WP eCommerce - Version 3.8.14.4

Version Description

Fix: Security fixes. Closed out several exploitable attack vectors against admin hooks, hardened type casting. Props to Sucuri and Ryan Satterfield for responsible disclosure.
Fix: Resolve free shipping issue. Don't require shipping method to be selected if free shipping is available.
Fix: Ensure shipping is always properly calculated when using table rate and it is the only available rate.

Release Info

Developer	JustinSainton
Plugin	WP eCommerce
Version	3.8.14.4
Comparing to
See all releases

Code changes from version 3.8.14.3 to 3.8.14.4

Files changed (22) hide show

readme.txt +7 -1
wp-shopping-cart.php +1 -1
wpsc-admin/admin.php +12 -1
wpsc-admin/ajax-and-init.php +20 -0
wpsc-admin/includes/purchase-log-list-table-class.php +19 -10
wpsc-admin/includes/save-data.functions.php +31 -22
wpsc-admin/init.php +64 -7
wpsc-components/marketplace-core-v1/library/Sputnik/API.php +1 -1
wpsc-components/marketplace-core-v1/library/Sputnik/Admin.php +10 -0
wpsc-components/theme-engine-v1/helpers/ajax.php +13 -4
wpsc-components/theme-engine-v1/helpers/page.php +5 -0
wpsc-components/theme-engine-v1/helpers/product.php +3 -2
wpsc-core/wpsc-constants.php +3 -3
wpsc-core/wpsc-deprecated.php +11 -1
wpsc-core/wpsc-functions.php +4 -0
wpsc-includes/cart.class.php +29 -1
wpsc-includes/coupons.class.php +8 -6
wpsc-includes/form-display.functions.php +8 -2
wpsc-includes/misc.functions.php +5 -0
wpsc-includes/purchase-log.class.php +4 -4
wpsc-includes/purchaselogs.class.php +24 -7
wpsc-includes/theming.class.php +17 -5

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: http://getshopped.org
4	Tags: e-commerce, wp-e-commerce, shop, cart, paypal, authorize, stock control, ecommerce, shipping, tax
5	Requires at least: 3.8
6	Tested up to: 4.0
7	- Stable tag: 3.8.14.3
8
9	WP eCommerce is a free, powerful plugin that empowers you to sell anything online, quickly and easily.
10
	@@ -36,6 +36,12 @@ After upgrading from earlier versions look for link "Update Store". This will up
36
37	== Changelog ==
38






39	= 3.8.14.3 =
40
41	* Fix: Added WordPress 4.0 compatibility.


4	Tags: e-commerce, wp-e-commerce, shop, cart, paypal, authorize, stock control, ecommerce, shipping, tax
5	Requires at least: 3.8
6	Tested up to: 4.0
7	+ Stable tag: 3.8.14.4
8
9	WP eCommerce is a free, powerful plugin that empowers you to sell anything online, quickly and easily.
10

36
37	== Changelog ==
38
39	+ = 3.8.14.4 =
40	+
41	+ * Fix: Security fixes. Closed out several exploitable attack vectors against admin hooks, hardened type casting. Props to Sucuri and Ryan Satterfield for responsible disclosure.
42	+ * Fix: Resolve free shipping issue. Don't require shipping method to be selected if free shipping is available.
43	+ * Fix: Ensure shipping is always properly calculated when using table rate and it is the only available rate.
44	+
45	= 3.8.14.3 =
46
47	* Fix: Added WordPress 4.0 compatibility.

wp-shopping-cart.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: WP e-Commerce
4	* Plugin URI: http://getshopped.org/
5	* Description: A plugin that provides a WordPress Shopping Cart. See also: <a href="http://getshopped.org" target="_blank">GetShopped.org</a> \| <a href="https://wordpress.org/support/plugin/wp-e-commerce/" target="_blank">Support Forum</a> \| <a href="http://docs.getshopped.org/" target="_blank">Documentation</a>
6	- * Version: 3.8.14.3
7	* Author: Instinct Entertainment
8	* Author URI: http://getshopped.org/
9	**/


3	* Plugin Name: WP e-Commerce
4	* Plugin URI: http://getshopped.org/
5	* Description: A plugin that provides a WordPress Shopping Cart. See also: <a href="http://getshopped.org" target="_blank">GetShopped.org</a> \| <a href="https://wordpress.org/support/plugin/wp-e-commerce/" target="_blank">Support Forum</a> \| <a href="http://docs.getshopped.org/" target="_blank">Documentation</a>
6	+ * Version: 3.8.14.4
7	* Author: Instinct Entertainment
8	* Author URI: http://getshopped.org/
9	**/

wpsc-admin/admin.php CHANGED Viewed

	@@ -1431,8 +1431,9 @@ function wpsc_duplicate_children( $old_parent_id, $new_parent_id ) {
1431	'order' => 'ASC',
1432	) );
1433
1434	- foreach ( $child_posts as $child_post )
1435	wpsc_duplicate_product_process( $child_post, $new_parent_id );

1436
1437	}
1438
	@@ -1557,3 +1558,13 @@ function _wpsc_notify_google_checkout_deprecation() {
1557	if ( in_array( 'google', get_option( 'custom_gateway_options', array() ) ) ) {
1558	add_action( 'admin_notices', '_wpsc_notify_google_checkout_deprecation' );
1559	}


1431	'order' => 'ASC',
1432	) );
1433
1434	+ foreach ( $child_posts as $child_post ) {
1435	wpsc_duplicate_product_process( $child_post, $new_parent_id );
1436	+ }
1437
1438	}
1439

1558	if ( in_array( 'google', get_option( 'custom_gateway_options', array() ) ) ) {
1559	add_action( 'admin_notices', '_wpsc_notify_google_checkout_deprecation' );
1560	}
1561	+
1562	+ /**
1563	+ * Determines whether or not a current user has the capability to do administrative actions in the store.
1564	+ *
1565	+ * @since 3.8.14.4
1566	+ * @return bool Whether or not current user can administrate the store
1567	+ */
1568	+ function wpsc_is_store_admin() {
1569	+ return current_user_can( apply_filters( 'wpsc_store_admin_capability', 'manage_options' ) );
1570	+ }

wpsc-admin/ajax-and-init.php CHANGED Viewed

	@@ -18,6 +18,11 @@
18	* @uses wpsc_find_purchlog_status_name() Finds name of given status
19	*/
20	function wpsc_admin_ajax() {





21	global $wpdb;
22
23	if ( isset( $_POST['action'] ) && $_POST['action'] == 'product-page-order' ) {
	@@ -94,6 +99,11 @@ if ( isset( $_REQUEST['ajax'] ) && isset( $_REQUEST['admin'] ) && ($_REQUEST['aj
94	* @uses $wpdb WordPress database object for queries
95	*/
96	function wpsc_change_currency() {





97	if ( is_numeric( $_POST['currencyid'] ) ) {
98	$currency_data = $wpdb->get_results( $wpdb->prepare( "SELECT `symbol`,`symbol_html`,`code` FROM `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `id`=%d LIMIT 1", $_POST['currencyid'] ), ARRAY_A );
99	$price_out = null;
	@@ -113,6 +123,11 @@ if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action']
113	* @uses $wpdb WordPress database object for queries
114	*/
115	function wpsc_rearrange_images() {





116	global $wpdb;
117	$images = explode( ",", $_POST['order'] );
118	$product_id = absint( $_POST['product_id'] );
	@@ -155,6 +170,11 @@ if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action']
155	* @uses wp_redirect() Redirects to string given as argument
156	*/
157	function wpsc_clean_categories() {





158	global $wpdb, $wp_rewrite;
159	$sql_query = "SELECT `id`, `name`, `active` FROM `" . WPSC_TABLE_PRODUCT_CATEGORIES . "`";
160	$sql_data = $wpdb->get_results( $sql_query, ARRAY_A );


18	* @uses wpsc_find_purchlog_status_name() Finds name of given status
19	*/
20	function wpsc_admin_ajax() {
21	+
22	+ if ( ! wpsc_is_store_admin() ) {
23	+ return;
24	+ }
25	+
26	global $wpdb;
27
28	if ( isset( $_POST['action'] ) && $_POST['action'] == 'product-page-order' ) {

99	* @uses $wpdb WordPress database object for queries
100	*/
101	function wpsc_change_currency() {
102	+
103	+ if ( ! wpsc_is_store_admin() ) {
104	+ return;
105	+ }
106	+
107	if ( is_numeric( $_POST['currencyid'] ) ) {
108	$currency_data = $wpdb->get_results( $wpdb->prepare( "SELECT `symbol`,`symbol_html`,`code` FROM `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `id`=%d LIMIT 1", $_POST['currencyid'] ), ARRAY_A );
109	$price_out = null;

123	* @uses $wpdb WordPress database object for queries
124	*/
125	function wpsc_rearrange_images() {
126	+
127	+ if ( ! wpsc_is_store_admin() ) {
128	+ return;
129	+ }
130	+
131	global $wpdb;
132	$images = explode( ",", $_POST['order'] );
133	$product_id = absint( $_POST['product_id'] );

170	* @uses wp_redirect() Redirects to string given as argument
171	*/
172	function wpsc_clean_categories() {
173	+
174	+ if ( ! wpsc_is_store_admin() ) {
175	+ return;
176	+ }
177	+
178	global $wpdb, $wp_rewrite;
179	$sql_query = "SELECT `id`, `name`, `active` FROM `" . WPSC_TABLE_PRODUCT_CATEGORIES . "`";
180	$sql_data = $wpdb->get_results( $sql_query, ARRAY_A );

wpsc-admin/includes/purchase-log-list-table-class.php CHANGED Viewed

	@@ -78,20 +78,28 @@ class WPSC_Purchase_Log_List_Table extends WP_List_Table {
78	) AS item_count';
79
80	$search_terms = empty( $_REQUEST['s'] ) ? array() : explode( ' ', $_REQUEST['s'] );
81	- $search_sql = array();

82	foreach ( $checkout_fields as $field ) {
83	- $table_as = 's' . $i;
84	$select_as = str_replace('billing', '', $field->unique_name );
85	$selects[] = $table_as . '.value AS ' . $select_as;
86	- $joins[] = $wpdb->prepare( "LEFT OUTER JOIN " . WPSC_TABLE_SUBMITTED_FORM_DATA . " AS {$table_as} ON {$table_as}.log_id = p.id AND {$table_as}.form_id = %d", $field->id );
87
88	// build search term queries for first name, last name, email
89	foreach ( $search_terms as $term ) {
90	- $escaped_term = esc_sql( like_escape( $term ) );
91	- if ( ! array_key_exists( $term, $search_sql ) )
92	- $search_sql[$term] = array();
93
94	- $~~search_sql~~[~~$term~~][] ~~= $table_as~~ . ~~".value LIKE~~ '%" . ~~$escaped_term~~ ~~. "%'";~~










95	}
96
97	$i++;
	@@ -99,10 +107,10 @@ class WPSC_Purchase_Log_List_Table extends WP_List_Table {
99
100	// combine query phrases into a single query string
101	foreach ( $search_terms as $term ) {
102	- $search_sql[$term][] = "p.track_id = '" . esc_sql( $term ) . "'";
103	if ( is_numeric( $term ) )
104	- $search_sql[$term][] = 'p.id = ' . esc_sql( $term );
105	- $search_sql[$term] = '(' . implode( ' OR ', $search_sql[$term] ) . ')';
106	}
107	$search_sql = implode( ' AND ', array_values( $search_sql ) );
108
	@@ -159,6 +167,7 @@ class WPSC_Purchase_Log_List_Table extends WP_List_Table {
159	}
160
161	$total_where = apply_filters( 'wpsc_manage_purchase_logs_total_where', $this->where );

162	if ( $this->status == 'all' ) {
163	$total_where .= ' AND p.processed IN (2, 3, 4) ';
164	}


78	) AS item_count';
79
80	$search_terms = empty( $_REQUEST['s'] ) ? array() : explode( ' ', $_REQUEST['s'] );
81	+ $search_sql = array();
82	+
83	foreach ( $checkout_fields as $field ) {
84	+ $table_as = 's' . $i;
85	$select_as = str_replace('billing', '', $field->unique_name );
86	$selects[] = $table_as . '.value AS ' . $select_as;
87	+ $joins[] = $wpdb->prepare( "LEFT OUTER JOIN " . WPSC_TABLE_SUBMITTED_FORM_DATA . " AS {$table_as} ON {$table_as}.log_id = p.id AND {$table_as}.form_id = %d", $field->id );
88
89	// build search term queries for first name, last name, email
90	foreach ( $search_terms as $term ) {



91
92	+ if ( version_compare( $GLOBALS['wp_version'], '4.0', '>=' ) ) {
93	+ $escaped_term = esc_sql( like_escape( $term ) );
94	+ } else {
95	+ $escaped_term = esc_sql( $wpdb->esc_like( $term ) );
96	+ }
97	+
98	+ if ( ! array_key_exists( $term, $search_sql ) ) {
99	+ $search_sql[ $term ] = array();
100	+ }
101	+
102	+ $search_sql[ $term ][] = $table_as . ".value LIKE '%" . $escaped_term . "%'";
103	}
104
105	$i++;

107
108	// combine query phrases into a single query string
109	foreach ( $search_terms as $term ) {
110	+ $search_sql[ $term ][] = "p.track_id = '" . esc_sql( $term ) . "'";
111	if ( is_numeric( $term ) )
112	+ $search_sql[ $term ][] = 'p.id = ' . esc_sql( $term );
113	+ $search_sql[ $term ] = '(' . implode( ' OR ', $search_sql[ $term ] ) . ')';
114	}
115	$search_sql = implode( ' AND ', array_values( $search_sql ) );
116

167	}
168
169	$total_where = apply_filters( 'wpsc_manage_purchase_logs_total_where', $this->where );
170	+
171	if ( $this->status == 'all' ) {
172	$total_where .= ' AND p.processed IN (2, 3, 4) ';
173	}

wpsc-admin/includes/save-data.functions.php CHANGED Viewed

	@@ -12,14 +12,17 @@ function wpsc_ajax_set_variation_order(){
12	$parent_id = $_POST['parent_id'];
13
14	$result = true;
15	- foreach( $sort_order as $key~~=>$~~value ){
16	- ~~if ( empty( $value ) )~~

17	continue;

18
19	$value = preg_replace( '/[^0-9]/', '', $value );
20
21	- if( ! wpsc_update_meta( $value, 'sort_order', $key, 'wpsc_variation' ) )
22	$result = false;

23	}
24	}
25
	@@ -169,20 +172,23 @@ function wpsc_admin_category_forms_add() {
169	<fieldset class="wpsc-width-height-fields">
170	<legend class="screen-reader-text"><span><?php esc_html_e( 'Thumbnail Size', 'wpsc' ); ?></span></legend>
171	<label for="image_width"><?php esc_html_e( 'Width', 'wpsc' ); ?></label>
172	- <input name="image_width" type="number" step="1" min="0" id="image_width" value="<?php if ( isset( $category['image_width'] ) ) echo esc_attr( $category['image_width'] ); ?>" class="small-text">
173	<label for="large_size_h"><?php esc_html_e( 'Height', 'wpsc' ); ?></label>
174	- <input name="image_height" type="number" step="1" min="0" id="image_height" value="<?php if ( isset( $category['image_height'] ) ) echo esc_attr( $category['image_height'] ); ?>" class="small-text">
175	</fieldset>
176	</div>
177	<?php endif;?>
178
179	<!-- START OF TARGET MARKET SELECTION -->
180	<?php

181	$category_id = '';
182	- if ( isset( $_GET["tag_ID"] ) )
183	- $category_id = $_GET["tag_ID"];
184
185	- ~~$countrylist~~ = ~~WPSC_Countries::get_countries_array~~( ~~true,~~ ~~true~~ );




186	$selectedCountries = wpsc_get_meta( $category_id, 'target_market', 'wpsc_category' );
187	?>
188	<h4><?php esc_html_e( 'Restrict to Target Markets', 'wpsc' )?></h4>
	@@ -491,9 +497,9 @@ function wpsc_save_category_set( $category_id, $tt_id ) {
491	//Good to here
492	if ( isset( $_POST['tag_ID'] ) ) {
493	//Editing
494	- $category_id = $_POST['tag_ID'];
495	- $category = get_term_by( 'id', $category_id, 'wpsc_product_category' );
496	- $url_name = $category->slug;
497
498	}
499	if ( isset( $_POST['deleteimage'] ) && $_POST['deleteimage'] == 1 ) {
	@@ -505,9 +511,9 @@ function wpsc_save_category_set( $category_id, $tt_id ) {
505	if ( ! empty( $_POST['height'] ) && is_numeric( $_POST['height'] ) && ! empty( $_POST['width'] ) && is_numeric( $_POST['width'] ) && $image == null ) {
506	$imagedata = wpsc_get_categorymeta( $category_id, 'image' );
507	if ( $imagedata != null ) {
508	- $height = $_POST['height'];
509	- $width = $_POST['width'];
510	- $imagepath = WPSC_CATEGORY_DIR . $imagedata;
511	$image_output = WPSC_CATEGORY_DIR . $imagedata;
512	image_processing( $imagepath, $image_output, $width, $height );
513	}
	@@ -517,18 +523,20 @@ function wpsc_save_category_set( $category_id, $tt_id ) {
517	wpsc_update_categorymeta( $category_id, 'active', '1' );
518	wpsc_update_categorymeta( $category_id, 'order', '0' );
519
520	- if ( isset( $_POST['display_type'] ) )
521	wpsc_update_categorymeta( $category_id, 'display_type', esc_sql( stripslashes( $_POST['display_type'] ) ) );

522
523	- if ( isset( $_POST['image_height'] ) )
524	- wpsc_update_categorymeta( $category_id, 'image_height', ~~absint~~( $_POST['image_height'] ) );

525
526	- if ( isset( $_POST['image_width'] ) )
527	- wpsc_update_categorymeta( $category_id, 'image_width', ~~absint~~($_POST['image_width'] ) );

528
529	if ( ! empty( $_POST['use_additional_form_set'] ) ) {
530	wpsc_update_categorymeta( $category_id, 'use_additional_form_set', $_POST['use_additional_form_set'] );
531	- //exit('<pre>'.print_r($_POST,1).'</pre>');
532	} else {
533	wpsc_delete_categorymeta( $category_id, 'use_additional_form_set' );
534	}
	@@ -546,9 +554,10 @@ function wpsc_save_category_set( $category_id, $tt_id ) {
546	$countryList = $wpdb->get_col( "SELECT `id` FROM `" . WPSC_TABLE_CURRENCY_LIST . "`" );
547
548	if ( $AllSelected != true ){
549	- $~~unselectedCountries~~ = ~~array_diff~~( ~~$countryList~~, $_POST['countrylist2'] );

550	//find the countries that are selected
551	- $selectedCountries = array_intersect( $countryList, $~~_POST['countrylist2']~~ );
552	wpsc_update_categorymeta( $category_id, 'target_market', $selectedCountries );
553	}
554


12	$parent_id = $_POST['parent_id'];
13
14	$result = true;
15	+ foreach( $sort_order as $key => $value ) {
16	+
17	+ if ( empty( $value ) ) {
18	continue;
19	+ }
20
21	$value = preg_replace( '/[^0-9]/', '', $value );
22
23	+ if ( ! wpsc_update_meta( $value, 'sort_order', $key, 'wpsc_variation' ) ) {
24	$result = false;
25	+ }
26	}
27	}
28

172	<fieldset class="wpsc-width-height-fields">
173	<legend class="screen-reader-text"><span><?php esc_html_e( 'Thumbnail Size', 'wpsc' ); ?></span></legend>
174	<label for="image_width"><?php esc_html_e( 'Width', 'wpsc' ); ?></label>
175	+ <input name="image_width" type="number" step="1" min="0" id="image_width" value="<?php if ( isset( $category['image_width'] ) ) echo esc_attr( $category['image_width'] ); ?>" class="small-text" style="width: 70px">
176	<label for="large_size_h"><?php esc_html_e( 'Height', 'wpsc' ); ?></label>
177	+ <input name="image_height" type="number" step="1" min="0" id="image_height" value="<?php if ( isset( $category['image_height'] ) ) echo esc_attr( $category['image_height'] ); ?>" class="small-text" style="width: 70px">
178	</fieldset>
179	</div>
180	<?php endif;?>
181
182	<!-- START OF TARGET MARKET SELECTION -->
183	<?php
184	+
185	$category_id = '';


186
187	+ if ( isset( $_GET['tag_ID'] ) ) {
188	+ $category_id = absint( $_GET['tag_ID'] );
189	+ }
190	+
191	+ $countrylist = WPSC_Countries::get_countries_array( true, true );
192	$selectedCountries = wpsc_get_meta( $category_id, 'target_market', 'wpsc_category' );
193	?>
194	<h4><?php esc_html_e( 'Restrict to Target Markets', 'wpsc' )?></h4>

497	//Good to here
498	if ( isset( $_POST['tag_ID'] ) ) {
499	//Editing
500	+ $category_id = (int) $_POST['tag_ID'];
501	+ $category = get_term_by( 'id', $category_id, 'wpsc_product_category' );
502	+ $url_name = $category->slug;
503
504	}
505	if ( isset( $_POST['deleteimage'] ) && $_POST['deleteimage'] == 1 ) {

511	if ( ! empty( $_POST['height'] ) && is_numeric( $_POST['height'] ) && ! empty( $_POST['width'] ) && is_numeric( $_POST['width'] ) && $image == null ) {
512	$imagedata = wpsc_get_categorymeta( $category_id, 'image' );
513	if ( $imagedata != null ) {
514	+ $height = (int) $_POST['height'];
515	+ $width = (int) $_POST['width'];
516	+ $imagepath = WPSC_CATEGORY_DIR . $imagedata;
517	$image_output = WPSC_CATEGORY_DIR . $imagedata;
518	image_processing( $imagepath, $image_output, $width, $height );
519	}

523	wpsc_update_categorymeta( $category_id, 'active', '1' );
524	wpsc_update_categorymeta( $category_id, 'order', '0' );
525
526	+ if ( isset( $_POST['display_type'] ) ) {
527	wpsc_update_categorymeta( $category_id, 'display_type', esc_sql( stripslashes( $_POST['display_type'] ) ) );
528	+ }
529
530	+ if ( isset( $_POST['image_height'] ) ) {
531	+ wpsc_update_categorymeta( $category_id, 'image_height', (int) $_POST['image_height'] );
532	+ }
533
534	+ if ( isset( $_POST['image_width'] ) ) {
535	+ wpsc_update_categorymeta( $category_id, 'image_width', (int) $_POST['image_width'] );
536	+ }
537
538	if ( ! empty( $_POST['use_additional_form_set'] ) ) {
539	wpsc_update_categorymeta( $category_id, 'use_additional_form_set', $_POST['use_additional_form_set'] );

540	} else {
541	wpsc_delete_categorymeta( $category_id, 'use_additional_form_set' );
542	}

554	$countryList = $wpdb->get_col( "SELECT `id` FROM `" . WPSC_TABLE_CURRENCY_LIST . "`" );
555
556	if ( $AllSelected != true ){
557	+ $posted_countries = array_map( 'intval', $_POST['countrylist2'] );
558	+ $unselectedCountries = array_diff( $countryList, $posted_countries );
559	//find the countries that are selected
560	+ $selectedCountries = array_intersect( $countryList, $posted_countries );
561	wpsc_update_categorymeta( $category_id, 'target_market', $selectedCountries );
562	}
563

wpsc-admin/init.php CHANGED Viewed

	@@ -1,6 +1,10 @@
1	<?php
2	-
3	function wpsc_ajax_sales_quarterly() {





4	$lastdate = sanitize_text_field( $_POST['add_start'] );
5	$date = preg_split( '/-/', $lastdate );
6	if ( !isset( $date[0] ) )
	@@ -66,6 +70,10 @@ if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action']
66	*/
67	function wpsc_duplicate_product() {
68




69	// Get the original post
70	$id = absint( $_GET['product'] );
71	$post = get_post( $id );
	@@ -76,7 +84,7 @@ function wpsc_duplicate_product() {
76
77	$duplicated = true;
78	$sendback = wp_get_referer();
79	- $sendback = add_query_arg( 'duplicated', (int)$duplicated, $sendback );
80
81	wp_redirect( $sendback );
82	exit();
	@@ -89,10 +97,16 @@ if ( isset( $_GET['wpsc_admin_action'] ) && ( $_GET['wpsc_admin_action'] == 'dup
89	add_action( 'admin_init', 'wpsc_duplicate_product' );
90
91	function wpsc_purchase_log_csv() {





92	global $wpdb, $wpsc_gateways;
93	get_currentuserinfo();
94	$count = 0;
95	- ~~if ( 'key' == $_REQUEST['rss_key'] && current_user_can( 'manage_options' ) ) {~~

96	if ( isset( $_REQUEST['start_timestamp'] ) && isset( $_REQUEST['end_timestamp'] ) ) {
97	$start_timestamp = $_REQUEST['start_timestamp'];
98	$end_timestamp = $_REQUEST['end_timestamp'];
	@@ -235,6 +249,11 @@ if ( isset( $_GET['purchase_log_csv'] ) && ( 'true' == $_GET['purchase_log_csv']
235	add_action( 'admin_init', 'wpsc_purchase_log_csv' );
236
237	function wpsc_admin_sale_rss() {





238	global $wpdb;
239	if ( ($_GET['rss'] == "true") && ($_GET['rss_key'] == 'key') && ($_GET['action'] == "purchase_log") ) {
240	$sql = "SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `date`!='' ORDER BY `date` DESC";
	@@ -276,6 +295,11 @@ if ( isset( $_GET['action'] ) && ( 'purchase_log' == $_GET['action'] ) )
276	* Purchase log ajax code starts here
277	*/
278	function wpsc_purchlog_resend_email() {





279	global $wpdb;
280	$log_id = $_REQUEST['email_buyer_id'];
281	$wpec_taxes_controller = new wpec_taxes_controller();
	@@ -298,9 +322,15 @@ if ( isset( $_REQUEST['email_buyer_id'] ) && is_numeric( $_REQUEST['email_buyer_
298	}
299
300	function wpsc_purchlog_clear_download_items() {





301	global $wpdb;
302	- ~~if ( is_numeric( $_GET['purchaselog_id'] ) ) {~~
303	- ~~$purchase_id~~ = (~~int)~~$_GET['~~purchaselog_id~~'];

304	$downloadable_items = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM `" . WPSC_TABLE_DOWNLOAD_STATUS . "` WHERE `purchid` = %d", $purchase_id ), ARRAY_A );
305
306	$wpdb->update( WPSC_TABLE_DOWNLOAD_STATUS, array( 'ip_number' => '' ), array( 'purchid' => $purchase_id ), '%s', '%d' );
	@@ -337,6 +367,11 @@ if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action']
337
338	//bulk actions for purchase log
339	function wpsc_purchlog_bulk_modify() {





340	if ( $_POST['purchlog_multiple_status_change'] != -1 ) {
341	if ( is_numeric( $_POST['purchlog_multiple_status_change'] ) && $_POST['purchlog_multiple_status_change'] != 'delete' ) {
342	foreach ( (array)$_POST['purchlogids'] as $purchlogid ) {
	@@ -403,7 +438,12 @@ if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action']
403	/* End Order Notes (by Ben) */
404
405	//delete a purchase log
406	- function wpsc_delete_purchlog( $purchlog_id='' ) {





407	global $wpdb;
408	$deleted = 0;
409
	@@ -503,7 +543,10 @@ add_action( 'update_option_users_can_register', '_wpsc_action_update_option_user
503	* @return nothing
504	*/
505	function wpsc_update_page_urls( $auto = false ) {
506	- ~~global $wpdb;~~



507
508	wpsc_update_permalink_slugs();
509	wpsc_core_load_page_titles();
	@@ -526,6 +569,11 @@ if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action']
526
527	//change the regions tax settings
528	function wpsc_change_region_tax() {





529	global $wpdb;
530	if ( is_array( $_POST['region_tax'] ) ) {
531	foreach ( $_POST['region_tax'] as $region_id => $tax ) {
	@@ -557,6 +605,10 @@ if ( isset( $_REQUEST['wpsc_admin_action'] ) && ($_REQUEST['wpsc_admin_action']
557	function wpsc_product_files_existing() {
558	//List all product_files, with checkboxes
559




560	$product_id = absint( $_GET["product_id"] );
561	$file_list = wpsc_uploaded_files();
562
	@@ -663,6 +715,11 @@ if ( isset( $_REQUEST['wpsc_admin_action'] ) && ( 'wpsc-delete-variation-set' ==
663	add_action( 'admin_init', 'wpsc_delete_variation_set' );
664
665	function wpsc_backup_theme() {





666	$wp_theme_path = get_stylesheet_directory();
667	wpsc_recursive_copy( $wp_theme_path, WPSC_THEME_BACKUP_DIR );
668	$_SESSION['wpsc_themes_backup'] = true;


1	<?php

2	function wpsc_ajax_sales_quarterly() {
3	+
4	+ if ( ! wpsc_is_store_admin() ) {
5	+ return;
6	+ }
7	+
8	$lastdate = sanitize_text_field( $_POST['add_start'] );
9	$date = preg_split( '/-/', $lastdate );
10	if ( !isset( $date[0] ) )

70	*/
71	function wpsc_duplicate_product() {
72
73	+ if ( ! wpsc_is_store_admin() ) {
74	+ return;
75	+ }
76	+
77	// Get the original post
78	$id = absint( $_GET['product'] );
79	$post = get_post( $id );

84
85	$duplicated = true;
86	$sendback = wp_get_referer();
87	+ $sendback = add_query_arg( 'duplicated', (int) $duplicated, $sendback );
88
89	wp_redirect( $sendback );
90	exit();

97	add_action( 'admin_init', 'wpsc_duplicate_product' );
98
99	function wpsc_purchase_log_csv() {
100	+
101	+ if ( ! wpsc_is_store_admin() ) {
102	+ return;
103	+ }
104	+
105	global $wpdb, $wpsc_gateways;
106	get_currentuserinfo();
107	$count = 0;
108	+
109	+ if ( 'key' == $_REQUEST['rss_key'] ) {
110	if ( isset( $_REQUEST['start_timestamp'] ) && isset( $_REQUEST['end_timestamp'] ) ) {
111	$start_timestamp = $_REQUEST['start_timestamp'];
112	$end_timestamp = $_REQUEST['end_timestamp'];

249	add_action( 'admin_init', 'wpsc_purchase_log_csv' );
250
251	function wpsc_admin_sale_rss() {
252	+
253	+ if ( ! wpsc_is_store_admin() ) {
254	+ return;
255	+ }
256	+
257	global $wpdb;
258	if ( ($_GET['rss'] == "true") && ($_GET['rss_key'] == 'key') && ($_GET['action'] == "purchase_log") ) {
259	$sql = "SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `date`!='' ORDER BY `date` DESC";

295	* Purchase log ajax code starts here
296	*/
297	function wpsc_purchlog_resend_email() {
298	+
299	+ if ( ! wpsc_is_store_admin() ) {
300	+ return;
301	+ }
302	+
303	global $wpdb;
304	$log_id = $_REQUEST['email_buyer_id'];
305	$wpec_taxes_controller = new wpec_taxes_controller();

322	}
323
324	function wpsc_purchlog_clear_download_items() {
325	+
326	+ if ( ! wpsc_is_store_admin() ) {
327	+ return;
328	+ }
329	+
330	global $wpdb;
331	+
332	+ if ( is_numeric( $_GET['id'] ) ) {
333	+ $purchase_id = (int) $_GET['id'];
334	$downloadable_items = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM `" . WPSC_TABLE_DOWNLOAD_STATUS . "` WHERE `purchid` = %d", $purchase_id ), ARRAY_A );
335
336	$wpdb->update( WPSC_TABLE_DOWNLOAD_STATUS, array( 'ip_number' => '' ), array( 'purchid' => $purchase_id ), '%s', '%d' );

367
368	//bulk actions for purchase log
369	function wpsc_purchlog_bulk_modify() {
370	+
371	+ if ( ! wpsc_is_store_admin() ) {
372	+ return;
373	+ }
374	+
375	if ( $_POST['purchlog_multiple_status_change'] != -1 ) {
376	if ( is_numeric( $_POST['purchlog_multiple_status_change'] ) && $_POST['purchlog_multiple_status_change'] != 'delete' ) {
377	foreach ( (array)$_POST['purchlogids'] as $purchlogid ) {

438	/* End Order Notes (by Ben) */
439
440	//delete a purchase log
441	+ function wpsc_delete_purchlog( $purchlog_id = '' ) {
442	+
443	+ if ( ! wpsc_is_store_admin() ) {
444	+ return;
445	+ }
446	+
447	global $wpdb;
448	$deleted = 0;
449

543	* @return nothing
544	*/
545	function wpsc_update_page_urls( $auto = false ) {
546	+
547	+ if ( ! wpsc_is_store_admin() ) {
548	+ return;
549	+ }
550
551	wpsc_update_permalink_slugs();
552	wpsc_core_load_page_titles();

569
570	//change the regions tax settings
571	function wpsc_change_region_tax() {
572	+
573	+ if ( ! wpsc_is_store_admin() ) {
574	+ return;
575	+ }
576	+
577	global $wpdb;
578	if ( is_array( $_POST['region_tax'] ) ) {
579	foreach ( $_POST['region_tax'] as $region_id => $tax ) {

605	function wpsc_product_files_existing() {
606	//List all product_files, with checkboxes
607
608	+ if ( ! wpsc_is_store_admin() ) {
609	+ return;
610	+ }
611	+
612	$product_id = absint( $_GET["product_id"] );
613	$file_list = wpsc_uploaded_files();
614

715	add_action( 'admin_init', 'wpsc_delete_variation_set' );
716
717	function wpsc_backup_theme() {
718	+
719	+ if ( ! wpsc_is_store_admin() ) {
720	+ return;
721	+ }
722	+
723	$wp_theme_path = get_stylesheet_directory();
724	wpsc_recursive_copy( $wp_theme_path, WPSC_THEME_BACKUP_DIR );
725	$_SESSION['wpsc_themes_backup'] = true;

wpsc-components/marketplace-core-v1/library/Sputnik/API.php CHANGED Viewed

	@@ -118,7 +118,7 @@ class Sputnik_API {
118	<head>
119	<title><?php _e( 'Redirecting ...', 'wpsc' ); ?></title>
120	<script type="text/javascript">
121	- parent.location = '<?php echo $return_url; ?>';
122	window.close();
123	</script>
124	</head>


118	<head>
119	<title><?php _e( 'Redirecting ...', 'wpsc' ); ?></title>
120	<script type="text/javascript">
121	+ parent.location = '<?php echo esc_js( $return_url ); ?>';
122	window.close();
123	</script>
124	</head>

wpsc-components/marketplace-core-v1/library/Sputnik/Admin.php CHANGED Viewed

	@@ -21,6 +21,11 @@ class Sputnik_Admin {
21	}
22
23	public static function init() {





24	add_action('admin_print_styles', array(__CLASS__, 'styles'));
25	add_action('admin_print_scripts', array(__CLASS__, 'scripts'));
26
	@@ -127,6 +132,11 @@ class Sputnik_Admin {
127	}
128
129	public static function admin_head_page() {





130	if (self::$page === 'dash') {
131	self::$list_table = new Sputnik_List_Install();
132	$pagenum = self::$list_table->get_pagenum();


21	}
22
23	public static function init() {
24	+
25	+ if ( ! wpsc_is_store_admin() ) {
26	+ return;
27	+ }
28	+
29	add_action('admin_print_styles', array(__CLASS__, 'styles'));
30	add_action('admin_print_scripts', array(__CLASS__, 'scripts'));
31

132	}
133
134	public static function admin_head_page() {
135	+
136	+ if ( ! wpsc_is_store_admin() ) {
137	+ return;
138	+ }
139	+
140	if (self::$page === 'dash') {
141	self::$list_table = new Sputnik_List_Install();
142	$pagenum = self::$list_table->get_pagenum();

wpsc-components/theme-engine-v1/helpers/ajax.php CHANGED Viewed

@@ -676,10 +676,19 @@ function wpsc_submit_checkout( $collected_data = true ) {
             		// Test for required shipping information
             		if ( wpsc_core_shipping_enabled() && ( $num_items != $disregard_shipping ) ) {
-            -
            			// for shipping to work we need a method, option and a quote
-            -
            			if ( ! $wpsc_cart->shipping_method_selected() || ! $wpsc_cart->shipping_quote_selected() ) {
-            -
            				$error_messages[] = __( 'Please select one of the available shipping options, then we can process your order.', 'wpsc' );
-            -
            				$is_valid = false;
+            			}
             			// if we don't have a valid zip code ( the function also checks if we need it ) we have an error


676
677	// Test for required shipping information
678	if ( wpsc_core_shipping_enabled() && ( $num_items != $disregard_shipping ) ) {
679	+ // for shipping to work we need a method, option and a quote, unless we have free shipping.
680	+
681	+ $shipping_discount_value = get_option( 'shipping_discount_value' );
682	+ $is_free_shipping_enabled = get_option( 'shipping_discount' );
683	+ $subtotal = $wpsc_cart->calculate_subtotal();
684	+
685	+ $has_free_shipping = $is_free_shipping_enabled && $shipping_discount_value > 0 && $shipping_discount_value <= $subtotal;
686	+
687	+ if ( ! $has_free_shipping ) {
688	+ if ( ! $wpsc_cart->shipping_method_selected() \|\| ! $wpsc_cart->shipping_quote_selected() ) {
689	+ $error_messages[] = __( 'Please select one of the available shipping options, then we can process your order.', 'wpsc' );
690	+ $is_valid = false;
691	+ }
692	}
693
694	// if we don't have a valid zip code ( the function also checks if we need it ) we have an error

wpsc-components/theme-engine-v1/helpers/page.php CHANGED Viewed

	@@ -125,6 +125,11 @@ function wpsc_flush_theme_transients( $force = false ) {
125	}
126
127	function wpsc_force_flush_theme_transients() {





128	// Flush transients
129	wpsc_flush_theme_transients( true );
130


125	}
126
127	function wpsc_force_flush_theme_transients() {
128	+
129	+ if ( ! wpsc_is_store_admin() ) {
130	+ return;
131	+ }
132	+
133	// Flush transients
134	wpsc_flush_theme_transients( true );
135

wpsc-components/theme-engine-v1/helpers/product.php CHANGED Viewed

	@@ -1,9 +1,10 @@
1	<?php
2	- add_action( 'save_post', 'wpsc_refresh_page_urls', 10, 2 );
3	add_action( 'wpsc_theme_footer', 'wpsc_fancy_notifications' );
4
5	- if ( get_option( 'wpsc_replace_page_title' ) == 1 )
6	add_filter( 'wp_title', 'wpsc_replace_wp_title', 10, 2 );

7
8	add_filter( 'post_type_link', 'wpsc_product_link', 10, 3 );
9


1	<?php
2	+ add_action( 'save_post' , 'wpsc_refresh_page_urls', 10, 2 );
3	add_action( 'wpsc_theme_footer', 'wpsc_fancy_notifications' );
4
5	+ if ( get_option( 'wpsc_replace_page_title' ) == 1 ) {
6	add_filter( 'wp_title', 'wpsc_replace_wp_title', 10, 2 );
7	+ }
8
9	add_filter( 'post_type_link', 'wpsc_product_link', 10, 3 );
10

wpsc-core/wpsc-constants.php CHANGED Viewed

	@@ -53,15 +53,15 @@ function wpsc_core_constants() {
53
54	// Define Plugin version
55	if ( ! defined( 'WPSC_VERSION' ) ) {
56	- define( 'WPSC_VERSION' , '3.8.14.3' );
57	}
58
59	if ( ! defined( 'WPSC_MINOR_VERSION' ) ) {
60	- define( 'WPSC_MINOR_VERSION' , '~~86c1a52~~' );
61	}
62
63	if ( ! defined( 'WPSC_PRESENTABLE_VERSION' ) ) {
64	- define( 'WPSC_PRESENTABLE_VERSION', '3.8.14.3' );
65	}
66
67	// Define a salt to use when we hash, WPSC_SALT may be defined for us in our config file, so check first


53
54	// Define Plugin version
55	if ( ! defined( 'WPSC_VERSION' ) ) {
56	+ define( 'WPSC_VERSION' , '3.8.14.4' );
57	}
58
59	if ( ! defined( 'WPSC_MINOR_VERSION' ) ) {
60	+ define( 'WPSC_MINOR_VERSION' , 'aa9c5c4f95' );
61	}
62
63	if ( ! defined( 'WPSC_PRESENTABLE_VERSION' ) ) {
64	+ define( 'WPSC_PRESENTABLE_VERSION', '3.8.14.4' );
65	}
66
67	// Define a salt to use when we hash, WPSC_SALT may be defined for us in our config file, so check first

wpsc-core/wpsc-deprecated.php CHANGED Viewed

	@@ -1477,6 +1477,11 @@ function wpsc_filter_feature_image_text( $translation, $text, $domain ) {
1477
1478	function wpsc_display_invoice() {
1479	_wpsc_deprecated_function( __FUNCTION__, '3.8.13' );





1480	$purchase_id = (int)$_REQUEST['purchaselog_id'];
1481	add_action('wpsc_packing_slip', 'wpsc_packing_slip');
1482	do_action('wpsc_before_packing_slip', $purchase_id);
	@@ -2009,8 +2014,13 @@ if ( ! function_exists( 'change_link' ) ) {
2009
2010	function wpsc_google_shipping_settings() {
2011	_wpsc_deprecated_function( __FUNCTION__, '3.8.14' );





2012	if ( isset( $_POST['submit'] ) ) {
2013	- foreach ( (array)$_POST['google_shipping'] as $key => $country ) {
2014	if ( $country == 'on' ) {
2015	$google_shipping_country[] = $key;
2016	$updated++;


1477
1478	function wpsc_display_invoice() {
1479	_wpsc_deprecated_function( __FUNCTION__, '3.8.13' );
1480	+
1481	+ if ( ! wpsc_is_store_admin() ) {
1482	+ return;
1483	+ }
1484	+
1485	$purchase_id = (int)$_REQUEST['purchaselog_id'];
1486	add_action('wpsc_packing_slip', 'wpsc_packing_slip');
1487	do_action('wpsc_before_packing_slip', $purchase_id);

2014
2015	function wpsc_google_shipping_settings() {
2016	_wpsc_deprecated_function( __FUNCTION__, '3.8.14' );
2017	+
2018	+ if ( ! wpsc_is_store_admin() ) {
2019	+ return;
2020	+ }
2021	+
2022	if ( isset( $_POST['submit'] ) ) {
2023	+ foreach ( (array) $_POST['google_shipping'] as $key => $country ) {
2024	if ( $country == 'on' ) {
2025	$google_shipping_country[] = $key;
2026	$updated++;

wpsc-core/wpsc-functions.php CHANGED Viewed

	@@ -866,6 +866,10 @@ function _wpsc_clear_wp_cache_on_version_change() {
866	return;
867	}
868




869	$version_we_last_stored = get_option( __FUNCTION__, false );
870
871	if ( $version_we_last_stored != WPSC_VERSION ) {


866	return;
867	}
868
869	+ if ( ! wpsc_is_store_admin() ) {
870	+ return;
871	+ }
872	+
873	$version_we_last_stored = get_option( __FUNCTION__, false );
874
875	if ( $version_we_last_stored != WPSC_VERSION ) {

wpsc-includes/cart.class.php CHANGED Viewed

	@@ -412,6 +412,9 @@ class wpsc_cart {
412	do_action( 'wpsc_after_get_shipping_method', $this );
413	}
414	}



415	}
416
417	/**
	@@ -445,6 +448,9 @@ class wpsc_cart {
445	if ( empty( $this->selected_shipping_option ) && is_array( $this->shipping_quotes ) && ! empty( $this->shipping_quotes ) ) {
446	$this->selected_shipping_option = apply_filters( 'wpsc_default_shipping_quote', $this->selected_shipping_option, $this->shipping_quotes, $this );
447	}



448	}
449
450	/**
	@@ -1280,11 +1286,33 @@ class wpsc_cart {
1280	$this->coupons_amount = apply_filters( 'wpsc_coupons_amount', $coupons_amount, $coupon_name, $this );
1281
1282	$this->calculate_total_price();

1283	if ( $this->total_price < 0 ) {

1284	$this->coupons_amount += $this->total_price;
1285	- $this->total_price = null;

1286	$this->calculate_total_price();
1287	}
1288	}

1289
















1290	}


412	do_action( 'wpsc_after_get_shipping_method', $this );
413	}
414	}
415	+
416	+ $this->rewind_shipping_methods();
417	+
418	}
419
420	/**

448	if ( empty( $this->selected_shipping_option ) && is_array( $this->shipping_quotes ) && ! empty( $this->shipping_quotes ) ) {
449	$this->selected_shipping_option = apply_filters( 'wpsc_default_shipping_quote', $this->selected_shipping_option, $this->shipping_quotes, $this );
450	}
451	+
452	+ $this->rewind_shipping_methods();
453	+
454	}
455
456	/**

1286	$this->coupons_amount = apply_filters( 'wpsc_coupons_amount', $coupons_amount, $coupon_name, $this );
1287
1288	$this->calculate_total_price();
1289	+
1290	if ( $this->total_price < 0 ) {
1291	+
1292	$this->coupons_amount += $this->total_price;
1293	+ $this->total_price = null;
1294	+
1295	$this->calculate_total_price();
1296	}
1297	}
1298	+ }
1299
1300	+ /**
1301	+ * A final calculation of shipping method on shipping page, prior to quote display.
1302	+ * A regrettable hack, but necessary for 1.0 versions of our shipping interface and theme engine.
1303	+ *
1304	+ * @link https://github.com/wp-e-commerce/WP-e-Commerce/issues/1552
1305	+ *
1306	+ * @since 3.8.14.4
1307	+ * @access private
1308	+ *
1309	+ * @return void
1310	+ */
1311	+ function _wpsc_calculate_shipping_quotes_before_product_page() {
1312	+ global $wpsc_cart;
1313	+
1314	+ $wpsc_cart->get_shipping_method();
1315	+ $wpsc_cart->rewind_shipping_methods();
1316	}
1317	+
1318	+ add_action( 'wpsc_before_shipping_of_shopping_cart', '_wpsc_calculate_shipping_quotes_before_product_page' , 1 );

wpsc-includes/coupons.class.php CHANGED Viewed

	@@ -15,6 +15,7 @@ function wpsc_uses_coupons() {
15
16	return false;
17	}

18	function wpsc_coupons_error(){
19	global $wpsc_coupons;
20
	@@ -86,12 +87,13 @@ class wpsc_coupons {
86
87	$this->value = (float) $coupon_data['value'];
88	$this->is_percentage = $coupon_data['is-percentage'];
89	- ~~$this->conditions = unserialize($coupon_data['condition']);~~
90	- $this->~~is_used~~ = $coupon_data['~~is-used~~'];
91	- $this->~~active~~ = $coupon_data['~~active~~'];
92	- $this->~~use_once~~ = $coupon_data['~~use-once~~'];
93	- $this->~~start_date~~ = $coupon_data['~~start~~'];
94	- $this->~~end_date~~ = $coupon_data['~~expiry~~'];

95	$this->every_product = $coupon_data['every_product'];
96	$this->errormsg = false;
97	$valid = $this->validate_coupon();


15
16	return false;
17	}
18	+
19	function wpsc_coupons_error(){
20	global $wpsc_coupons;
21

87
88	$this->value = (float) $coupon_data['value'];
89	$this->is_percentage = $coupon_data['is-percentage'];
90	+
91	+ $this->conditions = unserialize( $coupon_data['condition'] );
92	+ $this->is_used = $coupon_data['is-used'];
93	+ $this->active = $coupon_data['active'];
94	+ $this->use_once = $coupon_data['use-once'];
95	+ $this->start_date = $coupon_data['start'];
96	+ $this->end_date = $coupon_data['expiry'];
97	$this->every_product = $coupon_data['every_product'];
98	$this->errormsg = false;
99	$valid = $this->validate_coupon();

wpsc-includes/form-display.functions.php CHANGED Viewed

	@@ -139,6 +139,11 @@ function wpsc_select_product_file( $product_id = null ) {
139	}
140
141	function _wpsc_admin_download_file() {





142	$file_id = $_REQUEST['wpsc_download_id'];
143	check_admin_referer( 'wpsc-admin-download-file-' . $file_id );
144
	@@ -146,8 +151,9 @@ function _wpsc_admin_download_file() {
146	_wpsc_force_download_file( $file_id );
147	}
148
149	- if ( ! empty( $_REQUEST['wpsc_download_id'] ) )
150	add_action( 'admin_init', '_wpsc_admin_download_file' );

151
152	function wpsc_select_variation_file( $file_id, $variation_ids, $variation_combination_id = null ) {
153	global $wpdb;
	@@ -208,4 +214,4 @@ function wpsc_list_product_themes( $theme_name = null ) {
208	return $output;
209	}
210
211	- ?>


139	}
140
141	function _wpsc_admin_download_file() {
142	+
143	+ if ( ! wpsc_is_store_admin() ) {
144	+ return;
145	+ }
146	+
147	$file_id = $_REQUEST['wpsc_download_id'];
148	check_admin_referer( 'wpsc-admin-download-file-' . $file_id );
149

151	_wpsc_force_download_file( $file_id );
152	}
153
154	+ if ( ! empty( $_REQUEST['wpsc_download_id'] ) ) {
155	add_action( 'admin_init', '_wpsc_admin_download_file' );
156	+ }
157
158	function wpsc_select_variation_file( $file_id, $variation_ids, $variation_combination_id = null ) {
159	global $wpdb;

214	return $output;
215	}
216
217	+ ?>

wpsc-includes/misc.functions.php CHANGED Viewed

	@@ -943,6 +943,11 @@ function wpsc_get_ajax_spinner() {
943	}
944
945	function _wpsc_remove_erroneous_files() {





946	$files = array(
947	WPSC_FILE_PATH . '/wpsc-components/marketplace-core-v1/library/Sputnik/.htaccess',
948	WPSC_FILE_PATH . '/wpsc-components/marketplace-core-v1/library/Sputnik/error_log',


943	}
944
945	function _wpsc_remove_erroneous_files() {
946	+
947	+ if ( ! wpsc_is_store_admin() ) {
948	+ return;
949	+ }
950	+
951	$files = array(
952	WPSC_FILE_PATH . '/wpsc-components/marketplace-core-v1/library/Sputnik/.htaccess',
953	WPSC_FILE_PATH . '/wpsc-components/marketplace-core-v1/library/Sputnik/error_log',

wpsc-includes/purchase-log.class.php CHANGED Viewed

	@@ -161,10 +161,10 @@ class WPSC_Purchase_Log {
161	$needs_fetching[] = $product->post->ID;
162	} else {
163	// tally up the sales and earnings if this one has cache already
164	- $prod_meta = get_post_meta( $product->post->ID, '_wpsc_stats', true );
165	- $stats['sales'] += $prod_meta['sales'];
166	- $stats['earnings'] += $prod_meta['earnings'];
167	- $needs_fetching[] = $product->post->ID;
168	}
169	}
170	}


161	$needs_fetching[] = $product->post->ID;
162	} else {
163	// tally up the sales and earnings if this one has cache already
164	+ $prod_meta = get_post_meta( $product->post->ID, '_wpsc_stats', true );
165	+ $stats['sales'] += $prod_meta['sales'];
166	+ $stats['earnings'] += $prod_meta['earnings'];
167	+ $needs_fetching[] = $product->post->ID;
168	}
169	}
170	}

wpsc-includes/purchaselogs.class.php CHANGED Viewed

@@ -945,13 +945,30 @@ class wpsc_purchaselogs {
             	  return $sum;
+               }
-            -
               function search_purchlog_view( $searchterm ) {
-            -
            	  global $wpdb;
-            -
            	  $sql = $wpdb->prepare( "SELECT DISTINCT `" . WPSC_TABLE_PURCHASE_LOGS . "` . * FROM `" . WPSC_TABLE_SUBMITTED_FORM_DATA . "` LEFT JOIN `" . WPSC_TABLE_PURCHASE_LOGS . "` ON `" . WPSC_TABLE_SUBMITTED_FORM_DATA . "`.`log_id` = `" . WPSC_TABLE_PURCHASE_LOGS . "`.`id` WHERE `" . WPSC_TABLE_SUBMITTED_FORM_DATA . "`.`value` LIKE '%" . like_escape( $searchterm ) . "%' OR `" . WPSC_TABLE_PURCHASE_LOGS . "`.`transactid` = %s OR `" . WPSC_TABLE_PURCHASE_LOGS . "`.`track_id` LIKE '%" . like_escape( $searchterm )."%'", $searchterm );
-            -
            	  $newlogs = $wpdb->get_results( $sql );
-            -
            	  $_SESSION['newlogs'] = $newlogs;
-            -
            	  return $newlogs;
-            -
               }
+            }


945	return $sum;
946	}
947
948	+ function search_purchlog_view( $searchterm ) {
949	+ global $wpdb, $wp_version;
950	+
951	+ if ( version_compare( $wp_version, '4.0', '>=' ) ) {
952	+ $searchterm = '%' . $wpdb->esc_like( $searchterm ) . '%';
953	+ } else {
954	+ $searchterm = '%' . like_escape( $searchterm ) . '%';
955	+ }
956	+
957	+ $newlogs = $wpdb->get_results( $wpdb->prepare(
958	+ "SELECT DISTINCT `" . WPSC_TABLE_PURCHASE_LOGS . "` . * FROM `" . WPSC_TABLE_SUBMITTED_FORM_DATA . "`
959	+ LEFT JOIN `" . WPSC_TABLE_PURCHASE_LOGS . "`
960	+ ON `" . WPSC_TABLE_SUBMITTED_FORM_DATA . "`.`log_id` = `" . WPSC_TABLE_PURCHASE_LOGS . "`.`id`
961	+ WHERE `" . WPSC_TABLE_SUBMITTED_FORM_DATA . "`.`value` LIKE %s
962	+ OR `" . WPSC_TABLE_PURCHASE_LOGS . "`.`transactid` = %s
963	+ OR `" . WPSC_TABLE_PURCHASE_LOGS . "`.`track_id` LIKE %s",
964	+ $searchterm
965	+ )
966	+ );
967	+
968	+ $_SESSION['newlogs'] = $newlogs;
969	+
970	+ return $newlogs;
971	+ }
972
973	}
974

wpsc-includes/theming.class.php CHANGED Viewed

@@ -164,7 +164,7 @@ class wpsc_theming {
             				if('wpsc-default.css' == $file)
             					wpsc_move_theme_images();
             				if ( in_array( $file, $this->templates_to_move ) ) {
-            -
            					if ( !strstr( $file, "functions" ) && !strstr( $file, "widget" ) ) {
             						$file_data = file_get_contents( $old . "/" . $file );
             						$_SESSION['wpsc_themes_copied_results'][] = @file_put_contents( $path . "/" . $file, $file_data );
             						rename( $path . "/" . $file, $path . "/" . $theme_file_prefix . $file );
@@ -177,8 +177,20 @@ class wpsc_theming {
             		do_action( 'wpsc_move_theme' );
+            	}
+            }
-            -
            if ( isset( $_REQUEST['wpsc_move_themes'] ) && !empty($_REQUEST['wpsc_move_themes']) )
-            -
            	add_action( 'admin_init', create_function( '', 'global $wpsc_theming; $wpsc_theming = new wpsc_theming();' ) );
-            -
-            -
            ?>


164	if('wpsc-default.css' == $file)
165	wpsc_move_theme_images();
166	if ( in_array( $file, $this->templates_to_move ) ) {
167	+ if ( !strstr( $file, "functions" ) && !strstr( $file, 'widget' ) ) {
168	$file_data = file_get_contents( $old . "/" . $file );
169	$_SESSION['wpsc_themes_copied_results'][] = @file_put_contents( $path . "/" . $file, $file_data );
170	rename( $path . "/" . $file, $path . "/" . $theme_file_prefix . $file );

177	do_action( 'wpsc_move_theme' );
178	}
179	}
180	+ /**
181	+ * Initializes WPSC_Theming global.
182	+ *
183	+ * A relic of days gone by, an awkwardly named class intended for use in the migration of theme templates from
184	+ * the core theme folders into the currently active theme folder.
185	+ *
186	+ * @since 3.8.14.4
187	+ * @return void
188	+ */
189	+ function wpsc_init_theming_global() {
190	+ global $wpsc_theming;
191	+ $wpsc_theming = new wpsc_theming();
192	+ }
193
194	+ if ( isset( $_REQUEST['wpsc_move_themes'] ) && ! empty( $_REQUEST['wpsc_move_themes'] ) ) {
195	+ add_action( 'admin_init', 'wpsc_init_theming_global' );
196	+ }