WooCommerce Checkout Manager - Version 4.3

Version Description

  • Fixed: Security issue where Categorize Uploaded Files is selected
  • Changed: Disabled Categorize Uploaded Files feature
  • Added: Plugin Upgrade notice for this release
  • Fixed: File picker not working for Additional Checkout section
  • Added: Nonce support for file picker fields
Download this release

Release Info

Developer visser
Plugin Icon 128x128 WooCommerce Checkout Manager
Version 4.3
Comparing to
See all releases

Code changes from version 4.2.6 to 4.3

Files changed (9) hide show
  1. includes/admin.php +107 -89
  2. includes/checkout.php +6 -0
  3. includes/template.php +189 -51
  4. includes/templates/admin/woocheckout-general-uploads.php +3 -1
  5. includes/templates/functions/add_wooccmupload.php +39 -59
  6. includes/templates/functions/billing_wooccmupload.php +8 -9
  7. includes/templates/functions/shipping_wooccmupload.php +12 -10
  8. readme.txt +11 -1
  9. woocommerce-checkout-manager.php +1 -1
includes/admin.php CHANGED
@@ -1216,7 +1216,15 @@ function wooccm_admin_edit_order_additional_details( $order ) {
1216
  $btn['type'] == 'wooccmupload'
1217
  ) {
1218
  $attachments = get_post_meta( $order_id, $btn['cow'], true );
1219
- $attachments = ( $attachments !== '' ? explode( ",", $attachments ) : false );
 
 
 
 
 
 
 
 
1220
  echo '
1221
  <p class="form-field form-field-wide form-field-type-wooccmupload">
1222
  <strong>'.wooccm_wpml_string( trim( $btn['label'] ) ).':</strong>';
@@ -1334,7 +1342,15 @@ function wooccm_admin_edit_order_billing_details( $order ) {
1334
  $btn['type'] == 'wooccmupload'
1335
  ) {
1336
  $attachments = get_post_meta( $order_id, sprintf( '_billing_%s', $btn['cow'] ), true );
1337
- $attachments = ( $attachments !== '' ? explode( ",", $attachments ) : false );
 
 
 
 
 
 
 
 
1338
  $btn['label'] = ( !empty( $btn['force_title2'] ) ? $btn['force_title2'] : $btn['label'] );
1339
  echo '
1340
  <p class="form-field form-field-wide form-field-type-wooccmupload">
@@ -1450,18 +1466,22 @@ function wooccm_admin_edit_order_shipping_details( $order ) {
1450
  $btn['type'] == 'wooccmupload'
1451
  ) {
1452
  $attachments = get_post_meta( $order_id, sprintf( '_shipping_%s', $btn['cow'] ), true );
1453
- $attachments = ( $attachments !== '' ? explode( ",", $attachments ) : false );
 
 
 
 
 
 
 
 
1454
  $btn['label'] = ( !empty( $btn['force_title2'] ) ? $btn['force_title2'] : $btn['label'] );
1455
  echo '
1456
  <p class="form-field form-field-wide form-field-type-wooccmupload">
1457
  <strong>'.wooccm_wpml_string( trim( $btn['label'] ) ).':</strong>';
1458
- if( empty( $attachments ) ) {
1459
- echo '<br />';
1460
- echo '-';
1461
- }
1462
  echo '
1463
  </p>' . "\n";
1464
- if( !empty( $attachments ) ) {
1465
  echo '<ul>' . "\n";
1466
  foreach( $attachments as $attachment ) {
1467
  $attachment_url = wp_get_attachment_url( $attachment );
@@ -1469,6 +1489,9 @@ if( empty( $attachments ) ) {
1469
  echo '<li><a href="' . $attachment_url . '" target="_blank">' . basename( $attachment_url ) . '</a></li>' . "\n";
1470
  }
1471
  echo '</ul>';
 
 
 
1472
  }
1473
  echo '
1474
  <!-- .form-field-type-wooccmupload -->';
@@ -1569,8 +1592,12 @@ function wooccm_admin_edit_order_uploaded_files_meta_box( $post ) {
1569
  // Check the Order for these meta keys
1570
  foreach( $meta_keys as $meta_key ) {
1571
  $value = get_post_meta( $order_id, $meta_key, true );
1572
- if( !empty( $value ) )
1573
- $array[] = implode( ',', $value );
 
 
 
 
1574
  }
1575
  }
1576
 
@@ -1997,19 +2024,8 @@ jQuery(document).ready(function($){
1997
 
1998
  function wccs_upload_file_func_callback( $order_id ) {
1999
 
2000
- global $wpdb, $woocommerce, $post; // this is how you get access to the database
2001
-
2002
- $options = get_option( 'wccs_settings' );
2003
-
2004
- $order_id = ( isset( $_REQUEST['order_id'] ) ? absint( $_REQUEST['order_id'] ) : false );
2005
-
2006
- // load files
2007
- require_once( ABSPATH . 'wp-admin/includes/file.php' );
2008
- require_once( ABSPATH . 'wp-admin/includes/media.php' );
2009
-
2010
- $upload_dir = wp_upload_dir();
2011
-
2012
  $name = ( isset( $_REQUEST['name'] ) ? $_REQUEST['name'] : false );
 
2013
 
2014
  if( empty( $name ) ) {
2015
  echo ' '.__('Upload failed. Files were not uploaded.','woocommerce-checkout-manager').'';
@@ -2021,7 +2037,18 @@ function wccs_upload_file_func_callback( $order_id ) {
2021
  die();
2022
  }
2023
 
 
 
 
 
 
 
 
 
 
 
2024
  $has_uploads = false;
 
2025
  $order = new WC_Order( $order_id );
2026
 
2027
  $files = $_FILES[''. $name .''];
@@ -2031,78 +2058,51 @@ function wccs_upload_file_func_callback( $order_id ) {
2031
  foreach( $files['name'] as $key => $value ) {
2032
  if( $files['name'][$key] ) {
2033
 
2034
- // using the wp_handle_upload
2035
- if ( empty($options['checkness']['cat_file_upload']) ) {
2036
- $file = array(
2037
- 'name' => $files['name'][$key],
2038
- 'type' => $files['type'][$key],
2039
- 'tmp_name' => $files['tmp_name'][$key],
2040
- 'error' => $files['error'][$key],
2041
- 'size' => $files['size'][$key]
2042
- );
2043
-
2044
- // $movefile = wp_handle_upload($file, $upload_overrides);
2045
- $movefile = wp_handle_upload( $file );
2046
-
2047
- // Check if the save process failed
2048
- if( isset( $movefile['error'] ) ) {
2049
- echo 'Could not save uploaded file. Files were not uploaded.';
2050
- die();
2051
- }
2052
-
2053
- $attachment = array(
2054
- 'guid' => $movefile['url'],
2055
- 'post_mime_type' => $movefile['type'],
2056
- 'post_title' => preg_replace( '/\.[^.]+$/', '', basename( $movefile['file'] ) ),
2057
- 'post_content' => '',
2058
- 'post_status' => 'inherit',
2059
- 'post_parent' => $order_id
2060
- );
2061
-
2062
- $attach_id = wp_insert_attachment( $attachment, $movefile['url'], $order_id );
2063
-
2064
- // you must first include the image.php file
2065
- // for the function wp_generate_attachment_metadata() to work
2066
-
2067
- require_once( ABSPATH . 'wp-admin/includes/image.php' );
2068
- $attach_data = wp_generate_attachment_metadata( $attach_id, $movefile['url'] );
2069
- wp_update_attachment_metadata( $attach_id, $attach_data );
2070
-
2071
- $has_uploads = true;
2072
-
2073
- } else {
2074
 
2075
- // using move_uploaded_file to categorized uploaded images
2076
- if( !file_exists( $upload_dir['basedir'] . '/wooccm_uploads/' . $order_id . '/' ) ) {
2077
- wp_mkdir_p( $upload_dir['basedir'] . '/wooccm_uploads/' . $order_id . '/' );
2078
- }
 
 
 
2079
 
2080
- $filename = $files['name'][$key];
2081
- $wp_filetype = wp_check_filetype( $filename );
2082
- $URLpath = $upload_dir['baseurl'] . '/wooccm_uploads/' . $order_id . '/' . $filename;
2083
 
2084
- move_uploaded_file( $files["tmp_name"][$key], $upload_dir['basedir'] . '/wooccm_uploads/' . $order_id . '/' . $filename);
 
 
 
 
2085
 
2086
- $attachment = array(
2087
- 'guid' => $URLpath,
2088
- 'post_mime_type' => $wp_filetype['type'],
2089
- 'post_title' => preg_replace( '/\.[^.]+$/', '', $filename),
2090
- 'post_content' => '',
2091
- 'post_status' => 'inherit'
2092
- );
 
2093
 
2094
- $attach_id = wp_insert_attachment( $attachment, $URLpath, $order_id);
2095
 
2096
- // you must first include the image.php file
2097
- // for the function wp_generate_attachment_metadata() to work
2098
 
2099
- require_once( ABSPATH . 'wp-admin/includes/image.php' );
2100
- $attach_data = wp_generate_attachment_metadata( $attach_id, $URLpath );
2101
- wp_update_attachment_metadata( $attach_id, $attach_data );
2102
 
2103
- $has_uploads = true;
2104
 
2105
- }
2106
  }
2107
  }
2108
  if( $has_uploads ) {
@@ -2147,7 +2147,6 @@ function wccs_upload_file_func_callback( $order_id ) {
2147
 
2148
  }
2149
  add_action("wp_ajax_wccs_upload_file_func", "wccs_upload_file_func_callback");
2150
- add_action("wp_ajax_nopriv_wccs_upload_file_func", "wccs_upload_file_func_callback");
2151
 
2152
  function wooccm_set_html_content_type() {
2153
 
@@ -2172,14 +2171,34 @@ function update_attachment_wccm_callback() {
2172
 
2173
  global $post, $wpdb, $woocommerce;
2174
 
 
 
 
 
2175
  $array1 = explode( ',', sanitize_text_field( isset( $_POST['wccm_default_keys_load'] ) ? $_POST['wccm_default_keys_load'] : '' ) );
2176
  $array2 = explode( ',', sanitize_text_field( isset( $_POST['product_image_gallery'] ) ? $_POST['product_image_gallery'] : '' ) );
2177
  $attachment_ids = array_diff( $array1, $array2 );
2178
 
2179
  if( isset( $_POST['wccm_default_keys_load'] ) ) {
2180
  if( !empty( $attachment_ids ) ) {
2181
- foreach( $attachment_ids as $key => $values ) {
2182
- wp_delete_attachment( $attachment_ids[$key] );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2183
  }
2184
  }
2185
  echo __('Deleted successfully.','woocommerce-checkout-manager');
@@ -2188,5 +2207,4 @@ function update_attachment_wccm_callback() {
2188
 
2189
  }
2190
  add_action( 'wp_ajax_update_attachment_wccm', 'update_attachment_wccm_callback' );
2191
- add_action( 'wp_ajax_nopriv_update_attachment_wccm', 'update_attachment_wccm_callback' );
2192
  ?>
1216
  $btn['type'] == 'wooccmupload'
1217
  ) {
1218
  $attachments = get_post_meta( $order_id, $btn['cow'], true );
1219
+ if( !empty( $attachments ) ) {
1220
+ // Check for delimiter
1221
+ if( strstr( $attachments, '||' ) !== false )
1222
+ $attachments = explode( '||', $attachments );
1223
+ else if( strstr( $attachments, ',' ) !== false )
1224
+ $attachments = explode( ',', $attachments );
1225
+ else if( is_numeric( $attachments ) )
1226
+ $attachments = array( $attachments );
1227
+ }
1228
  echo '
1229
  <p class="form-field form-field-wide form-field-type-wooccmupload">
1230
  <strong>'.wooccm_wpml_string( trim( $btn['label'] ) ).':</strong>';
1342
  $btn['type'] == 'wooccmupload'
1343
  ) {
1344
  $attachments = get_post_meta( $order_id, sprintf( '_billing_%s', $btn['cow'] ), true );
1345
+ if( !empty( $attachments ) ) {
1346
+ // Check for delimiter
1347
+ if( strstr( $attachments, '||' ) !== false )
1348
+ $attachments = explode( '||', $attachments );
1349
+ else if( strstr( $attachments, ',' ) !== false )
1350
+ $attachments = explode( ',', $attachments );
1351
+ else if( is_numeric( $attachments ) )
1352
+ $attachments = array( $attachments );
1353
+ }
1354
  $btn['label'] = ( !empty( $btn['force_title2'] ) ? $btn['force_title2'] : $btn['label'] );
1355
  echo '
1356
  <p class="form-field form-field-wide form-field-type-wooccmupload">
1466
  $btn['type'] == 'wooccmupload'
1467
  ) {
1468
  $attachments = get_post_meta( $order_id, sprintf( '_shipping_%s', $btn['cow'] ), true );
1469
+ if( !empty( $attachments ) ) {
1470
+ // Check for delimiter
1471
+ if( strstr( $attachments, '||' ) !== false )
1472
+ $attachments = explode( '||', $attachments );
1473
+ else if( strstr( $attachments, ',' ) !== false )
1474
+ $attachments = explode( ',', $attachments );
1475
+ else if( is_numeric( $attachments ) )
1476
+ $attachments = array( $attachments );
1477
+ }
1478
  $btn['label'] = ( !empty( $btn['force_title2'] ) ? $btn['force_title2'] : $btn['label'] );
1479
  echo '
1480
  <p class="form-field form-field-wide form-field-type-wooccmupload">
1481
  <strong>'.wooccm_wpml_string( trim( $btn['label'] ) ).':</strong>';
 
 
 
 
1482
  echo '
1483
  </p>' . "\n";
1484
+ if( !empty( $attachments ) && is_array( $attachments ) ) {
1485
  echo '<ul>' . "\n";
1486
  foreach( $attachments as $attachment ) {
1487
  $attachment_url = wp_get_attachment_url( $attachment );
1489
  echo '<li><a href="' . $attachment_url . '" target="_blank">' . basename( $attachment_url ) . '</a></li>' . "\n";
1490
  }
1491
  echo '</ul>';
1492
+ } else {
1493
+ echo '<br />';
1494
+ echo '-';
1495
  }
1496
  echo '
1497
  <!-- .form-field-type-wooccmupload -->';
1592
  // Check the Order for these meta keys
1593
  foreach( $meta_keys as $meta_key ) {
1594
  $value = get_post_meta( $order_id, $meta_key, true );
1595
+ if( !empty( $value ) ) {
1596
+ if( is_array( $value ) )
1597
+ $array[] = implode( ',', $value );
1598
+ else
1599
+ $array[] = $value;
1600
+ }
1601
  }
1602
  }
1603
 
2024
 
2025
  function wccs_upload_file_func_callback( $order_id ) {
2026
 
 
 
 
 
 
 
 
 
 
 
 
 
2027
  $name = ( isset( $_REQUEST['name'] ) ? $_REQUEST['name'] : false );
2028
+ $order_id = ( isset( $_REQUEST['order_id'] ) ? absint( $_REQUEST['order_id'] ) : false );
2029
 
2030
  if( empty( $name ) ) {
2031
  echo ' '.__('Upload failed. Files were not uploaded.','woocommerce-checkout-manager').'';
2037
  die();
2038
  }
2039
 
2040
+ global $wpdb, $woocommerce, $post; // this is how you get access to the database
2041
+
2042
+ // load files
2043
+ require_once( ABSPATH . 'wp-admin/includes/file.php' );
2044
+ require_once( ABSPATH . 'wp-admin/includes/media.php' );
2045
+
2046
+ $upload_dir = wp_upload_dir();
2047
+
2048
+ $options = get_option( 'wccs_settings' );
2049
+
2050
  $has_uploads = false;
2051
+
2052
  $order = new WC_Order( $order_id );
2053
 
2054
  $files = $_FILES[''. $name .''];
2058
  foreach( $files['name'] as $key => $value ) {
2059
  if( $files['name'][$key] ) {
2060
 
2061
+ $file = array(
2062
+ 'name' => $files['name'][$key],
2063
+ 'type' => $files['type'][$key],
2064
+ 'tmp_name' => $files['tmp_name'][$key],
2065
+ 'error' => $files['error'][$key],
2066
+ 'size' => $files['size'][$key]
2067
+ );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
2068
 
2069
+ if( !empty($options['checkness']['cat_file_upload']) ) {
2070
+ add_filter( 'upload_dir', function( $param ) use ( $order_id ) {
2071
+ $param['path'] = sprintf( '%s/wooccm_uploads/%d', $param['basedir'], $order_id );
2072
+ $param['url'] = sprintf( '%s/wooccm_uploads/%d', $param['baseurl'], $order_id );
2073
+ return $param;
2074
+ }, 10, 1 );
2075
+ }
2076
 
2077
+ // $movefile = wp_handle_upload($file, $upload_overrides);
2078
+ $movefile = wp_handle_upload( $file );
 
2079
 
2080
+ // Check if the save process failed
2081
+ if( isset( $movefile['error'] ) ) {
2082
+ echo 'Could not save uploaded file. Files were not uploaded.';
2083
+ die();
2084
+ }
2085
 
2086
+ $attachment = array(
2087
+ 'guid' => $movefile['url'],
2088
+ 'post_mime_type' => $movefile['type'],
2089
+ 'post_title' => preg_replace( '/\.[^.]+$/', '', basename( $movefile['file'] ) ),
2090
+ 'post_content' => '',
2091
+ 'post_status' => 'inherit',
2092
+ 'post_parent' => $order_id
2093
+ );
2094
 
2095
+ $attach_id = wp_insert_attachment( $attachment, $movefile['url'], $order_id );
2096
 
2097
+ // you must first include the image.php file
2098
+ // for the function wp_generate_attachment_metadata() to work
2099
 
2100
+ require_once( ABSPATH . 'wp-admin/includes/image.php' );
2101
+ $attach_data = wp_generate_attachment_metadata( $attach_id, $movefile['url'] );
2102
+ wp_update_attachment_metadata( $attach_id, $attach_data );
2103
 
2104
+ $has_uploads = true;
2105
 
 
2106
  }
2107
  }
2108
  if( $has_uploads ) {
2147
 
2148
  }
2149
  add_action("wp_ajax_wccs_upload_file_func", "wccs_upload_file_func_callback");
 
2150
 
2151
  function wooccm_set_html_content_type() {
2152
 
2171
 
2172
  global $post, $wpdb, $woocommerce;
2173
 
2174
+ // Check the User has the manage_woocommerce capability
2175
+ if( current_user_can( 'manage_woocommerce' ) == false )
2176
+ die();
2177
+
2178
  $array1 = explode( ',', sanitize_text_field( isset( $_POST['wccm_default_keys_load'] ) ? $_POST['wccm_default_keys_load'] : '' ) );
2179
  $array2 = explode( ',', sanitize_text_field( isset( $_POST['product_image_gallery'] ) ? $_POST['product_image_gallery'] : '' ) );
2180
  $attachment_ids = array_diff( $array1, $array2 );
2181
 
2182
  if( isset( $_POST['wccm_default_keys_load'] ) ) {
2183
  if( !empty( $attachment_ids ) ) {
2184
+ foreach( $attachment_ids as $key => $attachtoremove ) {
2185
+
2186
+ // Check the Attachment exists...
2187
+ if( get_post_status( $attachtoremove ) == false )
2188
+ continue;
2189
+
2190
+ // Check the Attachment is associated with an Order
2191
+ $post_parent = get_post_field( 'post_parent', $attachtoremove );
2192
+ if( empty( $post_parent ) ) {
2193
+ continue;
2194
+ } else {
2195
+ if( get_post_type( $post_parent ) <> 'shop_order' )
2196
+ continue;
2197
+ }
2198
+
2199
+ // Delete the Attachment
2200
+ wp_delete_attachment( $attachtoremove );
2201
+
2202
  }
2203
  }
2204
  echo __('Deleted successfully.','woocommerce-checkout-manager');
2207
 
2208
  }
2209
  add_action( 'wp_ajax_update_attachment_wccm', 'update_attachment_wccm_callback' );
 
2210
  ?>
includes/checkout.php CHANGED
@@ -76,6 +76,12 @@ function wooccm_display_front() {
76
  if( !is_checkout() )
77
  return;
78
 
 
 
 
 
 
 
79
  $options = get_option( 'wccs_settings' );
80
 
81
  // Hide Ship to a different address? heading
76
  if( !is_checkout() )
77
  return;
78
 
79
+ echo '
80
+ <script type="text/javascript">
81
+ var ajaxurl = "' . admin_url( "admin-ajax.php" ) . '";
82
+ var ajaxnonce = "' . wp_create_nonce( "wccs_ajax_nonce" ) . '";
83
+ </script>';
84
+
85
  $options = get_option( 'wccs_settings' );
86
 
87
  // Hide Ship to a different address? heading
includes/template.php CHANGED
@@ -1,12 +1,9 @@
1
  <?php
2
- function wooccm_front_endupload() {
3
 
4
- require_once( ABSPATH . 'wp-admin/includes/file.php' );
5
- require_once( ABSPATH . 'wp-admin/includes/media.php' );
6
 
7
- $wp_upload_dir = wp_upload_dir();
8
  $name = ( isset( $_REQUEST["name"] ) ? $_REQUEST["name"] : false );
9
- $number_of_files = 0;
10
 
11
  // Check if a file has been uploaded
12
  if( empty( $_FILES ) ) {
@@ -20,57 +17,95 @@ function wooccm_front_endupload() {
20
  return;
21
  }
22
 
23
- $file = array(
24
- 'name' => $_FILES[$name]['name'],
25
- 'type' => $_FILES[$name]['type'],
26
- 'tmp_name' => $_FILES[$name]['tmp_name'],
27
- 'error' => $_FILES[$name]['error'],
28
- 'size' => $_FILES[$name]['size']
29
- );
30
 
31
- $upload_overrides = array( 'test_form' => false );
32
- $movefile = wp_handle_upload( $file, $upload_overrides );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
33
 
34
- // Check if upload was successful
35
- if( isset( $movefile['error'] ) && $movefile['error'][0] > 0 ) {
36
- wooccm_error_log( '[' . $name . '] upload failed: ' . print_r( $movefile, true ) );
37
- return;
38
- } else {
39
- $post_title = basename( $file['name'] );
40
- if( isset( $movefile['file'] ) )
41
- $post_title = basename( $movefile['file'] );
42
- $attachment = array(
43
- 'guid' => ( isset( $movefile['url'] ) ? $movefile['url'] : false ),
44
- 'post_mime_type' => ( isset( $movefile['type'] ) ? $movefile['type'] : $file['type'] ),
45
- 'post_title' => preg_replace( '/\.[^.]+$/', '', $post_title ),
46
- 'post_content' => '',
47
- 'post_status' => 'inherit'
48
- );
49
- if( !empty( $movefile['url'] ) ) {
50
- $attach_id = wp_insert_attachment( $attachment, $movefile['url'] );
51
- $number_of_files++;
52
- echo json_encode( $attach_id );
53
- // echo json_encode( array( $number_of_files, $attach_id ) );
54
  }
55
  }
56
 
 
 
 
 
 
 
57
  die();
58
 
59
  }
60
- add_action("wp_ajax_wooccm_front_endupload", "wooccm_front_endupload");
61
- add_action("wp_ajax_nopriv_wooccm_front_endupload", "wooccm_front_endupload");
62
 
63
- function wooccm_front_enduploadsave() {
64
 
65
  global $wpdb, $woocommerce, $post;
66
 
 
 
67
  require_once( ABSPATH . 'wp-admin/includes/file.php' );
68
  require_once( ABSPATH . 'wp-admin/includes/media.php' );
69
 
70
  $name = ( isset( $_REQUEST["name"] ) ? $_REQUEST["name"] : false );
71
  $attachtoremove = ( isset( $_REQUEST["remove"] ) ? $_REQUEST["remove"] : false );
72
 
73
- wp_delete_attachment( $attachtoremove );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
74
 
75
  $file = array(
76
  'name' => $_FILES[$name]['name'],
@@ -99,8 +134,8 @@ function wooccm_front_enduploadsave() {
99
 
100
  }
101
  //frontend handle
102
- add_action("wp_ajax_wooccm_front_enduploadsave", "wooccm_front_enduploadsave");
103
- add_action("wp_ajax_nopriv_wooccm_front_enduploadsave", "wooccm_front_enduploadsave");
104
 
105
  function wooccm_update_attachment_ids( $order_id = 0 ) {
106
 
@@ -150,7 +185,15 @@ function wooccm_update_attachment_ids( $order_id = 0 ) {
150
  if( $btn['type'] == 'wooccmupload' ) {
151
  $attachments = get_post_meta( $order_id , sprintf( '_%s_%s', $name, $btn['cow'] ), true );
152
  if( !empty( $attachments ) ) {
153
- $attachments = explode( ",", $attachments );
 
 
 
 
 
 
 
 
154
  if( !empty( $attachments ) ) {
155
  foreach( $attachments as $image_id ) {
156
 
@@ -181,7 +224,18 @@ function wooccm_update_attachment_ids( $order_id = 0 ) {
181
  if( $btn['type'] == 'wooccmupload' ) {
182
  $attachments = get_post_meta( $order_id , $btn['cow'], true );
183
  if( !empty( $attachments ) ) {
184
- $attachments = explode( ",", $attachments );
 
 
 
 
 
 
 
 
 
 
 
185
  foreach( $attachments as $image_id ) {
186
 
187
  if( !empty( $image_id ) ) {
@@ -355,12 +409,33 @@ function wooccm_order_received_checkout_details( $order ) {
355
  </td>
356
  </tr>';
357
  } elseif( $btn['type'] == 'wooccmupload' ) {
358
- $info = explode("||", get_post_meta( $order_id , sprintf( '_%s_%s', $name, $btn['cow'] ), true));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
359
  $btn['label'] = ( !empty( $btn['force_title2'] ) ? $btn['force_title2'] : $btn['label'] );
360
  echo '
361
  <tr>
362
  <th>'.wooccm_wpml_string( trim( $btn['label'] ) ).':</th>
363
- <td>'.$info[0].'</td>
364
  </tr>';
365
  }
366
  }
@@ -438,12 +513,33 @@ function wooccm_order_received_checkout_details( $order ) {
438
  </td>
439
  </tr>';
440
  } elseif( $btn['type'] == 'wooccmupload' ) {
441
- $info = explode("||", get_post_meta( $order_id , $btn['cow'], true));
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
442
  $btn['label'] = ( !empty( $btn['force_title2'] ) ? $btn['force_title2'] : $btn['label'] );
443
  echo '
444
  <tr>
445
- <th>'.wooccm_wpml_string( trim( $btn['label'] ) ).':</th>
446
- <td data-title="' . wooccm_wpml_string( trim( $btn['label'] ) ) . '">'.$info[0].'</td>
447
  </tr>';
448
  }
449
 
@@ -518,11 +614,32 @@ function wooccm_order_received_checkout_details( $order ) {
518
  echo '
519
  </dd>';
520
  } elseif( $btn['type'] == 'wooccmupload' ) {
521
- $info = explode( "||", get_post_meta( $order_id , sprintf( '_%s_%s', $name, $btn['cow'] ), true ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
522
  $btn['label'] = ( !empty( $btn['force_title2'] ) ? $btn['force_title2'] : $btn['label'] );
523
  echo '
524
  <dt>'.wooccm_wpml_string( trim( $btn['label'] ) ).':</dt>
525
- <dd>'.$info[0].'</dd>';
526
  }
527
  }
528
 
@@ -589,11 +706,32 @@ function wooccm_order_received_checkout_details( $order ) {
589
  echo '
590
  </dd>';
591
  } elseif( $btn['type'] == 'wooccmupload' ) {
592
- $info = explode( "||", get_post_meta( $order_id , $btn['cow'], true ) );
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
593
  $btn['label'] = ( !empty( $btn['force_title2'] ) ? $btn['force_title2'] : $btn['label'] );
594
  echo '
595
  <dt>'.wooccm_wpml_string( trim( $btn['label'] ) ).':</dt>
596
- <dd>'.$info[0].'</dd>';
597
  }
598
 
599
  }
1
  <?php
2
+ function wooccm_front_end_upload() {
3
 
4
+ check_ajax_referer( 'wccs_ajax_nonce', 'nonce' );
 
5
 
 
6
  $name = ( isset( $_REQUEST["name"] ) ? $_REQUEST["name"] : false );
 
7
 
8
  // Check if a file has been uploaded
9
  if( empty( $_FILES ) ) {
17
  return;
18
  }
19
 
20
+ require_once( ABSPATH . 'wp-admin/includes/file.php' );
21
+ require_once( ABSPATH . 'wp-admin/includes/media.php' );
 
 
 
 
 
22
 
23
+ $wp_upload_dir = wp_upload_dir();
24
+
25
+ $number_of_files = 0;
26
+ $attach_ids = array();
27
+
28
+ $files = $_FILES[$name];
29
+ foreach( $files['name'] as $key => $value ) {
30
+ if( $files['name'][$key] ) {
31
+ $file = array(
32
+ 'name' => $_FILES[$name]['name'][$key],
33
+ 'type' => $_FILES[$name]['type'][$key],
34
+ 'tmp_name' => $_FILES[$name]['tmp_name'][$key],
35
+ 'error' => $_FILES[$name]['error'][$key],
36
+ 'size' => $_FILES[$name]['size'][$key]
37
+ );
38
+ $upload_overrides = array( 'test_form' => false );
39
+ $movefile = wp_handle_upload( $file, $upload_overrides );
40
+
41
+ // Check if upload was successful
42
+ if( isset( $movefile['error'] ) && $movefile['error'] > 0 ) {
43
+ wooccm_error_log( '[' . $name . '] upload failed: ' . print_r( $movefile, true ) );
44
+ return;
45
+ }
46
+
47
+ $post_title = basename( $file['name'] );
48
+ if( isset( $movefile['file'] ) )
49
+ $post_title = basename( $movefile['file'] );
50
+ $attachment = array(
51
+ 'guid' => ( isset( $movefile['url'] ) ? $movefile['url'] : false ),
52
+ 'post_mime_type' => ( isset( $movefile['type'] ) ? $movefile['type'] : $file['type'] ),
53
+ 'post_title' => preg_replace( '/\.[^.]+$/', '', $post_title ),
54
+ 'post_content' => '',
55
+ 'post_status' => 'inherit'
56
+ );
57
+
58
+ if( !empty( $movefile['url'] ) ) {
59
+ $attach_id = wp_insert_attachment( $attachment, $movefile['url'] );
60
+ $attach_ids[] = $attach_id;
61
+ $number_of_files++;
62
+ // echo json_encode( array( $number_of_files, $attach_id ) );
63
+ }
64
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
65
  }
66
  }
67
 
68
+ if( !empty( $attach_ids ) ) {
69
+ $output = implode( ',', $attach_ids );
70
+ $output = json_encode( $output );
71
+ echo $output;
72
+ }
73
+
74
  die();
75
 
76
  }
77
+ add_action("wp_ajax_wooccm_front_end_upload", "wooccm_front_end_upload");
78
+ add_action("wp_ajax_nopriv_wooccm_front_end_upload", "wooccm_front_end_upload");
79
 
80
+ function wooccm_front_end_upload_save() {
81
 
82
  global $wpdb, $woocommerce, $post;
83
 
84
+ check_ajax_referer( 'wccs_ajax_nonce', 'nonce' );
85
+
86
  require_once( ABSPATH . 'wp-admin/includes/file.php' );
87
  require_once( ABSPATH . 'wp-admin/includes/media.php' );
88
 
89
  $name = ( isset( $_REQUEST["name"] ) ? $_REQUEST["name"] : false );
90
  $attachtoremove = ( isset( $_REQUEST["remove"] ) ? $_REQUEST["remove"] : false );
91
 
92
+ if( !empty( $attachtoremove ) ) {
93
+ // Check the Attachment exists...
94
+ if( get_post_status( $attachtoremove ) == false )
95
+ die();
96
+
97
+ // Check the Attachment is associated with an Order
98
+ $post_parent = get_post_field( 'post_parent', $attachtoremove );
99
+ if( empty( $post_parent ) ) {
100
+ die();
101
+ } else {
102
+ if( get_post_type( $post_parent ) <> 'shop_order' )
103
+ die();
104
+ }
105
+
106
+ // Delete the Attachment
107
+ wp_delete_attachment( $attachtoremove );
108
+ }
109
 
110
  $file = array(
111
  'name' => $_FILES[$name]['name'],
134
 
135
  }
136
  //frontend handle
137
+ add_action("wp_ajax_wooccm_front_end_upload_save", "wooccm_front_end_upload_save");
138
+ add_action("wp_ajax_nopriv_wooccm_front_end_upload_save", "wooccm_front_end_upload_save");
139
 
140
  function wooccm_update_attachment_ids( $order_id = 0 ) {
141
 
185
  if( $btn['type'] == 'wooccmupload' ) {
186
  $attachments = get_post_meta( $order_id , sprintf( '_%s_%s', $name, $btn['cow'] ), true );
187
  if( !empty( $attachments ) ) {
188
+
189
+ // Check for delimiter
190
+ if( strstr( $attachments, '||' ) !== false )
191
+ $attachments = explode( '||', $attachments );
192
+ else if( strstr( $attachments, ',' ) !== false )
193
+ $attachments = explode( ',', $attachments );
194
+ else
195
+ $attachments = array( $attachments );
196
+
197
  if( !empty( $attachments ) ) {
198
  foreach( $attachments as $image_id ) {
199
 
224
  if( $btn['type'] == 'wooccmupload' ) {
225
  $attachments = get_post_meta( $order_id , $btn['cow'], true );
226
  if( !empty( $attachments ) ) {
227
+
228
+ // Check for delimiter
229
+ if( strstr( $attachments, '||' ) !== false )
230
+ $attachments = explode( '||', $attachments );
231
+ else if( strstr( $attachments, ',' ) !== false )
232
+ $attachments = explode( ',', $attachments );
233
+ else if( is_numeric( $attachments ) )
234
+ $attachments = array( $attachments );
235
+
236
+ if( !is_array( $attachments ) )
237
+ continue;
238
+
239
  foreach( $attachments as $image_id ) {
240
 
241
  if( !empty( $image_id ) ) {
409
  </td>
410
  </tr>';
411
  } elseif( $btn['type'] == 'wooccmupload' ) {
412
+ $info = get_post_meta( $order_id, sprintf( '_%s_%s', $name, $btn['cow'] ), true );
413
+ if( !empty( $info ) ) {
414
+ // Check for delimiter
415
+ if( strstr( $info, '||' ) !== false )
416
+ $info = explode( '||', $info );
417
+ else if( strstr( $info, ',' ) !== false )
418
+ $info = explode( ',', $info );
419
+ else if( is_numeric( $info ) )
420
+ $info = array( $info );
421
+ if( is_array( $info ) ) {
422
+ $num_files = count( $info );
423
+ if( !empty( $num_files ) )
424
+ $info = sprintf( _n( '%s file', '%s files', $num_files, 'woocommerce-checkout-manager' ), number_format_i18n( $num_files ) );
425
+ else
426
+ $info = '-';
427
+ } else {
428
+ $info = '-';
429
+ }
430
+ } else {
431
+ $info = '-';
432
+ }
433
+
434
  $btn['label'] = ( !empty( $btn['force_title2'] ) ? $btn['force_title2'] : $btn['label'] );
435
  echo '
436
  <tr>
437
  <th>'.wooccm_wpml_string( trim( $btn['label'] ) ).':</th>
438
+ <td>'.$info.'</td>
439
  </tr>';
440
  }
441
  }
513
  </td>
514
  </tr>';
515
  } elseif( $btn['type'] == 'wooccmupload' ) {
516
+ $info = get_post_meta( $order_id, $btn['cow'], true );
517
+ if( !empty( $info ) ) {
518
+ // Check for delimiter
519
+ if( strstr( $info, '||' ) !== false )
520
+ $info = explode( '||', $info );
521
+ else if( strstr( $info, ',' ) !== false )
522
+ $info = explode( ',', $info );
523
+ else if( is_numeric( $info ) )
524
+ $info = array( $info );
525
+ if( is_array( $info ) ) {
526
+ $num_files = count( $info );
527
+ if( !empty( $num_files ) )
528
+ $info = sprintf( _n( '%s file', '%s files', $num_files, 'woocommerce-checkout-manager' ), number_format_i18n( $num_files ) );
529
+ else
530
+ $info = '-';
531
+ } else {
532
+ $info = '-';
533
+ }
534
+ } else {
535
+ $info = '-';
536
+ }
537
+
538
  $btn['label'] = ( !empty( $btn['force_title2'] ) ? $btn['force_title2'] : $btn['label'] );
539
  echo '
540
  <tr>
541
+ <th>2'.wooccm_wpml_string( trim( $btn['label'] ) ).':</th>
542
+ <td data-title="' . wooccm_wpml_string( trim( $btn['label'] ) ) . '">'.$info.'</td>
543
  </tr>';
544
  }
545
 
614
  echo '
615
  </dd>';
616
  } elseif( $btn['type'] == 'wooccmupload' ) {
617
+ $info = get_post_meta( $order_id , sprintf( '_%s_%s', $name, $btn['cow'] ), true );
618
+ if( !empty( $info ) ) {
619
+ // Check for delimiter
620
+ if( strstr( $info, '||' ) !== false )
621
+ $info = explode( '||', $info );
622
+ else if( strstr( $info, ',' ) !== false )
623
+ $info = explode( ',', $info );
624
+ else if( is_numeric( $info ) )
625
+ $info = array( $info );
626
+ if( is_array( $info ) ) {
627
+ $num_files = count( $info );
628
+ if( !empty( $num_files ) )
629
+ $info = sprintf( _n( '%s file', '%s files', $num_files, 'woocommerce-checkout-manager' ), number_format_i18n( $num_files ) );
630
+ else
631
+ $info = '-';
632
+ } else {
633
+ $info = '-';
634
+ }
635
+ } else {
636
+ $info = '-';
637
+ }
638
+
639
  $btn['label'] = ( !empty( $btn['force_title2'] ) ? $btn['force_title2'] : $btn['label'] );
640
  echo '
641
  <dt>'.wooccm_wpml_string( trim( $btn['label'] ) ).':</dt>
642
+ <dd>'.$info.'</dd>';
643
  }
644
  }
645
 
706
  echo '
707
  </dd>';
708
  } elseif( $btn['type'] == 'wooccmupload' ) {
709
+ $info = get_post_meta( $order_id , $btn['cow'], true );
710
+ if( !empty( $info ) ) {
711
+ // Check for delimiter
712
+ if( strstr( $info, '||' ) !== false )
713
+ $info = explode( '||', $info );
714
+ else if( strstr( $info, ',' ) !== false )
715
+ $info = explode( ',', $info );
716
+ else if( is_numeric( $info ) )
717
+ $info = array( $info );
718
+ if( is_array( $info ) ) {
719
+ $num_files = count( $info );
720
+ if( !empty( $num_files ) )
721
+ $info = sprintf( _n( '%s file', '%s files', $num_files, 'woocommerce-checkout-manager' ), number_format_i18n( $num_files ) );
722
+ else
723
+ $info = '-';
724
+ } else {
725
+ $info = '-';
726
+ }
727
+ } else {
728
+ $info = '-';
729
+ }
730
+
731
  $btn['label'] = ( !empty( $btn['force_title2'] ) ? $btn['force_title2'] : $btn['label'] );
732
  echo '
733
  <dt>'.wooccm_wpml_string( trim( $btn['label'] ) ).':</dt>
734
+ <dd>'.$info.'</dd>';
735
  }
736
 
737
  }
includes/templates/admin/woocheckout-general-uploads.php CHANGED
@@ -22,11 +22,13 @@
22
  <h3 class="heading checkbox">
23
  <div class="option">
24
  <label>
25
- <input type="checkbox" name="wccs_settings[checkness][cat_file_upload]" value="true"<?php checked( !empty( $options['checkness']['cat_file_upload'] ), true ); ?> /><span></span>
26
  <div class="info-of">
27
 
28
  <?php _e('Categorize Uploaded Files', 'woocommerce-checkout-manager'); ?> | <span style="cursor: pointer;" class="show_hide2"><a>read more</a></span>
29
  <span style="display:none;" class="slidingDiv2">
 
 
30
  <br /><br />
31
  <?php _e('Changes uploaded files location folder from', 'woocommerce-checkout-manager'); ?> <br />
32
  <strong><?php echo $upload_dir['url']; ?>/</strong> <br />
22
  <h3 class="heading checkbox">
23
  <div class="option">
24
  <label>
25
+ <input type="checkbox" name="wccs_settings[checkness][cat_file_upload]" value="true" disabled="disabled" /><span></span>
26
  <div class="info-of">
27
 
28
  <?php _e('Categorize Uploaded Files', 'woocommerce-checkout-manager'); ?> | <span style="cursor: pointer;" class="show_hide2"><a>read more</a></span>
29
  <span style="display:none;" class="slidingDiv2">
30
+ <br /><br />
31
+ This feature has been emporarily removed, it will be re-introduced in a minor Plugin update.
32
  <br /><br />
33
  <?php _e('Changes uploaded files location folder from', 'woocommerce-checkout-manager'); ?> <br />
34
  <strong><?php echo $upload_dir['url']; ?>/</strong> <br />
includes/templates/functions/add_wooccmupload.php CHANGED
@@ -13,8 +13,6 @@ function wooccm_upload_scripts() {
13
  $options = get_option( 'wccs_settings' );
14
  $buttons = ( isset( $options['buttons'] ) ? $options['buttons'] : false );
15
 
16
- $length = ( empty( $options['checkness']['file_upload_number'] ) ) ? 'this.files.length' : $options['checkness']['file_upload_number'];
17
-
18
  // Check if we have any buttons
19
  if( empty( $buttons ) )
20
  return;
@@ -136,65 +134,51 @@ jQuery(document).ready(function($){
136
  var count = $("#<?php echo $btn['cow']; ?>_files_button_wccm").data("count") || 0;
137
  $("#<?php echo $btn['cow']; ?>_files_button_wccm").data("count", ++count);
138
 
139
- var img, reader, file, iname, len = <?php echo $length; ?>;
140
- var file_array = <?php echo wooccm_js_array($file_types); ?>;
141
- /* @mod - check this is correct */
142
- var wooempt = '<?php echo implode( ',', $file_types ); ?>';
143
 
144
  for ( i = 0; i < len; i++ ) {
145
 
146
  file = this.files[i];
147
 
148
- for(x=0; x < <?php echo $number_of_types; ?>; x++){
149
- if( !wooempt || file.type.match(file_array[x]) ) {
150
-
151
- if ( window.FileReader ) {
152
- reader = new FileReader();
153
- reader.onload = (function(theFile){
154
- var fileName = theFile.name,
155
- filetype = theFile.type;
156
- return function(e){
157
- showUploadedItem( e.target.result, fileName, filetype );
158
- };
159
- })(file);
160
- reader.readAsDataURL(file);
161
- }
162
 
163
- formdata.append("<?php echo $btn['cow']; ?>", file);
164
- formnames.push(file.name);
165
- loadfiles.push(file);
166
-
167
- $.ajax({
168
- url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_endupload&name='.$btn['cow'].''); ?>",
169
- type: "POST",
170
- data: formdata,
171
- cache: false,
172
- processData: false,
173
- contentType: false,
174
- success: function (res) {
175
- /* console.dir(res); */
176
- var result = $.parseJSON(res), new_val;
177
- /* @mod - Test formatting change */
178
- /*
179
- document.getElementById("<?php echo $btn['cow']; ?>").value = result;
180
- */
181
- new_val = document.getElementById("<?php echo $btn['cow']; ?>").value;
182
- new_val += result + ",";
183
- document.getElementById("<?php echo $btn['cow']; ?>").value = new_val;
184
  /*
185
- new_val[0] = result[0];
186
- new_val[1] += result[1] + ",";
187
- document.getElementById("<?php echo $btn['cow']; ?>").value = new_val[0] + "||" + new_val[1];
 
 
 
188
  */
189
 
190
- $("#<?php echo $btn['cow']; ?>_field").unblock();
191
- }
192
- });
193
-
194
- } else {
195
  $("#<?php echo $btn['cow']; ?>_field").unblock();
196
  }
197
- }
198
 
199
  }
200
 
@@ -219,7 +203,7 @@ jQuery(document).ready(function($){
219
  }
220
 
221
  if( store.length !== 0 ){
222
- listing = document.getElementById("<?php echo $btn['cow']; ?>").value.split("||");
223
  listing = listing[1].split(",");
224
  listing = listing.filter(Number);
225
 
@@ -230,7 +214,6 @@ jQuery(document).ready(function($){
230
 
231
  $(".wooccm_each_file").each(function(){
232
  if( this.title === title) {
233
-
234
  var currentgutz = this;
235
  this.firstElementChild.href = wooxtro;
236
  this.firstElementChild.firstElementChild.src = wooxtro;
@@ -266,10 +249,9 @@ jQuery(document).ready(function($){
266
  var remove = this.getAttribute("wooccm-attach-id");
267
 
268
  $.ajax({
269
- url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_enduploadsave&name='.$btn['cow'].'&remove='); ?>" + remove,
270
  type: "POST",
271
  data: formdata,
272
- cache: false,
273
  processData: false,
274
  contentType: false,
275
  success: function (res) {
@@ -279,10 +261,9 @@ jQuery(document).ready(function($){
279
  return value.replace(remove, result);
280
  });
281
  $("#caman_content #wooccmtoolbar").unblock();
282
- alert("<?php echo wooccm_wpml_string($options['checkness']['picture_success']); ?>");
283
  }
284
  });
285
-
286
  }
287
  });
288
 
@@ -303,7 +284,7 @@ jQuery(document).ready(function($){
303
  }
304
 
305
  if( store.length !== 0 ){
306
- listing = document.getElementById("<?php echo $btn['cow']; ?>").value.split("||");
307
  listing = listing[1].split(",");
308
  listing = listing.filter(Number);
309
 
@@ -323,10 +304,9 @@ jQuery(document).ready(function($){
323
  }
324
 
325
  $.ajax({
326
- url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_enduploadsave&remove='); ?>" + remove,
327
  type: "POST",
328
  data: formdata,
329
- cache: false,
330
  processData: false,
331
  contentType: false,
332
  success: function (res) {
13
  $options = get_option( 'wccs_settings' );
14
  $buttons = ( isset( $options['buttons'] ) ? $options['buttons'] : false );
15
 
 
 
16
  // Check if we have any buttons
17
  if( empty( $buttons ) )
18
  return;
134
  var count = $("#<?php echo $btn['cow']; ?>_files_button_wccm").data("count") || 0;
135
  $("#<?php echo $btn['cow']; ?>_files_button_wccm").data("count", ++count);
136
 
137
+ var img, reader, file, iname, len = this.files.length;
 
 
 
138
 
139
  for ( i = 0; i < len; i++ ) {
140
 
141
  file = this.files[i];
142
 
143
+ if ( window.FileReader ) {
144
+ reader = new FileReader();
145
+ reader.onload = (function(theFile){
146
+ var fileName = theFile.name,
147
+ filetype = theFile.type;
148
+ return function(e){
149
+ showUploadedItem( e.target.result, fileName, filetype );
150
+ };
151
+ })(file);
152
+ reader.readAsDataURL(file);
153
+ }
 
 
 
154
 
155
+ formdata.append("<?php echo $btn['cow']; ?>[]", file);
156
+ formdata.append('nonce', ajaxnonce);
157
+ formnames.push(file.name);
158
+ loadfiles.push(file);
159
+
160
+ $.ajax({
161
+ url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_end_upload&name='.$btn['cow'].''); ?>",
162
+ type: "POST",
163
+ data: formdata,
164
+ processData: false,
165
+ contentType: false,
166
+ success: function (res) {
167
+ var result = $.parseJSON(res), new_val;
168
+ document.getElementById("<?php echo $btn['cow']; ?>").value = result;
169
+ /* @mod - Test formatting change */
 
 
 
 
 
 
170
  /*
171
+ new_val = document.getElementById("<?php echo $btn['cow']; ?>").value;
172
+ new_val += result + ",";
173
+ document.getElementById("<?php echo $btn['cow']; ?>").value = new_val;
174
+ new_val[0] = result[0];
175
+ new_val[1] += result[1] + ",";
176
+ document.getElementById("<?php echo $btn['cow']; ?>").value = new_val[0] + "," + new_val[1];
177
  */
178
 
 
 
 
 
 
179
  $("#<?php echo $btn['cow']; ?>_field").unblock();
180
  }
181
+ });
182
 
183
  }
184
 
203
  }
204
 
205
  if( store.length !== 0 ){
206
+ listing = document.getElementById("<?php echo $btn['cow']; ?>").value.split(",");
207
  listing = listing[1].split(",");
208
  listing = listing.filter(Number);
209
 
214
 
215
  $(".wooccm_each_file").each(function(){
216
  if( this.title === title) {
 
217
  var currentgutz = this;
218
  this.firstElementChild.href = wooxtro;
219
  this.firstElementChild.firstElementChild.src = wooxtro;
249
  var remove = this.getAttribute("wooccm-attach-id");
250
 
251
  $.ajax({
252
+ url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_end_upload_save&name='.$btn['cow'].'&remove='); ?>" + remove,
253
  type: "POST",
254
  data: formdata,
 
255
  processData: false,
256
  contentType: false,
257
  success: function (res) {
261
  return value.replace(remove, result);
262
  });
263
  $("#caman_content #wooccmtoolbar").unblock();
264
+ alert("<?php echo ( !empty( $options['checkness']['picture_success'] ) ? wooccm_wpml_string( $options['checkness']['picture_success'] ) : 'Picture Saved' ); ?>");
265
  }
266
  });
 
267
  }
268
  });
269
 
284
  }
285
 
286
  if( store.length !== 0 ){
287
+ listing = document.getElementById("<?php echo $btn['cow']; ?>").value.split(",");
288
  listing = listing[1].split(",");
289
  listing = listing.filter(Number);
290
 
304
  }
305
 
306
  $.ajax({
307
+ url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_end_upload_save&remove='); ?>" + remove,
308
  type: "POST",
309
  data: formdata,
 
310
  processData: false,
311
  contentType: false,
312
  success: function (res) {
includes/templates/functions/billing_wooccmupload.php CHANGED
@@ -149,11 +149,12 @@ jQuery(document).ready(function($){
149
  }
150
 
151
  formdata.append("billing_<?php echo $btn['cow']; ?>[]", file);
 
152
  formnames.push(file.name);
153
  loadfiles.push(file);
154
 
155
  $.ajax({
156
- url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_endupload&name=billing_'.$btn['cow'].''); ?>",
157
  type: "POST",
158
  data: formdata,
159
  processData: false,
@@ -163,10 +164,10 @@ jQuery(document).ready(function($){
163
  document.getElementById("billing_<?php echo $btn['cow']; ?>").value = result;
164
  /* @mod - Test formatting change */
165
  /*
166
- new_val = document.getElementById("billing_<?php echo $btn['cow']; ?>").value.split("||");
167
  new_val[0] = result[0];
168
  new_val[1] += result[1] + ",";
169
- document.getElementById("billing_<?php echo $btn['cow']; ?>").value = new_val[0] + "||" + new_val[1];
170
  */
171
 
172
  $("#billing_<?php echo $btn['cow']; ?>_field").unblock();
@@ -196,7 +197,7 @@ jQuery(document).ready(function($){
196
  }
197
 
198
  if( store.length !== 0 ){
199
- listing = document.getElementById("billing_<?php echo $btn['cow']; ?>").value.split("||");
200
  listing = listing[1].split(",");
201
  listing = listing.filter(Number);
202
 
@@ -207,7 +208,6 @@ jQuery(document).ready(function($){
207
 
208
  $(".wooccm_each_file").each(function(){
209
  if( this.title === title) {
210
-
211
  var currentgutz = this;
212
  this.firstElementChild.href = wooxtro;
213
  this.firstElementChild.firstElementChild.src = wooxtro;
@@ -243,7 +243,7 @@ jQuery(document).ready(function($){
243
  var remove = this.getAttribute("wooccm-attach-id");
244
 
245
  $.ajax({
246
- url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_enduploadsave&name=billing_'.$btn['cow'].'&remove='); ?>" + remove,
247
  type: "POST",
248
  data: formdata,
249
  processData: false,
@@ -258,7 +258,6 @@ jQuery(document).ready(function($){
258
  alert("billing_<?php echo ( !empty( $options['checkness']['picture_success'] ) ? $options['checkness']['picture_success'] : 'Picture Saved' ); ?>");
259
  }
260
  });
261
-
262
  }
263
  });
264
 
@@ -279,7 +278,7 @@ jQuery(document).ready(function($){
279
  }
280
 
281
  if( store.length !== 0 ){
282
- listing = document.getElementById("billing_<?php echo $btn['cow']; ?>").value.split("||");
283
  listing = listing[1].split(",");
284
  listing = listing.filter(Number);
285
 
@@ -299,7 +298,7 @@ jQuery(document).ready(function($){
299
  }
300
 
301
  $.ajax({
302
- url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_enduploadsave&remove='); ?>" + remove,
303
  type: "POST",
304
  data: formdata,
305
  processData: false,
149
  }
150
 
151
  formdata.append("billing_<?php echo $btn['cow']; ?>[]", file);
152
+ formdata.append('nonce', ajaxnonce);
153
  formnames.push(file.name);
154
  loadfiles.push(file);
155
 
156
  $.ajax({
157
+ url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_end_upload&name=billing_'.$btn['cow'].''); ?>",
158
  type: "POST",
159
  data: formdata,
160
  processData: false,
164
  document.getElementById("billing_<?php echo $btn['cow']; ?>").value = result;
165
  /* @mod - Test formatting change */
166
  /*
167
+ new_val = document.getElementById("billing_<?php echo $btn['cow']; ?>").value.split(",");
168
  new_val[0] = result[0];
169
  new_val[1] += result[1] + ",";
170
+ document.getElementById("billing_<?php echo $btn['cow']; ?>").value = new_val[0] + "," + new_val[1];
171
  */
172
 
173
  $("#billing_<?php echo $btn['cow']; ?>_field").unblock();
197
  }
198
 
199
  if( store.length !== 0 ){
200
+ listing = document.getElementById("billing_<?php echo $btn['cow']; ?>").value.split(",");
201
  listing = listing[1].split(",");
202
  listing = listing.filter(Number);
203
 
208
 
209
  $(".wooccm_each_file").each(function(){
210
  if( this.title === title) {
 
211
  var currentgutz = this;
212
  this.firstElementChild.href = wooxtro;
213
  this.firstElementChild.firstElementChild.src = wooxtro;
243
  var remove = this.getAttribute("wooccm-attach-id");
244
 
245
  $.ajax({
246
+ url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_end_upload_save&name=billing_'.$btn['cow'].'&remove='); ?>" + remove,
247
  type: "POST",
248
  data: formdata,
249
  processData: false,
258
  alert("billing_<?php echo ( !empty( $options['checkness']['picture_success'] ) ? $options['checkness']['picture_success'] : 'Picture Saved' ); ?>");
259
  }
260
  });
 
261
  }
262
  });
263
 
278
  }
279
 
280
  if( store.length !== 0 ){
281
+ listing = document.getElementById("billing_<?php echo $btn['cow']; ?>").value.split(",");
282
  listing = listing[1].split(",");
283
  listing = listing.filter(Number);
284
 
298
  }
299
 
300
  $.ajax({
301
+ url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_end_upload_save&remove='); ?>" + remove,
302
  type: "POST",
303
  data: formdata,
304
  processData: false,
includes/templates/functions/shipping_wooccmupload.php CHANGED
@@ -154,11 +154,12 @@ jQuery(document).ready(function($){
154
  }
155
 
156
  formdata.append("shipping_<?php echo $btn['cow']; ?>[]", file);
 
157
  formnames.push(file.name);
158
  loadfiles.push(file);
159
 
160
  $.ajax({
161
- url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_endupload&name=shipping_'.$btn['cow'].''); ?>",
162
  type: "POST",
163
  data: formdata,
164
  processData: false,
@@ -168,10 +169,10 @@ jQuery(document).ready(function($){
168
  document.getElementById("shipping_<?php echo $btn['cow']; ?>").value = result;
169
  /* @mod - Test formatting change */
170
  /*
171
- new_val = document.getElementById("shipping_<?php echo $btn['cow']; ?>").value.split("||");
172
  new_val[0] = result[0];
173
  new_val[1] += result[1] + ",";
174
- document.getElementById("shipping_<?php echo $btn['cow']; ?>").value = new_val[0] + "||" + new_val[1];
175
  */
176
 
177
  $("#shipping_<?php echo $btn['cow']; ?>_field").unblock();
@@ -197,11 +198,11 @@ jQuery(document).ready(function($){
197
  if( count[t].getAttribute("wooccm-attach-id") ){
198
  break;
199
  }
200
- store.push(count[t]);
201
  }
202
 
203
  if( store.length !== 0 ){
204
- listing = document.getElementById("shipping_<?php echo $btn['cow']; ?>").value.split("||");
205
  listing = listing[1].split(",");
206
  listing = listing.filter(Number);
207
 
@@ -247,7 +248,7 @@ jQuery(document).ready(function($){
247
  var remove = this.getAttribute("wooccm-attach-id");
248
 
249
  $.ajax({
250
- url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_enduploadsave&name='.$btn['cow'].'&remove='); ?>" + remove,
251
  type: "POST",
252
  data: formdata,
253
  processData: false,
@@ -259,7 +260,7 @@ jQuery(document).ready(function($){
259
  return value.replace(remove, result);
260
  });
261
  $("#caman_content #wooccmtoolbar").unblock();
262
- alert("<?php echo ( !empty( $options['checkness']['picture_success'] ) ? $options['checkness']['picture_success'] : 'Picture Saved' ); ?>");
263
  }
264
  });
265
  }
@@ -278,11 +279,11 @@ jQuery(document).ready(function($){
278
  if( count[t].getAttribute("wooccm-attach-id") ){
279
  break;
280
  }
281
- store.push(count[t]);
282
  }
283
 
284
  if( store.length !== 0 ){
285
- listing = document.getElementById("shipping_<?php echo $btn['cow']; ?>").value.split("||");
286
  listing = listing[1].split(",");
287
  listing = listing.filter(Number);
288
 
@@ -293,6 +294,7 @@ jQuery(document).ready(function($){
293
 
294
  var currentname = this.title, wooccmeachfile = document.getElementsByClassName("wooccm_each_file"), remove, shell;
295
  formdata = new FormData();
 
296
 
297
  for( i = 0; i < wooccmeachfile.length; i++ ){
298
  if(wooccmeachfile[i].title === currentname){
@@ -302,7 +304,7 @@ jQuery(document).ready(function($){
302
  }
303
 
304
  $.ajax({
305
- url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_enduploadsave&remove='); ?>" + remove,
306
  type: "POST",
307
  data: formdata,
308
  processData: false,
154
  }
155
 
156
  formdata.append("shipping_<?php echo $btn['cow']; ?>[]", file);
157
+ formdata.append('nonce', ajaxnonce);
158
  formnames.push(file.name);
159
  loadfiles.push(file);
160
 
161
  $.ajax({
162
+ url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_end_upload&name=shipping_'.$btn['cow'].''); ?>",
163
  type: "POST",
164
  data: formdata,
165
  processData: false,
169
  document.getElementById("shipping_<?php echo $btn['cow']; ?>").value = result;
170
  /* @mod - Test formatting change */
171
  /*
172
+ new_val = document.getElementById("shipping_<?php echo $btn['cow']; ?>").value.split(",");
173
  new_val[0] = result[0];
174
  new_val[1] += result[1] + ",";
175
+ document.getElementById("shipping_<?php echo $btn['cow']; ?>").value = new_val[0] + "," + new_val[1];
176
  */
177
 
178
  $("#shipping_<?php echo $btn['cow']; ?>_field").unblock();
198
  if( count[t].getAttribute("wooccm-attach-id") ){
199
  break;
200
  }
201
+ store.push(count[t]);
202
  }
203
 
204
  if( store.length !== 0 ){
205
+ listing = document.getElementById("shipping_<?php echo $btn['cow']; ?>").value.split(",");
206
  listing = listing[1].split(",");
207
  listing = listing.filter(Number);
208
 
248
  var remove = this.getAttribute("wooccm-attach-id");
249
 
250
  $.ajax({
251
+ url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_end_upload_save&name='.$btn['cow'].'&remove='); ?>" + remove,
252
  type: "POST",
253
  data: formdata,
254
  processData: false,
260
  return value.replace(remove, result);
261
  });
262
  $("#caman_content #wooccmtoolbar").unblock();
263
+ alert("<?php echo ( !empty( $options['checkness']['picture_success'] ) ? wooccm_wpml_string( $options['checkness']['picture_success'] ) : 'Picture Saved' ); ?>");
264
  }
265
  });
266
  }
279
  if( count[t].getAttribute("wooccm-attach-id") ){
280
  break;
281
  }
282
+ store.push(count[t]);
283
  }
284
 
285
  if( store.length !== 0 ){
286
+ listing = document.getElementById("shipping_<?php echo $btn['cow']; ?>").value.split(",");
287
  listing = listing[1].split(",");
288
  listing = listing.filter(Number);
289
 
294
 
295
  var currentname = this.title, wooccmeachfile = document.getElementsByClassName("wooccm_each_file"), remove, shell;
296
  formdata = new FormData();
297
+ formdata.append('nonce', ajaxnonce);
298
 
299
  for( i = 0; i < wooccmeachfile.length; i++ ){
300
  if(wooccmeachfile[i].title === currentname){
304
  }
305
 
306
  $.ajax({
307
+ url: "<?php echo admin_url('/admin-ajax.php?action=wooccm_front_end_upload_save&remove='); ?>" + remove,
308
  type: "POST",
309
  data: formdata,
310
  processData: false,
readme.txt CHANGED
@@ -5,7 +5,7 @@ Donate link: https://www.visser.com.au/donations/
5
  Tags: woocommerce, field manager, checkout editor, checkout field, shipping field, billing field, order field, additional field
6
  Requires at least: 3.0
7
  Tested up to: 5.1.1
8
- Stable tag: 4.2.6
9
  License: GPLv2 or later
10
 
11
  Manages WooCommerce Checkout, the advanced way.
@@ -135,6 +135,13 @@ Example:
135
 
136
  == Changelog ==
137
 
 
 
 
 
 
 
 
138
  = 4.2.6 =
139
  * Fixed: PHP 7.3 warning for incorrect use of continue (thanks @ceyar)
140
  * Changed: Adjusted some Admin styling to the WordPress Admin default
@@ -509,5 +516,8 @@ Initial
509
 
510
  == Upgrade Notice ==
511
 
 
 
 
512
  = 2.0.1 =
513
  The 2.0.1 Plugin update marks a change of ownership of WooCommerce Checkout Manager from Emark to visser who will be responsible for resolving critical issues and ensuring the Plugin meets WordPress security and coding standards in the form of regular Plugin updates.
5
  Tags: woocommerce, field manager, checkout editor, checkout field, shipping field, billing field, order field, additional field
6
  Requires at least: 3.0
7
  Tested up to: 5.1.1
8
+ Stable tag: 4.3
9
  License: GPLv2 or later
10
 
11
  Manages WooCommerce Checkout, the advanced way.
135
 
136
  == Changelog ==
137
 
138
+ = 4.3 =
139
+ * Fixed: Security issue where Categorize Uploaded Files is selected
140
+ * Changed: Disabled Categorize Uploaded Files feature
141
+ * Added: Plugin Upgrade notice for this release
142
+ * Fixed: File picker not working for Additional Checkout section
143
+ * Added: Nonce support for file picker fields
144
+
145
  = 4.2.6 =
146
  * Fixed: PHP 7.3 warning for incorrect use of continue (thanks @ceyar)
147
  * Changed: Adjusted some Admin styling to the WordPress Admin default
516
 
517
  == Upgrade Notice ==
518
 
519
+ = 4.3 =
520
+ The 4.3 Plugin update addresses an arbitrary file upload vulnerability.
521
+
522
  = 2.0.1 =
523
  The 2.0.1 Plugin update marks a change of ownership of WooCommerce Checkout Manager from Emark to visser who will be responsible for resolving critical issues and ensuring the Plugin meets WordPress security and coding standards in the form of regular Plugin updates.
woocommerce-checkout-manager.php CHANGED
@@ -3,7 +3,7 @@
3
  Plugin Name: WooCommerce Checkout Manager
4
  Plugin URI: https://wordpress.org/plugins/woocommerce-checkout-manager/
5
  Description: Manages WooCommerce Checkout, the advanced way.
6
- Version: 4.2.6
7
  Author: Visser Labs
8
  Author URI: http://www.visser.com.au
9
  Contributors: visser, Emark
3
  Plugin Name: WooCommerce Checkout Manager
4
  Plugin URI: https://wordpress.org/plugins/woocommerce-checkout-manager/
5
  Description: Manages WooCommerce Checkout, the advanced way.
6
+ Version: 4.3
7
  Author: Visser Labs
8
  Author URI: http://www.visser.com.au
9
  Contributors: visser, Emark