Skip to content

Commit a9f92aa

Browse files
vytisbulkeviciusvytisbulkevicius
authored
release: fixes
- Enhanced security - Fixed load of JS script dependencies for latest WooCommerce version - Fixed issue with FixedPrice field giving a fatal error when string is used in quantity field - Fixed color option overlapping
2 parents 96520e2 + 9a29724 commit a9f92aa

File tree

10 files changed

+89
-39
lines changed

10 files changed

+89
-39
lines changed

classes/fields.class.php

Lines changed: 20 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -355,6 +355,7 @@ function render_all_input_types( $name, $data, $fields_type, $field_index, $valu
355355

356356
$options = ( isset( $data ['options'] ) ? $data ['options'] : '' );
357357
$placeholders = isset( $data['placeholders'] ) ? $data['placeholders'] : '';
358+
$types = isset( $data['types'] ) ? $data['types'] : '';
358359

359360
$existing_name = 'name="ppom[' . esc_attr( $field_index ) . '][' . esc_attr( $name ) . ']"';
360361

@@ -439,6 +440,13 @@ function render_all_input_types( $name, $data, $fields_type, $field_index, $valu
439440
);
440441
$plc_stock = ( isset( $placeholders[5] ) && ! empty( $placeholders ) ) ? $placeholders[5] : __( 'Stock', 'woocommerce-product-addon' ) . ' (' . __( 'PRO only', 'woocommerce-product-addon' ) . ')';
441442

443+
$option_type = ( isset( $types[0] ) && ! empty( $types[0] ) ) ? sanitize_text_field( $types[0] ) : 'text';
444+
$price_type = ( isset( $types[1] ) && ! empty( $types[1] ) ) ? sanitize_text_field( $types[1] ) : 'text';
445+
$discount_type = ( isset( $types[2] ) && ! empty( $types[2] ) ) ? sanitize_text_field( $types[2] ) : 'text';
446+
$tooltip_type = ( isset( $types[3] ) && ! empty( $types[3] ) ) ? sanitize_text_field( $types[3] ) : 'text';
447+
$weight_type = ( isset( $types[4] ) && ! empty( $types[4] ) ) ? sanitize_text_field( $types[4] ) : 'text';
448+
$stock_type = ( isset( $types[5] ) && ! empty( $types[5] ) ) ? sanitize_text_field( $types[5] ) : 'text';
449+
442450
if ( ppom_pro_is_installed() ) {
443451

444452
$plc_discount = ( isset( $placeholders[2] ) && ! empty( $placeholders ) ) ? $placeholders[2] : __( 'Discount', 'woocommerce-product-addon' );
@@ -470,16 +478,16 @@ function render_all_input_types( $name, $data, $fields_type, $field_index, $valu
470478
$option_id = ppom_get_option_id( $option );
471479
$html_input .= '<li class="data-options ppom-sortable-handle" style="display: flex;" data-condition-type="simple_options">';
472480
$html_input .= '<span class="dashicons dashicons-move"></span>';
473-
$html_input .= '<input type="text" class="option-title form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][option]" value="' . esc_attr( stripslashes( $option['option'] ) ) . '" placeholder="' . $plc_option . '" data-metatype="option" data-opt-index="' . esc_attr( $opt_index ) . '">';
474-
$html_input .= '<input type="text" class="option-price form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][price]" value="' . esc_attr( $option['price'] ) . '" placeholder="' . $plc_price . '" data-metatype="price" data-opt-index="' . esc_attr( $opt_index ) . '">';
481+
$html_input .= '<input type="' . $option_type . '" class="option-title form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][option]" value="' . esc_attr( stripslashes( $option['option'] ) ) . '" placeholder="' . $plc_option . '" data-metatype="option" data-opt-index="' . esc_attr( $opt_index ) . '">';
482+
$html_input .= '<input type="' . $price_type . '" class="option-price form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][price]" value="' . esc_attr( $option['price'] ) . '" placeholder="' . $plc_price . '" data-metatype="price" data-opt-index="' . esc_attr( $opt_index ) . '">';
475483

476484
if ( $fields_type === 'checkbox' ) {
477-
$html_input .= '<input type="text" class="option-discount form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][discount]" value="' . esc_attr( $discount ) . '" placeholder="' . $plc_discount . '" data-metatype="discount" data-opt-index="' . esc_attr( $opt_index ) . '">';
478-
$html_input .= '<input type="text" class="option-tooltip form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][tooltip]" value="' . esc_attr( $tooltip ) . '" placeholder="' . $plc_tooltip . '" data-metatype="tooltip" data-opt-index="' . esc_attr( $opt_index ) . '">';
485+
$html_input .= '<input type="' . $discount_type . '" class="option-discount form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][discount]" value="' . esc_attr( $discount ) . '" placeholder="' . $plc_discount . '" data-metatype="discount" data-opt-index="' . esc_attr( $opt_index ) . '">';
486+
$html_input .= '<input type="' . $tooltip_type . '" class="option-tooltip form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][tooltip]" value="' . esc_attr( $tooltip ) . '" placeholder="' . $plc_tooltip . '" data-metatype="tooltip" data-opt-index="' . esc_attr( $opt_index ) . '">';
479487
}
480488

481-
$html_input .= '<input type="text" class="option-weight form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][weight]" value="' . esc_attr( $weight ) . '" placeholder="' . $plc_weight . '" data-metatype="weight" data-opt-index="' . esc_attr( $opt_index ) . '">';
482-
$html_input .= '<input type="text" class="option-stock form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][stock]" value="' . esc_attr( $stock ) . '" placeholder="' . $plc_stock . '" data-metatype="stock" data-opt-index="' . esc_attr( $opt_index ) . '">';
489+
$html_input .= '<input type="' . $weight_type . '" class="option-weight form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][weight]" value="' . esc_attr( $weight ) . '" placeholder="' . $plc_weight . '" data-metatype="weight" data-opt-index="' . esc_attr( $opt_index ) . '">';
490+
$html_input .= '<input type="' . $stock_type . '" class="option-stock form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][stock]" value="' . esc_attr( $stock ) . '" placeholder="' . $plc_stock . '" data-metatype="stock" data-opt-index="' . esc_attr( $opt_index ) . '">';
483491
$html_input .= '<input type="text" class="option-id form-control ppom-option-keys" name="ppom[' . esc_attr( $field_index ) . '][options][' . esc_attr( $opt_index ) . '][id]" value="' . esc_attr( $option_id ) . '" placeholder="' . $plc_id . '" data-metatype="id" data-opt-index="' . esc_attr( $opt_index ) . '">';
484492

485493
$html_input .= '<button class="btn btn-success ppom-add-option" data-option-type="paired"><i class="fa fa-plus" aria-hidden="true"></i></button>';
@@ -494,16 +502,16 @@ function render_all_input_types( $name, $data, $fields_type, $field_index, $valu
494502
} else {
495503
$html_input .= '<li class="data-options" style="display: flex;" data-condition-type="simple_options">';
496504
$html_input .= '<span class="dashicons dashicons-move"></span>';
497-
$html_input .= '<input type="text" class="option-title form-control ppom-option-keys" placeholder="' . $plc_option . '" data-metatype="option">';
498-
$html_input .= '<input type="text" class="option-price form-control ppom-option-keys" placeholder="' . $plc_price . '" data-metatype="price">';
505+
$html_input .= '<input type="' . $option_type . '" class="option-title form-control ppom-option-keys" placeholder="' . $plc_option . '" data-metatype="option">';
506+
$html_input .= '<input type="' . $price_type . '" class="option-price form-control ppom-option-keys" placeholder="' . $plc_price . '" data-metatype="price">';
499507

500508
if ( $fields_type === 'checkbox' ) {
501-
$html_input .= '<input type="text" class="option-discount form-control ppom-option-keys" placeholder="' . $plc_discount . '" data-metatype="discount">';
502-
$html_input .= '<input type="text" class="option-tooltip form-control ppom-option-keys" placeholder="' . $plc_tooltip . '" data-metatype="tooltip">';
509+
$html_input .= '<input type="' . $discount_type . '" class="option-discount form-control ppom-option-keys" placeholder="' . $plc_discount . '" data-metatype="discount">';
510+
$html_input .= '<input type="' . $tooltip_type . '" class="option-tooltip form-control ppom-option-keys" placeholder="' . $plc_tooltip . '" data-metatype="tooltip">';
503511
}
504512

505-
$html_input .= '<input type="text" class="option-weight form-control ppom-option-keys" placeholder="' . $plc_weight . '" data-metatype="weight">';
506-
$html_input .= '<input type="text" class="option-stock form-control ppom-option-keys" placeholder="' . $plc_stock . '" data-metatype="stock">';
513+
$html_input .= '<input type="' . $weight_type . '" class="option-weight form-control ppom-option-keys" placeholder="' . $plc_weight . '" data-metatype="weight">';
514+
$html_input .= '<input type="' . $stock_type . '" class="option-stock form-control ppom-option-keys" placeholder="' . $plc_stock . '" data-metatype="stock">';
507515

508516
$html_input .= '<input type="text" class="option-id form-control ppom-option-keys" placeholder="' . $plc_id . '" data-metatype="id">';
509517

classes/frontend-scripts.class.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,7 @@ public static function init() {
5252
private static function get_scripts() {
5353

5454
$ppom_price_js = ppom_get_price_table_calculation();
55+
$dependencies = ppom_get_price_table_js_dependencies();
5556

5657
$register_scripts = array(
5758
'PPOM-sm-popup' => array(
@@ -71,7 +72,7 @@ private static function get_scripts() {
7172
),
7273
'ppom-price' => array(
7374
'src' => self::$scripts_url . "/js/price/{$ppom_price_js}",
74-
'deps' => array( 'jquery', 'ppom-inputs', 'accounting' ),
75+
'deps' => $dependencies,
7576
'version' => self::$version,
7677
),
7778
'ppom-inputmask' => array(

classes/plugin.class.php

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -927,7 +927,19 @@ public static function ppom_install_demo_meta() {
927927

928928
function ppom_attach_meta() {
929929

930-
$product_id = isset( $_GET['productid'] ) ? intval( $_GET['productid'] ) : '';
930+
$product_id = isset( $_GET['productid'] ) ? intval( $_GET['productid'] ) : '';
931+
$product_url = get_permalink( $product_id );
932+
933+
if ( ! isset( $_GET['nonce'] ) || empty( $_GET['nonce'] ) || ! wp_verify_nonce( $_GET['nonce'], 'ppom_attach' ) ) {
934+
wp_redirect( $product_url );
935+
exit;
936+
}
937+
938+
if ( ! current_user_can( 'edit_post', $product_id ) ) {
939+
wp_redirect( $product_url );
940+
exit;
941+
}
942+
931943
$meta_id = isset( $_GET['metaid'] ) ? intval( $_GET['metaid'] ) : '';
932944
$meta_title = isset( $_GET['metatitle'] ) ? sanitize_title( $_GET['metatitle'] ) : '';
933945

css/ppom-admin.css

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -904,6 +904,19 @@ select {
904904
margin: 0 !important
905905
}
906906

907+
.ppom-color-picker-cloner .wp-picker-container .wp-picker-holder {
908+
z-index: 2;
909+
position: absolute;
910+
}
911+
912+
.ppom-color-picker-cloner .wp-picker-container .wp-picker-input-wrap {
913+
margin-top: 8px;
914+
}
915+
916+
.wp-picker-container input[type=text].wp-color-picker {
917+
width: 4.5rem;
918+
}
919+
907920
ul.ppom-options-container li input[type="text"] {
908921
height: 34px;
909922
}

inc/admin.php

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -808,6 +808,7 @@ function ppom_admin_bar_menu() {
808808
'metaid' => $meta->productmeta_id,
809809
'metatitle' => $meta->productmeta_name,
810810
'action' => 'ppom_attach',
811+
'nonce' => wp_create_nonce( 'ppom_attach' ),
811812
);
812813
$apply_link = add_query_arg( $apply_arg, $apply_link );
813814
$bar_title = "Apply {$meta->productmeta_name}";

inc/functions.php

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2178,6 +2178,23 @@ function ppom_get_price_table_calculation() {
21782178
return apply_filters( 'ppom_price_table_script', $js_script );
21792179
}
21802180

2181+
/**
2182+
* Get price table JS dependencies.
2183+
*
2184+
* @return string[]
2185+
*/
2186+
function ppom_get_price_table_js_dependencies() {
2187+
$dependencies = array( 'jquery', 'ppom-inputs' );
2188+
2189+
if ( version_compare( WC_VERSION, '10.3.0', '<' ) ) {
2190+
$dependencies[] = 'accounting';
2191+
} else{
2192+
$dependencies[] = 'wc-accounting';
2193+
}
2194+
2195+
return $dependencies;
2196+
}
2197+
21812198
function ppom_get_price_table_location() {
21822199

21832200
$location = ppom_get_option( 'ppom_price_table_location', 'after' );

inc/hooks.php

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -218,14 +218,11 @@ function ppom_hooks_load_input_scripts( $product, $ppom_id = null ) {
218218

219219
// Price display controller
220220
$ppom_price_js = ppom_get_price_table_calculation();
221+
$dependencies = ppom_get_price_table_js_dependencies();
221222
wp_enqueue_script(
222223
'ppom-price',
223224
PPOM_URL . "/js/price/{$ppom_price_js}",
224-
array(
225-
'jquery',
226-
'ppom-inputs',
227-
'accounting',
228-
),
225+
$dependencies,
229226
PPOM_VERSION,
230227
true
231228
);

js/admin/ppom-admin.js

Lines changed: 18 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -755,12 +755,6 @@ jQuery(function($) {
755755

756756

757757
var img_icon = '<img width="60" src="' + fileurl + '" style="width: 34px;">';
758-
var url_field = '<input placeholder="url" type="text" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][url]" class="form-control" data-opt-index="' + option_index + '" data-metatype="url">';
759-
760-
if (meta.type !== 'image') {
761-
var img_icon = '<img width="60" src="' + meta.icon + '" style="width: 34px;">';
762-
url_field = '';
763-
}
764758

765759
var price_metatype = 'price';
766760
var stock_metatype = 'stock';
@@ -777,6 +771,7 @@ jQuery(function($) {
777771
else if (meta_type == 'images') {
778772
var class_name = 'data-options ui-sortable-handle';
779773
var condidtion_attr = 'image_options';
774+
price_metatype = 'meta_id';
780775
}
781776
else if (meta_type == 'conditional_meta') {
782777
meta_type = 'images';
@@ -790,6 +785,13 @@ jQuery(function($) {
790785
var condidtion_attr = '';
791786
}
792787

788+
let url_field = '<input placeholder="url" type="text" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][url]" class="form-control" data-opt-index="' + option_index + '" data-metatype="url" value="">';
789+
790+
if (meta.type !== 'image') {
791+
img_icon = '<img width="60" src="' + meta.icon + '" style="width: 34px;">';
792+
url_field = '';
793+
}
794+
793795
if (fileurl) {
794796
var image_box = '';
795797
image_box += '<li class="' + class_name + '" data-condition-type="' + condidtion_attr + '">';
@@ -802,7 +804,7 @@ jQuery(function($) {
802804
image_box += '<input type="hidden" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][link]" value="' + fileurl + '" data-opt-index="' + option_index + '" data-metatype="link">';
803805
image_box += '<input type="hidden" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][id]" value="' + fileid + '" data-opt-index="' + option_index + '" data-metatype="id">';
804806
image_box += '<input type="text" placeholder="Title" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][title]" class="form-control ppom-image-option-title" data-opt-index="' + option_index + '" data-metatype="title" value="' + file_title + '">';
805-
image_box += '<input class="form-control" type="text" placeholder="' + price_placeholder + '" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][' + price_metatype + ']" class="form-control" data-opt-index="' + option_index + '" data-metatype="' + price_metatype + '">';
807+
image_box += '<input class="form-control" type="text" placeholder="' + price_placeholder + '" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][' + price_metatype + ']" class="form-control" data-opt-index="' + option_index + '" data-metatype="' + price_metatype + '" value="">';
806808

807809
if (meta_type != 'audio') {
808810
image_box += '<input class="form-control" type="text" placeholder="' + stock_placeholder + '" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][' + stock_metatype + ']" class="form-control" data-opt-index="' + option_index + '" data-metatype="' + stock_metatype + '">';
@@ -843,12 +845,6 @@ jQuery(function($) {
843845
var fileurl = attachment.url;
844846
var fileid = attachment.id;
845847
var img_icon = '<img width="60" src="' + fileurl + '" style="width: 34px;">';
846-
var url_field = '<input placeholder="url" type="text" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][url]" class="form-control" data-opt-index="' + option_index + '" data-metatype="url">';
847-
848-
if (attachment.type !== 'image') {
849-
var img_icon = '<img width="60" src="' + attachment.icon + '" style="width: 34px;">';
850-
url_field = '';
851-
}
852848

853849
var price_metatype = 'price';
854850
var stock_metatype = 'stock';
@@ -865,6 +861,7 @@ jQuery(function($) {
865861
else if (meta_type == 'images') {
866862
var class_name = 'data-options ui-sortable-handle';
867863
var condidtion_attr = 'image_options';
864+
price_metatype = 'meta_id';
868865
}
869866
else if (meta_type == 'conditional_meta') {
870867
meta_type = 'images';
@@ -878,6 +875,13 @@ jQuery(function($) {
878875
var condidtion_attr = '';
879876
}
880877

878+
let url_field = '<input placeholder="url" type="text" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][url]" class="form-control" data-opt-index="' + option_index + '" data-metatype="url" value="">';
879+
880+
if (attachment.type !== 'image') {
881+
img_icon = '<img width="60" src="' + attachment.icon + '" style="width: 34px;">';
882+
url_field = '';
883+
}
884+
881885
if (fileurl) {
882886
var image_box = '';
883887
image_box += '<li class="' + class_name + '" data-condition-type="' + condidtion_attr + '">';
@@ -890,7 +894,7 @@ jQuery(function($) {
890894
image_box += '<input type="hidden" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][link]" value="' + fileurl + '" data-opt-index="' + option_index + '" data-metatype="link">';
891895
image_box += '<input type="hidden" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][id]" value="' + fileid + '" data-opt-index="' + option_index + '" data-metatype="id">';
892896
image_box += '<input type="text" placeholder="Title" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][title]" class="form-control ppom-image-option-title" data-opt-index="' + option_index + '" data-metatype="title">';
893-
image_box += '<input class="form-control" type="text" placeholder="' + price_placeholder + '" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][' + price_metatype + ']" class="form-control" data-opt-index="' + option_index + '" data-metatype="' + price_metatype + '">';
897+
image_box += '<input class="form-control" type="text" placeholder="' + price_placeholder + '" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][' + price_metatype + ']" class="form-control" data-opt-index="' + option_index + '" data-metatype="' + price_metatype + '" value="">';
894898
image_box += '<input class="form-control" type="text" placeholder="' + stock_placeholder + '" name="ppom[' + field_index + '][' + meta_type + '][' + option_index + '][' + stock_metatype + ']" class="form-control" data-opt-index="' + option_index + '" data-metatype="' + stock_metatype + '">';
895899
image_box += url_field;
896900
image_box += '<button class="btn btn-danger ppom-pre-upload-delete" style="height: 35px;"><i class="fa fa-times" aria-hidden="true"></i></button>';

phpstan-baseline.neon

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4110,11 +4110,6 @@ parameters:
41104110
count: 1
41114111
path: inc/functions.php
41124112

4113-
-
4114-
message: "#^If condition is always true\\.$#"
4115-
count: 1
4116-
path: inc/functions.php
4117-
41184113
-
41194114
message: "#^Parameter \\#1 \\$text of function esc_attr expects string, int\\<0, max\\> given\\.$#"
41204115
count: 1
@@ -4592,7 +4587,7 @@ parameters:
45924587

45934588
-
45944589
message: "#^If condition is always true\\.$#"
4595-
count: 2
4590+
count: 1
45964591
path: inc/hooks.php
45974592

45984593
-

phpstan.neon

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
parameters:
22
level: 6
3+
dynamicConstantNames:
4+
- WC_VERSION
35
paths:
46
- %currentWorkingDirectory%/inc
57
- %currentWorkingDirectory%/classes

0 commit comments

Comments
 (0)