WP eCommerce - Version 3.8.7.3

Version Description

Security fixes.

Release Info

Developer	garyc40
Plugin	WP eCommerce
Version	3.8.7.3
Comparing to
See all releases

Code changes from version 3.8.7.2 to 3.8.7.3

Files changed (7) hide show

readme.txt +4 -1
wp-shopping-cart.php +1 -1
wpsc-admin/display-sales-logs.php +14 -14
wpsc-core/wpsc-constants.php +3 -3
wpsc-includes/ajax.functions.php +30 -30
wpsc-includes/checkout.class.php +22 -22
wpsc-theme/functions/wpsc-user_log_functions.php +5 -1

readme.txt CHANGED Viewed

	@@ -4,7 +4,7 @@ Donate link: http://getshopped.org
4	Tags: e-commerce, wp-e-commerce, shop, cart, paypal, authorize, stock control, ecommerce, shipping, tax
5	Requires at least: 3.0
6	Tested up to: 3.2.1
7	- Stable tag: 3.8.7.2
8
9	WP e-Commerce is a free WordPress Shopping Cart Plugin that lets customers buy your products, services and digital downloads online.
10
	@@ -156,6 +156,9 @@ After upgrading from earlier versions look for link "Update Store". This will up
156
157
158	== Changelog ==



159	= 3.8.7.2 =
160	* New: Support for g:availability to Google Merchant Centre feed. Props bbaskets & longercat
161	* Fix: Admin product page sorting by column was not working.


4	Tags: e-commerce, wp-e-commerce, shop, cart, paypal, authorize, stock control, ecommerce, shipping, tax
5	Requires at least: 3.0
6	Tested up to: 3.2.1
7	+ Stable tag: 3.8.7.3
8
9	WP e-Commerce is a free WordPress Shopping Cart Plugin that lets customers buy your products, services and digital downloads online.
10

156
157
158	== Changelog ==
159	+ = 3.8.7.3 =
160	+ * Security fixes.
161	+
162	= 3.8.7.2 =
163	* New: Support for g:availability to Google Merchant Centre feed. Props bbaskets & longercat
164	* Fix: Admin product page sorting by column was not working.

wp-shopping-cart.php CHANGED Viewed

	@@ -3,7 +3,7 @@
3	* Plugin Name: WP e-Commerce
4	* Plugin URI: http://getshopped.org/
5	* Description: A plugin that provides a WordPress Shopping Cart. See also: <a href="http://getshopped.org" target="_blank">GetShopped.org</a> \| <a href="http://getshopped.org/forums/" target="_blank">Support Forum</a> \| <a href="http://docs.getshopped.org/" target="_blank">Documentation</a>
6	- * Version: 3.8.7.2
7	* Author: Instinct Entertainment
8	* Author URI: http://getshopped.org/
9	**/


3	* Plugin Name: WP e-Commerce
4	* Plugin URI: http://getshopped.org/
5	* Description: A plugin that provides a WordPress Shopping Cart. See also: <a href="http://getshopped.org" target="_blank">GetShopped.org</a> \| <a href="http://getshopped.org/forums/" target="_blank">Support Forum</a> \| <a href="http://docs.getshopped.org/" target="_blank">Documentation</a>
6	+ * Version: 3.8.7.3
7	* Author: Instinct Entertainment
8	* Author URI: http://getshopped.org/
9	**/

wpsc-admin/display-sales-logs.php CHANGED Viewed

	@@ -33,10 +33,10 @@ function wpsc_display_sales_logs() {
33	function wpsc_update_purchase_logs_3dot8() {
34	if ( _wpsc_purchlogs_need_update() )
35	wpsc_update_purchase_logs();
36	-
37	?>
38	<div class="wrap">
39	- <h2><?php echo esc_html( __('Sales', 'wpsc') ); ?> </h2>
40	<p><?php printf( __( 'Your purchase logs have been updated! <a href="%s">Click here</a> to return.'), remove_query_arg( 'subpage' ) ); ?></p>
41	</div>
42	<?php
	@@ -44,14 +44,14 @@ function wpsc_update_purchase_logs_3dot8() {
44
45	function _wpsc_purchlogs_need_update() {
46	global $wpdb;
47	-
48	if ( get_option( '_wpsc_purchlogs_3.8_updated' ) )
49	return false;
50	-
51	$c = $wpdb->get_var( "SELECT COUNT(*) FROM " . WPSC_TABLE_PURCHASE_LOGS . " WHERE plugin_version IN ('3.6', '3.7')" );
52	if ( $c > 0 )
53	return true;
54	-
55	update_option( '_wpsc_purchlogs_3.8_updated', true );
56	return false;
57	}
	@@ -119,7 +119,7 @@ function _wpsc_purchlogs_need_update() {
119	<div class='error' style='padding:8px;line-spacing:8px;'><span ><?php printf( __('It has been detected that some of your purchase logs were not updated properly when you upgrade to WP e-Commerce %s. Please <a href="%s">click here</a> to fix this problem.', 'wpsc'), WPSC_VERSION, add_query_arg( 'subpage', 'update-purchase-logs-3.8' ) ); ?></span></div>
120	<?php
121	}
122	-
123	///// end of update message section //////?>
124	<div id='dashboard-widgets' style='min-width: 825px;'>
125	<?php /* end of sidebar start of main column */ ?>
	@@ -269,7 +269,7 @@ function _wpsc_purchlogs_need_update() {
269	</table>
270	<div id='wpsc_purchlog_order_status'>
271	<form action='' method='post'>
272	- <p><label for='purchaselog-<?php echo $_GET['purchaselog_id']; ?>'><?php _e('Order Status:','wpsc'); ?></label><select id='purchaselog-<?php echo $_GET['purchaselog_id']; ?>' class='selector' name='<?php echo $_GET['purchaselog_id']; ?>' title='<?php echo $_GET['purchaselog_id']; ?>' >
273	<?php while(wpsc_have_purch_items_statuses()) : wpsc_the_purch_status(); ?>
274	<option value='<?php echo wpsc_the_purch_status_id(); ?>' <?php echo wpsc_purchlog_is_checked_status(); ?> ><?php echo wpsc_the_purch_status_name(); ?> </option>
275	<?php endwhile; ?>
	@@ -297,9 +297,9 @@ function _wpsc_purchlogs_need_update() {
297	<?php endif; ?>
298	<img src='<?php echo WPSC_CORE_IMAGES_URL; ?>/printer.png' alt='printer icon' />&ensp;<a href='<?php echo add_query_arg('wpsc_admin_action','wpsc_display_invoice'); ?>'><?php _e('View Packing Slip', 'wpsc'); ?></a>
299
300	- <br /><br class='small' /><img src='<?php echo WPSC_CORE_IMAGES_URL; ?>/email_go.png' alt='email icon' />&ensp;<a href='<?php echo add_query_arg('email_buyer_id',$_GET['purchaselog_id']); ?>'><?php _e('Resend Receipt to Buyer', 'wpsc'); ?></a>
301
302	- <br /><br class='small' /><a class='submitdelete' title='<?php echo esc_attr(__( 'Delete this log', 'wpsc' )); ?>' href='<?php echo wp_nonce_url("admin.php?wpsc_admin_action=delete_purchlog&purchlog_id=".$_GET['purchaselog_id'], 'delete_purchlog_' .$_GET['purchaselog_id']); ?>' onclick="if ( confirm(' <?php echo esc_js(sprintf( __("You are about to delete this log '%s'\n 'Cancel' to stop, 'OK' to delete.",'wpsc'), wpsc_purchaselog_details_date() )) ?>') ) { return true;}return false;"><img src='<?php echo WPSC_CORE_IMAGES_URL . "/cross.png"; ?>' alt='delete icon' />  <?php _e('Remove this record', 'wpsc') ?></a>
303
304	<br /><br class='small' />&emsp;&ensp; <a href='<?php echo $page_back ?>'><?php _e('Go Back', 'wpsc'); ?></a>
305	<br /><br />
	@@ -310,7 +310,7 @@ function _wpsc_purchlogs_need_update() {
310	<?php
311
312	}
313	-
314	function wpsc_purchaselogs_displaylist(){
315	global $purchlogs;
316	?>
	@@ -335,12 +335,12 @@ function _wpsc_purchlogs_need_update() {
335	$date_is_selected['3mnths'] = '';
336	$date_is_selected['all'] = '';
337	if( !isset($_GET['view_purchlogs_by']) )
338	- $_GET['view_purchlogs_by'] = '';
339	switch($_GET['view_purchlogs_by']) {
340	case 'all':
341	$date_is_selected['all'] = 'selected="selected"';
342	break;
343	-
344	default:
345	case '3mnths':
346	case '':
	@@ -402,7 +402,7 @@ function _wpsc_purchlogs_need_update() {
402	'rss_key' => 'key',
403	'start_timestamp' => $purchlogs->current_start_timestamp,
404	'end_timestamp' => $purchlogs->current_end_timestamp);
405	-
406	$piggy_url = 'http://www.bravenewcode.com/store/plugins/piggy/?utm_source=affiliate-6331&utm_medium=affiliates&utm_campaign=wpec#1';
407	?>
408	<br />
	@@ -545,7 +545,7 @@ function wpsc_purchlogs_notes() {
545	<form method="post" action="">
546	<input type='hidden' name='wpsc_admin_action' value='purchlogs_update_notes' />
547	<input type="hidden" name="wpsc_purchlogs_update_notes_nonce" id="wpsc_purchlogs_update_notes_nonce" value="<?php echo wp_create_nonce( 'wpsc_purchlogs_update_notes' ); ?>" />
548	- <input type='hidden' name='purchlog_id' value='<?php echo $_GET['purchaselog_id']; ?>' />
549	<p><textarea name="purchlog_notes" rows="3" wrap="virtual" id="purchlog_notes" style="width:100%;"><?php if ( isset($_POST['purchlog_notes']) ) { echo stripslashes($_POST['purchlog_notes']); } else { echo wpsc_display_purchlog_notes(); } ?></textarea></p>
550	<p><input class="button" type="submit" name="button" id="button" value="<?php _e( 'Update Notes', 'wpsc' ); ?>" /></p>
551	</form>


33	function wpsc_update_purchase_logs_3dot8() {
34	if ( _wpsc_purchlogs_need_update() )
35	wpsc_update_purchase_logs();
36	+
37	?>
38	<div class="wrap">
39	+ <h2><?php echo esc_html( __('Sales', 'wpsc') ); ?> </h2>
40	<p><?php printf( __( 'Your purchase logs have been updated! <a href="%s">Click here</a> to return.'), remove_query_arg( 'subpage' ) ); ?></p>
41	</div>
42	<?php

44
45	function _wpsc_purchlogs_need_update() {
46	global $wpdb;
47	+
48	if ( get_option( '_wpsc_purchlogs_3.8_updated' ) )
49	return false;
50	+
51	$c = $wpdb->get_var( "SELECT COUNT(*) FROM " . WPSC_TABLE_PURCHASE_LOGS . " WHERE plugin_version IN ('3.6', '3.7')" );
52	if ( $c > 0 )
53	return true;
54	+
55	update_option( '_wpsc_purchlogs_3.8_updated', true );
56	return false;
57	}

119	<div class='error' style='padding:8px;line-spacing:8px;'><span ><?php printf( __('It has been detected that some of your purchase logs were not updated properly when you upgrade to WP e-Commerce %s. Please <a href="%s">click here</a> to fix this problem.', 'wpsc'), WPSC_VERSION, add_query_arg( 'subpage', 'update-purchase-logs-3.8' ) ); ?></span></div>
120	<?php
121	}
122	+
123	///// end of update message section //////?>
124	<div id='dashboard-widgets' style='min-width: 825px;'>
125	<?php /* end of sidebar start of main column */ ?>

269	</table>
270	<div id='wpsc_purchlog_order_status'>
271	<form action='' method='post'>
272	+ <p><label for='purchaselog-<?php echo absint( $_GET['purchaselog_id'] ); ?>'><?php _e('Order Status:','wpsc'); ?></label><select id='purchaselog-<?php echo absint( $_GET['purchaselog_id'] ); ?>' class='selector' name='<?php echo absint( $_GET['purchaselog_id'] ); ?>' title='<?php echo absint( $_GET['purchaselog_id'] ); ?>' >
273	<?php while(wpsc_have_purch_items_statuses()) : wpsc_the_purch_status(); ?>
274	<option value='<?php echo wpsc_the_purch_status_id(); ?>' <?php echo wpsc_purchlog_is_checked_status(); ?> ><?php echo wpsc_the_purch_status_name(); ?> </option>
275	<?php endwhile; ?>

297	<?php endif; ?>
298	<img src='<?php echo WPSC_CORE_IMAGES_URL; ?>/printer.png' alt='printer icon' />&ensp;<a href='<?php echo add_query_arg('wpsc_admin_action','wpsc_display_invoice'); ?>'><?php _e('View Packing Slip', 'wpsc'); ?></a>
299
300	+ <br /><br class='small' /><img src='<?php echo WPSC_CORE_IMAGES_URL; ?>/email_go.png' alt='email icon' />&ensp;<a href='<?php echo add_query_arg('email_buyer_id',absint( $_GET['purchaselog_id'] ) ); ?>'><?php _e('Resend Receipt to Buyer', 'wpsc'); ?></a>
301
302	+ <br /><br class='small' /><a class='submitdelete' title='<?php echo esc_attr(__( 'Delete this log', 'wpsc' )); ?>' href='<?php echo wp_nonce_url("admin.php?wpsc_admin_action=delete_purchlog&purchlog_id=".absint( $_GET['purchaselog_id'] ), 'delete_purchlog_' . absint( $_GET['purchaselog_id'] ) ); ?>' onclick="if ( confirm(' <?php echo esc_js(sprintf( __("You are about to delete this log '%s'\n 'Cancel' to stop, 'OK' to delete.",'wpsc'), wpsc_purchaselog_details_date() )) ?>') ) { return true;}return false;"><img src='<?php echo WPSC_CORE_IMAGES_URL . "/cross.png"; ?>' alt='delete icon' />  <?php _e('Remove this record', 'wpsc') ?></a>
303
304	<br /><br class='small' />&emsp;&ensp; <a href='<?php echo $page_back ?>'><?php _e('Go Back', 'wpsc'); ?></a>
305	<br /><br />

310	<?php
311
312	}
313	+
314	function wpsc_purchaselogs_displaylist(){
315	global $purchlogs;
316	?>

335	$date_is_selected['3mnths'] = '';
336	$date_is_selected['all'] = '';
337	if( !isset($_GET['view_purchlogs_by']) )
338	+ $_GET['view_purchlogs_by'] = '';
339	switch($_GET['view_purchlogs_by']) {
340	case 'all':
341	$date_is_selected['all'] = 'selected="selected"';
342	break;
343	+
344	default:
345	case '3mnths':
346	case '':

402	'rss_key' => 'key',
403	'start_timestamp' => $purchlogs->current_start_timestamp,
404	'end_timestamp' => $purchlogs->current_end_timestamp);
405	+
406	$piggy_url = 'http://www.bravenewcode.com/store/plugins/piggy/?utm_source=affiliate-6331&utm_medium=affiliates&utm_campaign=wpec#1';
407	?>
408	<br />

545	<form method="post" action="">
546	<input type='hidden' name='wpsc_admin_action' value='purchlogs_update_notes' />
547	<input type="hidden" name="wpsc_purchlogs_update_notes_nonce" id="wpsc_purchlogs_update_notes_nonce" value="<?php echo wp_create_nonce( 'wpsc_purchlogs_update_notes' ); ?>" />
548	+ <input type='hidden' name='purchlog_id' value='<?php echo absint( $_GET['purchaselog_id'] ); ?>' />
549	<p><textarea name="purchlog_notes" rows="3" wrap="virtual" id="purchlog_notes" style="width:100%;"><?php if ( isset($_POST['purchlog_notes']) ) { echo stripslashes($_POST['purchlog_notes']); } else { echo wpsc_display_purchlog_notes(); } ?></textarea></p>
550	<p><input class="button" type="submit" name="button" id="button" value="<?php _e( 'Update Notes', 'wpsc' ); ?>" /></p>
551	</form>

wpsc-core/wpsc-constants.php CHANGED Viewed

	@@ -26,9 +26,9 @@ function wpsc_core_constants() {
26	if(!defined('WPSC_URL'))
27	define( 'WPSC_URL', plugins_url( '', __FILE__ ) );
28	// Define Plugin version
29	- define( 'WPSC_VERSION', '3.8.7.2' );
30	- define( 'WPSC_MINOR_VERSION', '~~463466~~' );
31	- define( 'WPSC_PRESENTABLE_VERSION', '3.8.7.2' );
32
33	// Define Debug Variables for developers
34	define( 'WPSC_DEBUG', false );


26	if(!defined('WPSC_URL'))
27	define( 'WPSC_URL', plugins_url( '', __FILE__ ) );
28	// Define Plugin version
29	+ define( 'WPSC_VERSION', '3.8.7.3' );
30	+ define( 'WPSC_MINOR_VERSION', '471811' );
31	+ define( 'WPSC_PRESENTABLE_VERSION', '3.8.7.3' );
32
33	// Define Debug Variables for developers
34	define( 'WPSC_DEBUG', false );

wpsc-includes/ajax.functions.php CHANGED Viewed

	@@ -35,27 +35,27 @@ function wpsc_add_to_cart() {
35	$default_parameters['meta'] = null;
36
37	$provided_parameters = array();
38	-
39	/// sanitise submitted values
40	$product_id = apply_filters( 'wpsc_add_to_cart_product_id', (int)$_POST['product_id'] );
41	-
42	// compatibility with older themes
43	if ( isset( $_POST['wpsc_quantity_update'] ) && is_array( $_POST['wpsc_quantity_update'] ) ) {
44	$_POST['wpsc_quantity_update'] = $_POST['wpsc_quantity_update'][$product_id];
45	}
46	-
47	if(isset($_POST['variation'])){
48	foreach ( (array)$_POST['variation'] as $key => $variation )
49	$provided_parameters['variation_values'][(int)$key] = (int)$variation;
50	-
51	if ( count( $provided_parameters['variation_values'] ) > 0 ) {
52	$variation_product_id = wpsc_get_child_object_in_terms( $product_id, $provided_parameters['variation_values'], 'wpsc-variation' );
53	if ( $variation_product_id > 0 )
54	$product_id = $variation_product_id;
55	}
56	-
57	}
58	-
59	if ((isset($_POST['quantity']) && $_POST['quantity'] > 0) && (!isset( $_POST['wpsc_quantity_update'] )) ) {
60	$provided_parameters['quantity'] = (int)$_POST['quantity'];
61	} else if ( isset( $_POST['wpsc_quantity_update'] ) ) {
	@@ -132,7 +132,7 @@ function wpsc_add_to_cart() {
132	";
133	}
134	}
135	-
136	echo "jQuery('.cart_message').delay(3000).slideUp(500);";
137
138	do_action( 'wpsc_alternate_cart_html', $cart_messages );
	@@ -413,7 +413,7 @@ function wpsc_update_product_price() {
413	$variations[] = (int)$variation;
414	}
415	}
416	-
417	do_action( 'wpsc_update_variation_product', $product_id, $variations );
418
419	$stock = wpsc_check_variation_stock_availability( $product_id, $variations );
	@@ -448,7 +448,7 @@ function wpsc_update_product_price() {
448	}
449	}
450	}
451	-
452	echo json_encode( $response );
453	exit();
454	}
	@@ -555,7 +555,7 @@ function wpsc_submit_checkout() {
555	$countries = wpsc_get_meta( $catid[0], 'target_market', 'wpsc_category' );
556	else
557	$countries = wpsc_get_meta( $catid, 'target_market', 'wpsc_category' );
558	-
559	if ( !empty($countries) && !in_array( $selectedCountry[0]['id'], (array)$countries ) ) {
560	$errormessage = sprintf( __( '%s cannot be shipped to %s. To continue with your transaction please remove this product from the list below.', 'wpsc' ), $cartitem->product_name, $selectedCountry[0]['country'] );
561	$_SESSION['categoryAndShippingCountryConflict'] = $errormessage;
	@@ -568,13 +568,13 @@ function wpsc_submit_checkout() {
568	$disregard_shipping++;
569	else
570	$use_shipping++;
571	-
572	}
573	if ( array_search( $submitted_gateway, $selected_gateways ) !== false )
574	$_SESSION['wpsc_previous_selected_gateway'] = $submitted_gateway;
575	else
576	$is_valid = false;
577	-
578	if ( get_option( 'do_not_use_shipping' ) == 0 && ($wpsc_cart->selected_shipping_method == null \|\| $wpsc_cart->selected_shipping_option == null) && ( $num_items != $disregard_shipping ) ) {
579	$_SESSION['wpsc_checkout_misc_error_messages'][] = __( 'You must select a shipping method, otherwise we cannot process your order.', 'wpsc' );
580	$is_valid = false;
	@@ -593,10 +593,10 @@ function wpsc_submit_checkout() {
593	$base_shipping = $wpsc_cart->calculate_base_shipping();
594	else
595	$base_shipping = 0;
596	-
597	$delivery_country = $wpsc_cart->delivery_country;
598	$delivery_region = $wpsc_cart->delivery_region;
599	-
600	if ( wpsc_uses_shipping ( ) ) {
601	$shipping_method = $wpsc_cart->selected_shipping_method;
602	$shipping_option = $wpsc_cart->selected_shipping_option;
	@@ -608,7 +608,7 @@ function wpsc_submit_checkout() {
608	$find_us = $_POST['how_find_us'];
609	else
610	$find_us = '';
611	-
612	//keep track of tax if taxes are exclusive
613	$wpec_taxes_controller = new wpec_taxes_controller();
614	if ( !$wpec_taxes_controller->wpec_taxes_isincluded() ) {
	@@ -648,15 +648,15 @@ function wpsc_submit_checkout() {
648	wpsc_populate_also_bought_list();
649	if( !isset( $our_user_id ) && isset( $user_ID ))
650	$our_user_id = $user_ID;
651	- $wpsc_cart->log_id = $purchase_log_id;
652	do_action( 'wpsc_submit_checkout', array( "purchase_log_id" => $purchase_log_id, "our_user_id" => $our_user_id ) );
653	if ( get_option( 'permalink_structure' ) != '' )
654	$separator = "?";
655	else
656	$separator = "&";
657	-
658	// submit to gateway
659	- $current_gateway_data = &$wpsc_gateways[$submitted_gateway];
660	if ( isset( $current_gateway_data['api_version'] ) && $current_gateway_data['api_version'] >= 2.0 ) {
661	$merchant_instance = new $current_gateway_data['class_name']( $purchase_log_id );
662	$merchant_instance->construct_value_array();
	@@ -783,11 +783,11 @@ function wpsc_change_tax() {
783	if($wpsc_cart->coupons_amount >= wpsc_cart_total(false) && !empty($wpsc_cart->coupons_amount)){
784	$total = 0;
785	}
786	- if ( $wpsc_cart->total_price < 0 ) {
787	- $wpsc_cart->coupons_amount += $wpsc_cart->total_price;
788	- $wpsc_cart->total_price = null;
789	- $wpsc_cart->calculate_total_price();
790	- }
791	ob_start();
792
793	include_once( wpsc_get_template_file_path( 'wpsc-cart_widget.php' ) );
	@@ -797,7 +797,7 @@ function wpsc_change_tax() {
797
798	$output = str_replace( Array( "\n", "\r" ), Array( "\\n", "\\r" ), addslashes( $output ) );
799	if ( get_option( 'lock_tax' ) == 1 ) {
800	- echo "jQuery('#current_country').val('" . $_SESSION['wpsc_delivery_country'] . "'); \n";
801	if ( $_SESSION['wpsc_delivery_country'] == 'US' && get_option( 'lock_tax' ) == 1 ) {
802	$output = wpsc_shipping_region_list( $_SESSION['wpsc_delivery_country'], $_SESSION['wpsc_delivery_region'] );
803	$output = str_replace( Array( "\n", "\r" ), Array( "\\n", "\\r" ), addslashes( $output ) );
	@@ -815,8 +815,8 @@ function wpsc_change_tax() {
815
816	echo "jQuery('div.shopping-cart-wrapper').html('$output');\n";
817	if ( get_option( 'lock_tax' ) == 1 ) {
818	- echo "jQuery('.shipping_country').val('" . $_SESSION['wpsc_delivery_country'] . "') \n";
819	- $sql = "SELECT `country` FROM `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `isocode`='" . $_SESSION['wpsc_selected_country'] ~~. "'"~~;
820	$country_name = $wpdb->get_var( $sql );
821	echo "jQuery('.shipping_country_name').html('" . $country_name . "') \n";
822	}
	@@ -1003,8 +1003,8 @@ function wpsc_download_file() {
1003	}
1004
1005	$file_id = $download_data['fileid'];
1006	- $file_data = wpsc_get_downloadable_file($file_id);
1007	-
1008	if ( $file_data == null ) {
1009	exit( _e( 'This download is no longer valid, Please contact the site administrator for more information.', 'wpsc' ) );
1010	}
	@@ -1042,9 +1042,9 @@ function wpsc_download_file() {
1042
1043	$file_path = WPSC_FILE_DIR . basename( $file_data->post_title );
1044	$file_name = basename( $file_data->post_title );
1045	-
1046	if ( is_file( $file_path ) ) {
1047	- if( !ini_get('safe_mode') ) set_time_limit(0);
1048	header( 'Content-Type: ' . $file_data->post_mime_type );
1049	header( 'Content-Length: ' . filesize( $file_path ) );
1050	header( 'Content-Transfer-Encoding: binary' );


35	$default_parameters['meta'] = null;
36
37	$provided_parameters = array();
38	+
39	/// sanitise submitted values
40	$product_id = apply_filters( 'wpsc_add_to_cart_product_id', (int)$_POST['product_id'] );
41	+
42	// compatibility with older themes
43	if ( isset( $_POST['wpsc_quantity_update'] ) && is_array( $_POST['wpsc_quantity_update'] ) ) {
44	$_POST['wpsc_quantity_update'] = $_POST['wpsc_quantity_update'][$product_id];
45	}
46	+
47	if(isset($_POST['variation'])){
48	foreach ( (array)$_POST['variation'] as $key => $variation )
49	$provided_parameters['variation_values'][(int)$key] = (int)$variation;
50	+
51	if ( count( $provided_parameters['variation_values'] ) > 0 ) {
52	$variation_product_id = wpsc_get_child_object_in_terms( $product_id, $provided_parameters['variation_values'], 'wpsc-variation' );
53	if ( $variation_product_id > 0 )
54	$product_id = $variation_product_id;
55	}
56	+
57	}
58	+
59	if ((isset($_POST['quantity']) && $_POST['quantity'] > 0) && (!isset( $_POST['wpsc_quantity_update'] )) ) {
60	$provided_parameters['quantity'] = (int)$_POST['quantity'];
61	} else if ( isset( $_POST['wpsc_quantity_update'] ) ) {

132	";
133	}
134	}
135	+
136	echo "jQuery('.cart_message').delay(3000).slideUp(500);";
137
138	do_action( 'wpsc_alternate_cart_html', $cart_messages );

413	$variations[] = (int)$variation;
414	}
415	}
416	+
417	do_action( 'wpsc_update_variation_product', $product_id, $variations );
418
419	$stock = wpsc_check_variation_stock_availability( $product_id, $variations );

448	}
449	}
450	}
451	+
452	echo json_encode( $response );
453	exit();
454	}

555	$countries = wpsc_get_meta( $catid[0], 'target_market', 'wpsc_category' );
556	else
557	$countries = wpsc_get_meta( $catid, 'target_market', 'wpsc_category' );
558	+
559	if ( !empty($countries) && !in_array( $selectedCountry[0]['id'], (array)$countries ) ) {
560	$errormessage = sprintf( __( '%s cannot be shipped to %s. To continue with your transaction please remove this product from the list below.', 'wpsc' ), $cartitem->product_name, $selectedCountry[0]['country'] );
561	$_SESSION['categoryAndShippingCountryConflict'] = $errormessage;

568	$disregard_shipping++;
569	else
570	$use_shipping++;
571	+
572	}
573	if ( array_search( $submitted_gateway, $selected_gateways ) !== false )
574	$_SESSION['wpsc_previous_selected_gateway'] = $submitted_gateway;
575	else
576	$is_valid = false;
577	+
578	if ( get_option( 'do_not_use_shipping' ) == 0 && ($wpsc_cart->selected_shipping_method == null \|\| $wpsc_cart->selected_shipping_option == null) && ( $num_items != $disregard_shipping ) ) {
579	$_SESSION['wpsc_checkout_misc_error_messages'][] = __( 'You must select a shipping method, otherwise we cannot process your order.', 'wpsc' );
580	$is_valid = false;

593	$base_shipping = $wpsc_cart->calculate_base_shipping();
594	else
595	$base_shipping = 0;
596	+
597	$delivery_country = $wpsc_cart->delivery_country;
598	$delivery_region = $wpsc_cart->delivery_region;
599	+
600	if ( wpsc_uses_shipping ( ) ) {
601	$shipping_method = $wpsc_cart->selected_shipping_method;
602	$shipping_option = $wpsc_cart->selected_shipping_option;

608	$find_us = $_POST['how_find_us'];
609	else
610	$find_us = '';
611	+
612	//keep track of tax if taxes are exclusive
613	$wpec_taxes_controller = new wpec_taxes_controller();
614	if ( !$wpec_taxes_controller->wpec_taxes_isincluded() ) {

648	wpsc_populate_also_bought_list();
649	if( !isset( $our_user_id ) && isset( $user_ID ))
650	$our_user_id = $user_ID;
651	+ $wpsc_cart->log_id = $purchase_log_id;
652	do_action( 'wpsc_submit_checkout', array( "purchase_log_id" => $purchase_log_id, "our_user_id" => $our_user_id ) );
653	if ( get_option( 'permalink_structure' ) != '' )
654	$separator = "?";
655	else
656	$separator = "&";
657	+
658	// submit to gateway
659	+ $current_gateway_data = &$wpsc_gateways[$submitted_gateway];
660	if ( isset( $current_gateway_data['api_version'] ) && $current_gateway_data['api_version'] >= 2.0 ) {
661	$merchant_instance = new $current_gateway_data['class_name']( $purchase_log_id );
662	$merchant_instance->construct_value_array();

783	if($wpsc_cart->coupons_amount >= wpsc_cart_total(false) && !empty($wpsc_cart->coupons_amount)){
784	$total = 0;
785	}
786	+ if ( $wpsc_cart->total_price < 0 ) {
787	+ $wpsc_cart->coupons_amount += $wpsc_cart->total_price;
788	+ $wpsc_cart->total_price = null;
789	+ $wpsc_cart->calculate_total_price();
790	+ }
791	ob_start();
792
793	include_once( wpsc_get_template_file_path( 'wpsc-cart_widget.php' ) );

797
798	$output = str_replace( Array( "\n", "\r" ), Array( "\\n", "\\r" ), addslashes( $output ) );
799	if ( get_option( 'lock_tax' ) == 1 ) {
800	+ echo "jQuery('#current_country').val('" . esc_js( $_SESSION['wpsc_delivery_country'] ) . "'); \n";
801	if ( $_SESSION['wpsc_delivery_country'] == 'US' && get_option( 'lock_tax' ) == 1 ) {
802	$output = wpsc_shipping_region_list( $_SESSION['wpsc_delivery_country'], $_SESSION['wpsc_delivery_region'] );
803	$output = str_replace( Array( "\n", "\r" ), Array( "\\n", "\\r" ), addslashes( $output ) );

815
816	echo "jQuery('div.shopping-cart-wrapper').html('$output');\n";
817	if ( get_option( 'lock_tax' ) == 1 ) {
818	+ echo "jQuery('.shipping_country').val('" . esc_js( $_SESSION['wpsc_delivery_country'] ) . "') \n";
819	+ $sql = $wpdb->prepare( "SELECT `country` FROM `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `isocode`= '%s'", $_SESSION['wpsc_selected_country'] );
820	$country_name = $wpdb->get_var( $sql );
821	echo "jQuery('.shipping_country_name').html('" . $country_name . "') \n";
822	}

1003	}
1004
1005	$file_id = $download_data['fileid'];
1006	+ $file_data = wpsc_get_downloadable_file($file_id);
1007	+
1008	if ( $file_data == null ) {
1009	exit( _e( 'This download is no longer valid, Please contact the site administrator for more information.', 'wpsc' ) );
1010	}

1042
1043	$file_path = WPSC_FILE_DIR . basename( $file_data->post_title );
1044	$file_name = basename( $file_data->post_title );
1045	+
1046	if ( is_file( $file_path ) ) {
1047	+ if( !ini_get('safe_mode') ) set_time_limit(0);
1048	header( 'Content-Type: ' . $file_data->post_mime_type );
1049	header( 'Content-Length: ' . filesize( $file_path ) );
1050	header( 'Content-Transfer-Encoding: binary' );

wpsc-includes/checkout.class.php CHANGED Viewed

	@@ -78,7 +78,7 @@ function wpsc_check_purchase_processed($processed){
78	foreach($wpsc_purchlog_statuses as $status)
79	if($status['order'] == $processed && isset($status['is_transaction']) && 1 == $status['is_transaction'] )
80	$is_transaction = true;
81	-
82	return $is_transaction;
83	}
84
	@@ -151,7 +151,7 @@ function wpsc_display_tax_label( $checkout = false ) {
151	* @access public
152	*
153	* @since 3.7
154	- * @return (boolean)
155	*/
156	function wpsc_have_checkout_items() {
157	global $wpsc_checkout;
	@@ -171,11 +171,11 @@ function wpsc_the_checkout_item() {
171	}
172
173	/**
174	- * Checks shipping details
175	* @access public
176	- *
177	* @since 3.7
178	- * @return (boolean)
179	*/
180	function wpsc_is_shipping_details() {
181	global $wpsc_checkout;
	@@ -191,15 +191,15 @@ function wpsc_is_shipping_details() {
191	* @access public
192	*
193	* @since 3.8
194	- * @param $additional_classes (string) additional classes to be
195	- * @return
196	*/
197	function wpsc_the_checkout_details_class($additional_classes = ''){
198	if(wpsc_is_shipping_details())
199	echo "class='wpsc_shipping_forms ".$additional_classes."'";
200	else
201	echo "class='wpsc_billing_forms ".$additional_classes."'";
202	-
203	}
204
205	/**
	@@ -275,7 +275,7 @@ function wpsc_show_find_us(){
275	}
276
277	/**
278	- * disregard state fields - checks to see whether selected country has regions or not,
279	* depending on the scenario will return wither a true or false
280	* @access public
281	*
	@@ -285,7 +285,7 @@ function wpsc_show_find_us(){
285	function wpsc_disregard_shipping_state_fields(){
286	global $wpsc_checkout;
287	if(!wpsc_uses_shipping()):
288	- if( 'shippingstate' == $wpsc_checkout->checkout_item->unique_name && wpsc_has_regions($_SESSION['wpsc_delivery_country']))
289	return true;
290	else
291	return false;
	@@ -441,7 +441,7 @@ function wpsc_shipping_country_list( $shippingdetails = false ) {
441
442	if ( empty( $selected_region ) )
443	$selected_region = esc_attr( get_option( 'base_region' ) );
444	-
445	$country_data = $wpdb->get_results( "SELECT * FROM `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `visible`= '1' ORDER BY `country` ASC", ARRAY_A );
446
447	$output .= "<select name='country' id='current_country' " . $js . " >";
	@@ -495,7 +495,7 @@ function wpsc_shipping_country_list( $shippingdetails = false ) {
495	}
496
497	if ( $uses_zipcode == true ) {
498	- $output .= " <input type='text' style='color:" . $color . ";' onclick='if (this.value==\"Your Zipcode\") {this.value=\"\";this.style.color=\"#000\";}' onblur='if (this.value==\"\") {this.style.color=\"#999\"; this.value=\"Your Zipcode\"; }' value='" . $zipvalue . "' size='10' name='zipcode' id='zipcode'>";
499	}
500	return $output;
501	}
	@@ -600,7 +600,7 @@ class wpsc_checkout {
600	if ( ($user_ID > 0) ){
601	if(!isset($_SESSION['wpsc_checkout_saved_values']))
602	$_SESSION['wpsc_checkout_saved_values'] = get_user_meta( $user_ID, 'wpshpcrt_usr_profile',1 );
603	-
604	$delivery_country_id = wpsc_get_country_form_id_by_type('delivery_country');
605	$billing_country_id = wpsc_get_country_form_id_by_type('country');
606	}
	@@ -682,8 +682,8 @@ class wpsc_checkout {
682	default:
683	if ( $this->checkout_item->unique_name == 'shippingstate' ) {
684	if ( wpsc_uses_shipping() && wpsc_has_regions($_SESSION['wpsc_delivery_country']) ) {
685	- $region_name = $wpdb->get_var( "SELECT `name` FROM `" . WPSC_TABLE_REGION_TAX . "` WHERE `id`='" . $_SESSION['wpsc_delivery_region'] . ~~"' LIMIT 1"~~ );
686	- $output = "<input title='" . $this->checkout_item->unique_name . "' type='hidden' id='" . $this->form_element_id() . "' class='shipping_region' name='collected_data[{$this->checkout_item->id}]' value='" . $_SESSION['wpsc_delivery_region'] . "' size='4' /><span class='shipping_region_name'>" . $region_name . "</span> ";
687	} else {
688	$disabled = '';
689	if(wpsc_disregard_shipping_state_fields())
	@@ -792,7 +792,7 @@ class wpsc_checkout {
792	//Basic Form field validation for billing and shipping details
793	foreach ( $this->checkout_items as $form_data ) {
794	$value = '';
795	-
796	if( isset( $_POST['collected_data'][$form_data->id] ) )
797	$value = stripslashes_deep( $_POST['collected_data'][$form_data->id] );
798
	@@ -851,18 +851,18 @@ class wpsc_checkout {
851	*/
852	function save_forms_to_db( $purchase_id ) {
853	global $wpdb;
854	-
855	// needs refactoring badly
856	$shipping_state_id = $wpdb->get_var( "SELECT `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`id` FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE `unique_name` = 'shippingstate' " );
857	$billing_state_id = $wpdb->get_var( "SELECT `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`id` FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE `unique_name` = 'billingstate' " );
858	$shipping_state = $billing_state = '';
859	-
860	$_POST['collected_data'] = stripslashes_deep( $_POST['collected_data'] );
861	-
862	foreach ( $this->checkout_items as $form_data ) {
863	if ( $form_data->type == 'heading' )
864	continue;
865	-
866	$value = '';
867	if( isset( $_POST['collected_data'][$form_data->id] ) )
868	$value = $_POST['collected_data'][$form_data->id];
	@@ -881,7 +881,7 @@ class wpsc_checkout {
881	$billing_state = $value[1];
882	else
883	$shipping_state = $value[1];
884	-
885	$value = $value[0];
886	$prepared_query = $wpdb->prepare( "INSERT INTO `" . WPSC_TABLE_SUBMITED_FORM_DATA . "` ( `log_id` , `form_id` , `value` ) VALUES ( %d, %d, %s)", $purchase_id, $form_data->id, $value );
887	} else {
	@@ -894,7 +894,7 @@ class wpsc_checkout {
894	}
895	$wpdb->query( $prepared_query );
896	}
897	-
898	// update the states
899	$wpdb->query( $wpdb->prepare( "INSERT INTO `" . WPSC_TABLE_SUBMITED_FORM_DATA . "` ( `log_id` , `form_id` , `value` ) VALUES ( %d, %d, %s)", $purchase_id, $shipping_state_id, $shipping_state ) );
900	$wpdb->query( $wpdb->prepare( "INSERT INTO `" . WPSC_TABLE_SUBMITED_FORM_DATA . "` ( `log_id` , `form_id` , `value` ) VALUES ( %d, %d, %s)", $purchase_id, $billing_state_id, $billing_state ) );


78	foreach($wpsc_purchlog_statuses as $status)
79	if($status['order'] == $processed && isset($status['is_transaction']) && 1 == $status['is_transaction'] )
80	$is_transaction = true;
81	+
82	return $is_transaction;
83	}
84

151	* @access public
152	*
153	* @since 3.7
154	+ * @return (boolean)
155	*/
156	function wpsc_have_checkout_items() {
157	global $wpsc_checkout;

171	}
172
173	/**
174	+ * Checks shipping details
175	* @access public
176	+ *
177	* @since 3.7
178	+ * @return (boolean)
179	*/
180	function wpsc_is_shipping_details() {
181	global $wpsc_checkout;

191	* @access public
192	*
193	* @since 3.8
194	+ * @param $additional_classes (string) additional classes to be
195	+ * @return
196	*/
197	function wpsc_the_checkout_details_class($additional_classes = ''){
198	if(wpsc_is_shipping_details())
199	echo "class='wpsc_shipping_forms ".$additional_classes."'";
200	else
201	echo "class='wpsc_billing_forms ".$additional_classes."'";
202	+
203	}
204
205	/**

275	}
276
277	/**
278	+ * disregard state fields - checks to see whether selected country has regions or not,
279	* depending on the scenario will return wither a true or false
280	* @access public
281	*

285	function wpsc_disregard_shipping_state_fields(){
286	global $wpsc_checkout;
287	if(!wpsc_uses_shipping()):
288	+ if( 'shippingstate' == $wpsc_checkout->checkout_item->unique_name && wpsc_has_regions($_SESSION['wpsc_delivery_country']))
289	return true;
290	else
291	return false;

441
442	if ( empty( $selected_region ) )
443	$selected_region = esc_attr( get_option( 'base_region' ) );
444	+
445	$country_data = $wpdb->get_results( "SELECT * FROM `" . WPSC_TABLE_CURRENCY_LIST . "` WHERE `visible`= '1' ORDER BY `country` ASC", ARRAY_A );
446
447	$output .= "<select name='country' id='current_country' " . $js . " >";

495	}
496
497	if ( $uses_zipcode == true ) {
498	+ $output .= " <input type='text' style='color:" . $color . ";' onclick='if (this.value==\"Your Zipcode\") {this.value=\"\";this.style.color=\"#000\";}' onblur='if (this.value==\"\") {this.style.color=\"#999\"; this.value=\"Your Zipcode\"; }' value='" . esc_attr( $zipvalue ) . "' size='10' name='zipcode' id='zipcode'>";
499	}
500	return $output;
501	}

600	if ( ($user_ID > 0) ){
601	if(!isset($_SESSION['wpsc_checkout_saved_values']))
602	$_SESSION['wpsc_checkout_saved_values'] = get_user_meta( $user_ID, 'wpshpcrt_usr_profile',1 );
603	+
604	$delivery_country_id = wpsc_get_country_form_id_by_type('delivery_country');
605	$billing_country_id = wpsc_get_country_form_id_by_type('country');
606	}

682	default:
683	if ( $this->checkout_item->unique_name == 'shippingstate' ) {
684	if ( wpsc_uses_shipping() && wpsc_has_regions($_SESSION['wpsc_delivery_country']) ) {
685	+ $region_name = $wpdb->get_var( $wpdb->prepare( "SELECT `name` FROM `" . WPSC_TABLE_REGION_TAX . "` WHERE `id`= %d LIMIT 1", $_SESSION['wpsc_delivery_region'] ) );
686	+ $output = "<input title='" . $this->checkout_item->unique_name . "' type='hidden' id='" . $this->form_element_id() . "' class='shipping_region' name='collected_data[{$this->checkout_item->id}]' value='" . esc_attr( $_SESSION['wpsc_delivery_region'] ) . "' size='4' /><span class='shipping_region_name'>" . esc_html( $region_name ) . "</span> ";
687	} else {
688	$disabled = '';
689	if(wpsc_disregard_shipping_state_fields())

792	//Basic Form field validation for billing and shipping details
793	foreach ( $this->checkout_items as $form_data ) {
794	$value = '';
795	+
796	if( isset( $_POST['collected_data'][$form_data->id] ) )
797	$value = stripslashes_deep( $_POST['collected_data'][$form_data->id] );
798

851	*/
852	function save_forms_to_db( $purchase_id ) {
853	global $wpdb;
854	+
855	// needs refactoring badly
856	$shipping_state_id = $wpdb->get_var( "SELECT `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`id` FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE `unique_name` = 'shippingstate' " );
857	$billing_state_id = $wpdb->get_var( "SELECT `" . WPSC_TABLE_CHECKOUT_FORMS . "`.`id` FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE `unique_name` = 'billingstate' " );
858	$shipping_state = $billing_state = '';
859	+
860	$_POST['collected_data'] = stripslashes_deep( $_POST['collected_data'] );
861	+
862	foreach ( $this->checkout_items as $form_data ) {
863	if ( $form_data->type == 'heading' )
864	continue;
865	+
866	$value = '';
867	if( isset( $_POST['collected_data'][$form_data->id] ) )
868	$value = $_POST['collected_data'][$form_data->id];

881	$billing_state = $value[1];
882	else
883	$shipping_state = $value[1];
884	+
885	$value = $value[0];
886	$prepared_query = $wpdb->prepare( "INSERT INTO `" . WPSC_TABLE_SUBMITED_FORM_DATA . "` ( `log_id` , `form_id` , `value` ) VALUES ( %d, %d, %s)", $purchase_id, $form_data->id, $value );
887	} else {

894	}
895	$wpdb->query( $prepared_query );
896	}
897	+
898	// update the states
899	$wpdb->query( $wpdb->prepare( "INSERT INTO `" . WPSC_TABLE_SUBMITED_FORM_DATA . "` ( `log_id` , `form_id` , `value` ) VALUES ( %d, %d, %s)", $purchase_id, $shipping_state_id, $shipping_state ) );
900	$wpdb->query( $wpdb->prepare( "INSERT INTO `" . WPSC_TABLE_SUBMITED_FORM_DATA . "` ( `log_id` , `form_id` , `value` ) VALUES ( %d, %d, %s)", $purchase_id, $billing_state_id, $billing_state ) );

wpsc-theme/functions/wpsc-user_log_functions.php CHANGED Viewed

	@@ -34,7 +34,10 @@ function validate_form_data() {
34	$bad_input_message = '';
35	$_SESSION['collected_data'] = null;
36
37	- if ( !~~empty~~($_POST['~~collected_data~~']) ) {



38
39	foreach ( (array)$_POST['collected_data'] as $value_id => $value ) {
40	$form_sql = $wpdb->prepare( "SELECT * FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE `id` = %d LIMIT 1", $value_id );
	@@ -283,6 +286,7 @@ function wpsc_display_form_fields() {
283	echo "<input type='text' value='" . $value . "' name='collected_data[" . $form_field['id'] . "]' />";
284	break;
285	}

286	echo "
287	</td>
288	</tr>\n\r";


34	$bad_input_message = '';
35	$_SESSION['collected_data'] = null;
36
37	+ if( ! wp_verify_nonce( $_POST['_wpsc_user_profile'], 'wpsc_user_profile') )
38	+ die( __( 'It would appear either you are trying to hack into this account, or your session has expired. Hoping for the latter.', 'wpsc' ) );
39	+
40	+ if ( ! empty($_POST['collected_data']) ) {
41
42	foreach ( (array)$_POST['collected_data'] as $value_id => $value ) {
43	$form_sql = $wpdb->prepare( "SELECT * FROM `" . WPSC_TABLE_CHECKOUT_FORMS . "` WHERE `id` = %d LIMIT 1", $value_id );

286	echo "<input type='text' value='" . $value . "' name='collected_data[" . $form_field['id'] . "]' />";
287	break;
288	}
289	+ echo wp_nonce_field( 'wpsc_user_profile', '_wpsc_user_profile' );
290	echo "
291	</td>
292	</tr>\n\r";