=== Changelog ===
339
340	+ = 11.2.3 (2022-02-01) =
341	+ * Fixed a XSS vulnerability issue
342	+
343	= 11.2.2 (2022-01-31) =
344	* Fixed a XSS vulnerability issue
345

3587
3588	== Upgrade Notice ==
3589
3590	+ = 11.2.3 =
3591	+ Fixed a XSS vulnerability issue
3592	+
3593	= 11.2.2 =
3594	Fixed a XSS vulnerability issue
3595

woocommerce-sea.php CHANGED Viewed

	@@ -1,7 +1,7 @@
1	<?php
2	/**
3	* Plugin Name: Product Feed PRO for WooCommerce
4	- * Version: 11.2.2
5	* Plugin URI: https://www.adtribes.io/support/?utm_source=wpadmin&utm_medium=plugin&utm_campaign=woosea_product_feed_pro
6	* Description: Configure and maintain your WooCommerce product feeds for Google Shopping, Facebook, Remarketing, Bing, Skroutz, Yandex, Comparison shopping websites and over a 100 channels more.
7	* Author: AdTribes.io
	@@ -48,7 +48,7 @@ if (!defined('ABSPATH')) {
48	* Plugin versionnumber, please do not override.
49	* Define some constants
50	*/
51	- define( 'WOOCOMMERCESEA_PLUGIN_VERSION', '11.2.2' );
52	define( 'WOOCOMMERCESEA_PLUGIN_NAME', 'woocommerce-product-feed-pro' );
53	define( 'WOOCOMMERCESEA_PLUGIN_NAME_SHORT', 'woo-product-feed-pro' );
54
	@@ -917,8 +917,8 @@ function woosea_ajax() {
917	$allowed_roles = array( 'administrator' );
918
919	if ( array_intersect( $allowed_roles, $user->roles ) ) {
920	- $rowCount = sanitize_text_field($_POST['rowCount']);
921	-
922	$attributes_dropdown = get_option('attributes_dropdown');
923	if (!is_array($attributes_dropdown)){
924	$attributes_obj = new WooSEA_Attributes;
	@@ -941,8 +941,8 @@ add_action( 'wp_ajax_woosea_ajax', 'woosea_ajax' );
941	* Get a list of categories for the drop-down
942	*/
943	function woosea_categories_dropdown() {
944	- $rowCount = esc_attr(sanitize_text_field($_POST['rowCount']));
945	-
946	$user = wp_get_current_user();
947	$allowed_roles = array( 'administrator','editor','author' );
948
	@@ -1125,7 +1125,7 @@ add_action( 'wp_ajax_woosea_add_mass_cat_mapping', 'woosea_add_mass_cat_mapping'
1125	* Map categories to the correct Google Shopping category taxonomy
1126	*/
1127	function woosea_add_cat_mapping() {
1128	- $rowCount = sanitize_text_field($_POST['rowCount']);
1129	$className = sanitize_text_field($_POST['className']);
1130	$map_to_category = sanitize_text_field($_POST['map_to_category']);
1131	$project_hash = sanitize_text_field($_POST['project_hash']);
	@@ -4179,7 +4179,7 @@ function woosea_fieldmapping_dropdown(){
4179
4180	if ( array_intersect( $allowed_roles, $user->roles ) ) {
4181	$channel_hash = sanitize_text_field($_POST['channel_hash']);
4182	- $rowCount = sanitize_text_field($_POST['rowCount']);
4183	$channel_data = WooSEA_Update_Project::get_channel_data($channel_hash);
4184
4185	require plugin_dir_path(__FILE__) . '/classes/channels/class-'.$channel_data['fields'].'.php';
	@@ -4219,7 +4219,7 @@ add_action( 'wp_ajax_woosea_fieldmapping_dropdown', 'woosea_fieldmapping_dropdow
4219	* Get the attribute dropdowns for category mapping
4220	*/
4221	function woosea_autocomplete_dropdown() {
4222	- $rowCount = sanitize_text_field($_POST['rowCount']);
4223
4224	$mapping_obj = new WooSEA_Attributes;
4225	$mapping_dropdown = $mapping_obj->get_mapping_attributes_dropdown();


1	<?php
2	/**
3	* Plugin Name: Product Feed PRO for WooCommerce
4	+ * Version: 11.2.3
5	* Plugin URI: https://www.adtribes.io/support/?utm_source=wpadmin&utm_medium=plugin&utm_campaign=woosea_product_feed_pro
6	* Description: Configure and maintain your WooCommerce product feeds for Google Shopping, Facebook, Remarketing, Bing, Skroutz, Yandex, Comparison shopping websites and over a 100 channels more.
7	* Author: AdTribes.io

48	* Plugin versionnumber, please do not override.
49	* Define some constants
50	*/
51	+ define( 'WOOCOMMERCESEA_PLUGIN_VERSION', '11.2.3' );
52	define( 'WOOCOMMERCESEA_PLUGIN_NAME', 'woocommerce-product-feed-pro' );
53	define( 'WOOCOMMERCESEA_PLUGIN_NAME_SHORT', 'woo-product-feed-pro' );
54

917	$allowed_roles = array( 'administrator' );
918
919	if ( array_intersect( $allowed_roles, $user->roles ) ) {
920	+ $rowCount = absint(esc_attr(sanitize_text_field($_POST['rowCount'])));
921	+
922	$attributes_dropdown = get_option('attributes_dropdown');
923	if (!is_array($attributes_dropdown)){
924	$attributes_obj = new WooSEA_Attributes;

941	* Get a list of categories for the drop-down
942	*/
943	function woosea_categories_dropdown() {
944	+ $rowCount = absint(esc_attr(sanitize_text_field($_POST['rowCount'])));
945	+
946	$user = wp_get_current_user();
947	$allowed_roles = array( 'administrator','editor','author' );
948

1125	* Map categories to the correct Google Shopping category taxonomy
1126	*/
1127	function woosea_add_cat_mapping() {
1128	+ $rowCount = absint(esc_attr(sanitize_text_field($_POST['rowCount'])));
1129	$className = sanitize_text_field($_POST['className']);
1130	$map_to_category = sanitize_text_field($_POST['map_to_category']);
1131	$project_hash = sanitize_text_field($_POST['project_hash']);

4179
4180	if ( array_intersect( $allowed_roles, $user->roles ) ) {
4181	$channel_hash = sanitize_text_field($_POST['channel_hash']);
4182	+ $rowCount = absint(esc_attr(sanitize_text_field($_POST['rowCount'])));
4183	$channel_data = WooSEA_Update_Project::get_channel_data($channel_hash);
4184
4185	require plugin_dir_path(__FILE__) . '/classes/channels/class-'.$channel_data['fields'].'.php';

4219	* Get the attribute dropdowns for category mapping
4220	*/
4221	function woosea_autocomplete_dropdown() {
4222	+ $rowCount = absint(esc_attr(sanitize_text_field($_POST['rowCount'])));
4223
4224	$mapping_obj = new WooSEA_Attributes;
4225	$mapping_dropdown = $mapping_obj->get_mapping_attributes_dropdown();

Product Feed PRO for WooCommerce - Version 11.2.3

Version Description

Release Info

Code changes from version 11.2.2 to 11.2.3