WordPress.org
Get WordPress

Plugin Directory

Changeset 3047198


Ignore:
Timestamp:
03/07/2024 02:52:13 PM (2 years ago)
Author:
pluginbazar
Message:

Security bug fixed

Location:
woc-open-close
Files:
228 added
6 edited

Legend:

Unmodified
Added
Removed

  • woc-open-close/trunk/assets/admin/js/scripts.js

    r2869626 r3047198  
    3131        let checkBox = $(this),
    3232            post_id = checkBox.data('id'),
     33            woc_nonce = checkBox.data('woc-nonce'),
    3334            woc_active = !!checkBox.is(":checked");
    3435
     
    4142                "post_id": post_id,
    4243                "woc_active": woc_active,
     44                "woc_nonce": woc_nonce,
    4345            },
    4446            success: function (response) {
     
    7173
    7274        e.preventDefault();
    73         let timeZone = $('#update_timezone').val()
     75        let timeZone = $('#update_timezone').val(),
     76            woc_timezone_nonce = $('.woc_timezone_nonce').data('woc-timezone-nonce')
    7477
    7578        jQuery.ajax({
     
    8083                "action": "woc_update_timezone",
    8184                "time_zone": timeZone,
     85                "woc_timezone_nonce": woc_timezone_nonce,
    8286            },
    8387            success: function (response) {

  • woc-open-close/trunk/includes/classes/class-functions.php

    r3023098 r3047198  
    266266            $_next_time = [];
    267267            foreach ( $new_schedules as $day_id => $schedules ) {
     268                if ( ! is_array( $schedules ) && empty( $schedules ) ) {
     269                    continue;
     270                }
     271
    268272                $key = array_key_first( $schedules );
    269273

  • woc-open-close/trunk/includes/classes/class-hooks.php

    r2948631 r3047198  
    5050
    5151                // Remove on cart sidebar
    52                 remove_action( 'woocommerce_widget_shopping_cart_buttons','woocommerce_widget_shopping_cart_proceed_to_checkout', 20 );
     52                remove_action( 'woocommerce_widget_shopping_cart_buttons', 'woocommerce_widget_shopping_cart_proceed_to_checkout', 20 );
    5353
    5454                // Remove on checkout page
     
    9595         */
    9696        function ajax_update_timezone() {
    97             $timezone = isset( $_POST['time_zone'] ) ? sanitize_text_field( $_POST['time_zone'] ) : '';
    98 
    99             if ( empty( $timezone ) ) {
     97            $timezone           = isset( $_POST['time_zone'] ) ? sanitize_text_field( $_POST['time_zone'] ) : '';
     98            $woc_timezone_nonce = isset( $_POST['woc_timezone_nonce'] ) ? sanitize_text_field( $_POST['woc_timezone_nonce'] ) : '';
     99
     100            if ( current_user_can( 'manage_options' ) && wp_verify_nonce( $woc_timezone_nonce, 'woc-verify-timezone' ) ) {
     101
     102                if ( empty( $timezone ) ) {
     103                    wp_send_json_error();
     104                }
     105                update_option( 'timezone_string', $timezone );
     106                wp_send_json_success();
     107            } else {
    100108                wp_send_json_error();
    101109            }
    102             update_option( 'timezone_string', $timezone );
    103             wp_send_json_success();
    104110        }
    105111
     
    112118            $post_id    = isset( $_POST['post_id'] ) ? sanitize_text_field( $_POST['post_id'] ) : '';
    113119            $woc_active = isset( $_POST['woc_active'] ) ? sanitize_text_field( $_POST['woc_active'] ) : 'false';
    114 
    115             if ( empty( $post_id ) || $post_id == 0 ) {
     120            $woc_nonce  = isset( $_POST['woc_nonce'] ) ? sanitize_text_field( $_POST['woc_nonce'] ) : 'false';
     121
     122            if ( current_user_can( 'manage_options' ) && wp_verify_nonce( $woc_nonce, 'woc-verify' ) ) {
     123
     124                if ( empty( $post_id ) || $post_id == 0 ) {
     125                    wp_send_json_error();
     126                }
     127
     128                if ( $woc_active == 'true' ) {
     129                    Utils::update_option( 'woc_active_set', $post_id );
     130                }
     131
     132                if ( $woc_active == 'false' ) {
     133                    Utils::update_option( 'woc_active_set', '' );
     134                }
     135
     136                wp_send_json_success();
     137            } else {
    116138                wp_send_json_error();
    117139            }
    118 
    119             if ( $woc_active == 'true' ) {
    120                 Utils::update_option( 'woc_active_set', $post_id );
    121             }
    122 
    123             if ( $woc_active == 'false' ) {
    124                 Utils::update_option( 'woc_active_set', '' );
    125             }
    126 
    127             wp_send_json_success();
    128140        }
    129141

  • woc-open-close/trunk/readme.txt

    r3023098 r3047198  
    44   Tags: opening hours,open close,schedules manager
    55   Requires at least: 4.6
    6    Tested up to: 6.4.2
    7    Tested up to WooCommerce: 8.5.1
    8    Stable tag: 4.9.1
     6   Tested up to: 6.4.3
     7   Tested up to WooCommerce: 8.6.1
     8   Stable tag: 4.9.2
    99   Requires PHP: 5.6
    1010   Requires WooCommerce: 3.0
     
    310310     * 17/01/2024 - FIX - Bug fixed.
    311311
     312     = 4.9.2 =
     313     * 07/03/2024 - FIX - Security bug fixed.
     314
    312315
    313316== Upgrade Notice == 

  • woc-open-close/trunk/templates/admin/meta-box-publish.php

    r2869626 r3047198  
    1717        <div class='woc_section_inline woc_section_inputs'>
    1818            <label class="woc_switch">
    19                 <input <?php checked( wooopenclose()->get_active_schedule_id(), $post->ID ); ?> type="checkbox" class="woc_switch_checkbox" data-id="<?php echo esc_attr( $post->ID ); ?>">
     19                <input <?php checked( wooopenclose()->get_active_schedule_id(), $post->ID ); ?> type="checkbox" class="woc_switch_checkbox" data-id="<?php echo esc_attr( $post->ID ); ?>" data-woc-nonce="<?php echo wp_create_nonce( 'woc-verify' ) ?>">
    2020                <span class="woc_switch_slider woc_switch_round"></span>
    2121            </label>
     
    7878                <?php echo wp_timezone_choice( wooopenclose()->get_timezone_string() ) ?>
    7979            </select>
     80            <input type="hidden" class="woc_timezone_nonce" data-woc-timezone-nonce="<?php echo wp_create_nonce( 'woc-verify-timezone' ) ?>"></input>
    8081            <button type="submit" class="timezone_update"><?php echo esc_html__( 'Update', 'woc-open-close' ) ?></button>
    8182        </form>

  • woc-open-close/trunk/woc-open-close.php

    r3023098 r3047198  
    44    Plugin URI: https://pluginbazar.com/plugin/woocommerce-open-close/
    55    Description: Open Close WooCommerce store automatically with predefined schedules. Stop getting orders when your store is closed.
    6     Version: 4.9.1
     6    Version: 4.9.2
    77    Text Domain: woc-open-close
    88    Author: Jaed Mosharraf & Pluginbazar Team
     
    2020defined( 'WOOOPENCLOSE_DOCS_URL' ) || define( 'WOOOPENCLOSE_DOCS_URL', 'https://docs.pluginbazar.com/plugin/open-close-woocommerce-store/' );
    2121defined( 'WOOOPENCLOSE_WP_REVIEW_URL' ) || define( 'WOOOPENCLOSE_WP_REVIEW_URL', 'https://wordpress.org/support/plugin/woc-open-close/reviews/' );
    22 defined( 'WOOOPENCLOSE_VERSION' ) || define( 'WOOOPENCLOSE_VERSION', '4.9.1' );
     22defined( 'WOOOPENCLOSE_VERSION' ) || define( 'WOOOPENCLOSE_VERSION', '4.9.2' );
    2323
    2424
Note: See TracChangeset for help on using the changeset viewer.