Changeset 3425122
- Timestamp:
- 12/22/2025 08:18:07 AM (3 months ago)
- Location:
- social-boost/trunk
- Files:
-
- 2 added
- 4 edited
-
includes/compat (added)
-
includes/compat/polyfills.php (added)
-
includes/socialboost-api.php (modified) (30 diffs)
-
includes/socialboost-functions.php (modified) (1 diff)
-
readme.txt (modified) (2 diffs)
-
socialboost.php (modified) (65 diffs)
Legend:
- Unmodified
- Added
- Removed
-
social-boost/trunk/includes/socialboost-api.php
r3251063 r3425122 123 123 $msg = ''; 124 124 try { 125 if ( strpos($request->get_header('user_agent'), 'Appsmav') === false) {125 if (amsb_strpos($request->get_header('user_agent'), 'Appsmav') === false) { 126 126 throw new Exception('Error: '); 127 127 } 128 128 129 if ( empty($_POST['payload'])) {129 if (!isset($_POST['payload']) || empty($_POST['payload'])) { 130 130 throw new Exception('Error: '); 131 131 } … … 134 134 $post_payload = sanitize_text_field($_POST['payload']); 135 135 136 // Use hash_equals for timing attack protection137 136 if (!hash_equals($payload, $post_payload)) { 138 137 throw new Exception('Warning: '); … … 155 154 $msg = ''; 156 155 try { 157 if ( strpos($request->get_header('user_agent'), 'Appsmav') === false) {156 if (amsb_strpos($request->get_header('user_agent'), 'Appsmav') === false) { 158 157 throw new Exception('Error: '); 159 158 } … … 199 198 } 200 199 201 $res = json_decode($res, true);202 if (empty($res) || !empty($res['error'])) {200 $res = amsb_json_decode($res, true, array('error' => 1)); 201 if (empty($res) || (isset($res['error']) && !empty($res['error']))) { 203 202 throw new Exception('Error: '); 204 203 } … … 218 217 public function getversion($request) 219 218 { 219 $data = array(); 220 220 try { 221 221 $version = ''; … … 237 237 try 238 238 { 239 if (!isset($_POST['order_id'])) { 240 throw new Exception("Order ID is required"); 241 } 239 242 $order_id = sanitize_text_field($_POST['order_id']); 240 243 $order = new WC_Order($order_id); … … 245 248 $data = array( 246 249 'error' => 0, 247 'order' => $order->get_data()250 'order' => method_exists($order, 'get_data') ? $order->get_data() : array() 248 251 ); 249 252 } … … 265 268 try 266 269 { 267 if ( empty($_POST['id'])) {270 if (!isset($_POST['id']) || empty($_POST['id'])) { 268 271 throw new Exception('Invalid Page'); 269 272 } … … 310 313 try 311 314 { 312 if ( empty($_POST['title'])) {315 if (!isset($_POST['title']) || empty($_POST['title'])) { 313 316 throw new Exception('Invalid Title'); 314 317 } 315 318 316 if ( empty($_POST['content'])) {319 if (!isset($_POST['content']) || empty($_POST['content'])) { 317 320 throw new Exception('Invalid Content'); 318 321 } … … 358 361 } 359 362 360 if ( empty($_POST['id'])) {363 if (!isset($_POST['id']) || empty($_POST['id'])) { 361 364 throw new Exception('Invalid Page'); 362 365 } … … 377 380 else 378 381 { 379 $params['post_title'] = sanitize_text_field($_POST['title']);382 $params['post_title'] = (isset($_POST['title']) && !empty($_POST['title'])) ? sanitize_text_field($_POST['title']) : ''; 380 383 } 381 384 … … 408 411 try 409 412 { 410 if ( empty($_POST['id'])) {413 if (!isset($_POST['id']) || empty($_POST['id'])) { 411 414 throw new Exception('Invalid Page'); 412 415 } … … 436 439 public function reset_installation($request) 437 440 { 441 $data = array(); 438 442 try 439 443 { … … 459 463 try 460 464 { 461 if( empty($_POST['data']))465 if(!isset($_POST['data']) || empty($_POST['data'])) 462 466 throw new Exception('No config to set'); 463 467 464 if( empty($_POST['data']) ||!is_array($_POST['data']))468 if(!is_array($_POST['data'])) 465 469 throw new Exception('Invalid config to set'); 466 470 … … 495 499 try 496 500 { 497 if ( empty($_POST['email']) || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {501 if (!isset($_POST['email']) || empty($_POST['email']) || !filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) { 498 502 throw new Exception("Invalid email address"); 499 503 } 500 504 501 if ( empty($_POST['user_name'])) {505 if (!isset($_POST['user_name']) || empty($_POST['user_name'])) { 502 506 throw new Exception("Invalid user name"); 503 507 } 504 508 505 if ( empty($_POST['first_name']) ||strlen($_POST['first_name']) > 50) {509 if (!isset($_POST['first_name']) || empty($_POST['first_name']) || amsb_strlen($_POST['first_name']) > 50) { 506 510 throw new Exception("Invalid first name"); 507 511 } 508 512 509 if ( !empty($_POST['last_name']) &&strlen($_POST['last_name']) > 50) {513 if (isset($_POST['last_name']) && !empty($_POST['last_name']) && amsb_strlen($_POST['last_name']) > 50) { 510 514 throw new Exception("Invalid last name"); 511 515 } … … 518 522 $user_name = sanitize_user($_POST['user_name']); 519 523 $first_name = sanitize_text_field($_POST['first_name']); 520 $last_name = empty($_POST['last_name']) ? '' : sanitize_text_field($_POST['last_name']);524 $last_name = (isset($_POST['last_name']) && !empty($_POST['last_name'])) ? sanitize_text_field($_POST['last_name']) : ''; 521 525 522 526 $user = get_user_by('email', $email); … … 577 581 $resp['msg'] = 'No User Exist'; 578 582 try { 579 if ( empty($_POST['verify_user']) || !filter_var($_POST['verify_user'], FILTER_VALIDATE_EMAIL)) {583 if (!isset($_POST['verify_user']) || empty($_POST['verify_user']) || !filter_var($_POST['verify_user'], FILTER_VALIDATE_EMAIL)) { 580 584 throw new Exception("Invalid email address"); 581 585 } … … 613 617 { 614 618 $cat_args = array( 619 'taxonomy' => 'product_cat', 615 620 'orderby' => 'name', 616 621 'order' => 'asc', 617 622 'hide_empty' => false, 618 623 ); 619 $categories = get_terms('product_cat', $cat_args); 624 // Use WordPress 4.5+ compatible syntax 625 $categories = get_terms($cat_args); 626 627 // Validate result is not WP_Error 628 if (is_wp_error($categories)) { 629 $categories = array(); 630 } 620 631 621 632 $data = array( 622 633 'error' => 0, 623 'product_categories' => !empty($categories) ? $categories : array()634 'product_categories' => !empty($categories) && is_array($categories) ? $categories : array() 624 635 ); 625 636 } … … 640 651 public function sb_create_coupon($request) 641 652 { 653 $data = array(); 642 654 try 643 655 { 644 656 global $wpdb; 645 657 646 if( empty($_POST['cpn_type']) || empty($_POST['sbcpn_code']))658 if(!isset($_POST['cpn_type']) || empty($_POST['cpn_type']) || !isset($_POST['sbcpn_code']) || empty($_POST['sbcpn_code'])) 647 659 throw new Exception('InvalidRequest1'); 648 660 … … 653 665 throw new Exception('WooPluginNotFound'); 654 666 655 if(! in_array('woocommerce/woocommerce.php', apply_filters('active_plugins', get_option('active_plugins'))))667 if(!amsb_in_array('woocommerce/woocommerce.php', apply_filters('active_plugins', get_option('active_plugins')))) 656 668 throw new Exception('PluginDeactivated'); 657 669 658 670 // Validate coupon types 659 if(! in_array(wc_clean($_POST['cpn_type']), array_keys(wc_get_coupon_types())))660 throw new WC_CLI_Exception('woocommerce_cli_invalid_coupon_type', sprintf(__('Invalid coupon type - the coupon type must be any of these: %s', 'woocommerce'),implode(', ', array_keys(wc_get_coupon_types()))));671 if(!amsb_in_array(wc_clean($_POST['cpn_type']), array_keys(wc_get_coupon_types()))) 672 throw new Exception(sprintf(__('Invalid coupon type - the coupon type must be any of these: %s', 'woocommerce'), amsb_implode(', ', array_keys(wc_get_coupon_types())))); 661 673 662 674 $assoc_args = array( … … 680 692 ); 681 693 682 $assoc_args['product_ids'] = !empty($assoc_args['product_ids']) ? json_decode($assoc_args['product_ids'], true) : []; 683 $assoc_args['exclude_product_ids'] = !empty($assoc_args['exclude_product_ids']) ? json_decode($assoc_args['exclude_product_ids'], true) : []; 684 $assoc_args['product_category_ids'] = !empty($assoc_args['product_category_ids']) ? json_decode($assoc_args['product_category_ids'], true) : []; 685 $assoc_args['exclude_product_category_ids'] = !empty($assoc_args['exclude_product_category_ids']) ? json_decode($assoc_args['exclude_product_category_ids'], true) : []; 686 $assoc_args['customer_emails'] = !empty($assoc_args['customer_emails']) ? json_decode(stripslashes($assoc_args['customer_emails']), true) : []; 687 688 if(!empty($_POST['usage_limit_per_user'])) 694 // Use safe JSON decode for all array fields 695 $assoc_args['product_ids'] = !empty($assoc_args['product_ids']) ? amsb_json_decode($assoc_args['product_ids'], true, array()) : array(); 696 $assoc_args['exclude_product_ids'] = !empty($assoc_args['exclude_product_ids']) ? amsb_json_decode($assoc_args['exclude_product_ids'], true, array()) : array(); 697 $assoc_args['product_category_ids'] = !empty($assoc_args['product_category_ids']) ? amsb_json_decode($assoc_args['product_category_ids'], true, array()) : array(); 698 $assoc_args['exclude_product_category_ids'] = !empty($assoc_args['exclude_product_category_ids']) ? amsb_json_decode($assoc_args['exclude_product_category_ids'], true, array()) : array(); 699 $assoc_args['customer_emails'] = !empty($assoc_args['customer_emails']) ? amsb_json_decode(amsb_stripslashes($assoc_args['customer_emails']), true, array()) : array(); 700 701 if(isset($_POST['usage_limit_per_user']) && !empty($_POST['usage_limit_per_user'])) 689 702 $assoc_args['usage_limit'] = ''; 690 703 … … 713 726 if(empty($app_id) || empty($payload)) 714 727 throw new Exception('IntegrationMissing'); 728 729 // Validate additional required fields 730 if(!isset($_POST['id_coupon']) || !isset($_POST['hash'])) 731 throw new Exception('InvalidRequest3'); 715 732 716 733 $param = array( … … 731 748 $res = $httpObj->getResponse(); 732 749 if(!empty($res)) 733 $res = json_decode($res, true);734 735 if(empty($res) || !empty($res['error']))750 $res = amsb_json_decode($res, true, array('error' => 1)); 751 752 if(empty($res) || (isset($res['error']) && !empty($res['error']))) 736 753 throw new Exception('VerificationFailed'); 737 754 … … 771 788 772 789 if(is_wp_error($id)) 773 throw new WC_CLI_Exception('woocommerce_cli_cannot_create_coupon',$id->get_error_message());790 throw new Exception('Cannot create coupon: ' . $id->get_error_message()); 774 791 775 792 // Set coupon meta … … 777 794 update_post_meta($id, 'coupon_amount', wc_format_decimal($coupon_data['amount'])); 778 795 update_post_meta($id, 'individual_use', (!empty($coupon_data['individual_use']) ) ? 'yes' : 'no' ); 779 update_post_meta($id, 'product_ids', implode(',', array_filter(array_map('intval', $coupon_data['product_ids'])))); 780 update_post_meta($id, 'exclude_product_ids', implode(',', array_filter(array_map('intval', $coupon_data['exclude_product_ids'])))); 796 797 // Validate arrays before array operations 798 $product_ids = is_array($coupon_data['product_ids']) ? $coupon_data['product_ids'] : array(); 799 $exclude_product_ids = is_array($coupon_data['exclude_product_ids']) ? $coupon_data['exclude_product_ids'] : array(); 800 801 update_post_meta($id, 'product_ids', amsb_implode(',', array_filter(array_map('intval', $product_ids)))); 802 update_post_meta($id, 'exclude_product_ids', amsb_implode(',', array_filter(array_map('intval', $exclude_product_ids)))); 781 803 update_post_meta($id, 'usage_limit', absint($coupon_data['usage_limit'])); 782 804 update_post_meta($id, 'usage_limit_per_user', absint($coupon_data['usage_limit_per_user'])); … … 784 806 update_post_meta($id, 'usage_count', absint($coupon_data['usage_count'])); 785 807 786 if('' !== wc_clean($coupon_data['expiry_date'])) 787 $coupon_data['expiry_date'] = date('Y-m-d', strtotime($coupon_data['expiry_date'])); 808 if('' !== wc_clean($coupon_data['expiry_date'])) { 809 $timestamp = amsb_strtotime($coupon_data['expiry_date']); 810 // Validate strtotime didn't return FALSE 811 $coupon_data['expiry_date'] = ($timestamp !== false) ? date('Y-m-d', $timestamp) : ''; 812 } 788 813 789 814 update_post_meta($id, 'expiry_date', wc_clean($coupon_data['expiry_date'])); 790 815 update_post_meta($id, 'free_shipping', (!empty($coupon_data['enable_free_shipping']) ) ? 'yes' : 'no' ); 791 update_post_meta($id, 'product_categories', array_filter(array_map('intval', $coupon_data['product_category_ids']))); 792 update_post_meta($id, 'exclude_product_categories', array_filter(array_map('intval', $coupon_data['exclude_product_category_ids']))); 816 817 // Validate arrays before array operations 818 $product_category_ids = is_array($coupon_data['product_category_ids']) ? $coupon_data['product_category_ids'] : array(); 819 $exclude_product_category_ids = is_array($coupon_data['exclude_product_category_ids']) ? $coupon_data['exclude_product_category_ids'] : array(); 820 $customer_emails = is_array($coupon_data['customer_emails']) ? $coupon_data['customer_emails'] : array(); 821 822 update_post_meta($id, 'product_categories', array_filter(array_map('intval', $product_category_ids))); 823 update_post_meta($id, 'exclude_product_categories', array_filter(array_map('intval', $exclude_product_category_ids))); 793 824 update_post_meta($id, 'exclude_sale_items', (!empty($coupon_data['exclude_sale_items']) ) ? 'yes' : 'no' ); 794 825 update_post_meta($id, 'minimum_amount', wc_format_decimal($coupon_data['minimum_amount'])); 795 826 update_post_meta($id, 'maximum_amount', wc_format_decimal($coupon_data['maximum_amount'])); 796 update_post_meta($id, 'customer_email', array_filter(array_map('sanitize_email', $c oupon_data['customer_emails'])));797 798 if ( !empty($_POST['custom_attributes']))827 update_post_meta($id, 'customer_email', array_filter(array_map('sanitize_email', $customer_emails))); 828 829 if (isset($_POST['custom_attributes']) && !empty($_POST['custom_attributes'])) 799 830 { 800 $custom_attributes = stripslashes(sanitize_text_field($_POST['custom_attributes']));801 $custom_attributes = json_decode($custom_attributes, true);831 $custom_attributes = amsb_stripslashes(sanitize_text_field($_POST['custom_attributes'])); 832 $custom_attributes = amsb_json_decode($custom_attributes, true, array()); 802 833 if (!empty($custom_attributes) && is_array($custom_attributes)) 803 834 { … … 827 858 public function verify_coupon_code($request) 828 859 { 860 $data = array(); 829 861 try 830 862 { 831 863 $data['error'] = 0; 832 864 833 if ( empty($_POST['coupon_code'])) {865 if (!isset($_POST['coupon_code']) || empty($_POST['coupon_code'])) { 834 866 throw new Exception('Coupon code cannot be empty. Please check'); 835 867 } … … 838 870 839 871 $coupon = new WC_Coupon($coupon_code); 840 if (!empty($coupon->id)) 872 // Use getter method instead of direct property access (PHP 8.2+ compatible) 873 $coupon_id = method_exists($coupon, 'get_id') ? $coupon->get_id() : 0; 874 if (!empty($coupon_id)) 841 875 { 842 876 $data['msg'] = 'Yes'; 843 $data['coupon'] = json_decode($coupon, true); 877 // Get coupon data array instead of trying to json_decode object 878 $data['coupon'] = method_exists($coupon, 'get_data') ? $coupon->get_data() : array(); 844 879 } 845 880 else … … 859 894 public function delete_coupon_code($request) 860 895 { 896 $data = array(); 861 897 try 862 898 { 863 899 $data['error'] = 0; 864 900 865 if ( empty($_POST['coupon_code'])) {901 if (!isset($_POST['coupon_code']) || empty($_POST['coupon_code'])) { 866 902 throw new Exception('Invalid coupon code'); 867 903 } … … 869 905 $coupon_code = sanitize_text_field($_POST['coupon_code']); 870 906 $coupon = new WC_Coupon($coupon_code); 871 if (!empty($coupon->id)) 907 // Use getter methods instead of direct property access (PHP 8.2+ compatible) 908 $coupon_id = method_exists($coupon, 'get_id') ? $coupon->get_id() : 0; 909 if (!empty($coupon_id)) 872 910 { 873 $validate_usage = empty($_POST['validate_usage']) ? 0 : sanitize_text_field($_POST['validate_usage']); 874 if(!empty($validate_usage) && (!isset($coupon->usage_count) || $coupon->usage_count != 0)) 911 $validate_usage = (isset($_POST['validate_usage']) && !empty($_POST['validate_usage'])) ? sanitize_text_field($_POST['validate_usage']) : 0; 912 $usage_count = method_exists($coupon, 'get_usage_count') ? $coupon->get_usage_count() : 0; 913 914 if(!empty($validate_usage) && $usage_count != 0) 875 915 { 876 $data['id'] = $coupon ->id;877 $data['usage_count'] = $ coupon->usage_count;916 $data['id'] = $coupon_id; 917 $data['usage_count'] = $usage_count; 878 918 throw new Exception('Coupon code already used'); 879 919 } 880 920 881 $post_id = wp_delete_post($coupon ->id, TRUE);921 $post_id = wp_delete_post($coupon_id, TRUE); 882 922 if ( is_wp_error( $post_id ) ) { 883 923 throw new Exception( $post_id->get_error_message()); -
social-boost/trunk/includes/socialboost-functions.php
r2444135 r3425122 30 30 31 31 if(!empty($config_json)) 32 $config = json_decode($config_json, true);32 $config = amsb_json_decode($config_json, true, array()); 33 33 } 34 34 } -
social-boost/trunk/readme.txt
r3398647 r3425122 5 5 Requires at least: 3.0.1 6 6 Tested up to: 6.8 7 Stable tag: 3.5. 27 Stable tag: 3.5.3 8 8 License: GPLv2 or later 9 9 License URI: http://www.gnu.org/licenses/gpl-2.0.html … … 437 437 WordPress version 6.8 release compatibility 438 438 439 == Upgrade Notice ==440 439 = 3.5.2 = 441 440 Improvements and bug fixes 442 441 442 = 3.5.3 = 443 PHP version 8.4 release compatibility 444 443 445 == Upgrade Notice == 444 = 3.5. 2=445 Improvements and bug fixes 446 = 3.5.3 = 447 PHP version 8.4 release compatibility -
social-boost/trunk/socialboost.php
r3398647 r3425122 2 2 /** 3 3 * @package Social Boost by Appsmav 4 * @version 3.5. 24 * @version 3.5.3 5 5 */ 6 6 /* … … 8 8 Plugin URI: http://appsmav.com 9 9 Description: Get leads & customers. Boost social media followers. 10 Version: 3.5. 210 Version: 3.5.3 11 11 Author: Appsmav 12 12 Author URI: http://appsmav.com … … 30 30 defined( 'ABSPATH' ) or die( 'No script kiddies please!' ); 31 31 define('SB_PLUGIN_BASE_PATH', dirname(__FILE__)); 32 // Load compatibility polyfills for PHP 5.4-8.4 33 if (file_exists(SB_PLUGIN_BASE_PATH . '/includes/compat/polyfills.php')) { 34 require_once(SB_PLUGIN_BASE_PATH . '/includes/compat/polyfills.php'); 35 } 32 36 33 37 class Social_Boost 34 38 { 35 public static $_plugin_version = '3.5. 2';39 public static $_plugin_version = '3.5.3'; 36 40 public static $_callback_url = 'https://social.appsmav.com/'; 37 41 public static $_api_version = 'api/v1/'; 38 42 protected static $_api_url = 'https://clients.appsmav.com/api_v1.php'; 39 protected static $_c_sdk_url = '//cdn.appsmav.com/sb/assets/js/widget-sdk.js?v=3.5. 2';43 protected static $_c_sdk_url = '//cdn.appsmav.com/sb/assets/js/widget-sdk.js?v=3.5.3'; 40 44 41 45 /** … … 110 114 $id = isset($atts['id']) ? sanitize_text_field($atts['id']) : ''; 111 115 $patternAlphaNum = '/^[a-zA-Z0-9]+$/'; 112 if (empty($id) || ! preg_match($patternAlphaNum, $id) ||strlen($id) > 10) {116 if (empty($id) || !amsb_preg_match($patternAlphaNum, $id) || amsb_strlen($id) > 10) { 113 117 return ''; 114 118 } 115 119 $type = isset($atts['type']) ? sanitize_text_field($atts['type']) : ''; 116 if (!empty($type) && (! preg_match($patternAlphaNum, $type) ||strlen($type) > 10)) {120 if (!empty($type) && (!amsb_preg_match($patternAlphaNum, $type) || amsb_strlen($type) > 10)) { 117 121 return ''; 118 122 } … … 178 182 $orderConfig = ''; 179 183 if (class_exists('WC_Integration')) { 180 if ( is_order_received_page()) {184 if (function_exists('is_order_received_page') && is_order_received_page()) { 181 185 $orderConfig = ', is_thankyou_page: "true"'; 182 186 $order_id = self::_getOrderID(); … … 232 236 global $wp; 233 237 $order_id = ''; 234 if (isset($wp->query_vars['order-received']) && !empty($wp->query_vars['order-received'])) { 235 $order_id = $wp->query_vars['order-received']; 236 } else if(isset($_GET['view-order']) && !empty($_GET['view-order'])) { 238 239 // Validate $wp object exists and has query_vars 240 if (isset($wp) && is_object($wp) && isset($wp->query_vars) && is_array($wp->query_vars)) { 241 if (isset($wp->query_vars['order-received']) && !empty($wp->query_vars['order-received'])) { 242 $order_id = $wp->query_vars['order-received']; 243 } 244 } 245 246 if (empty($order_id) && isset($_GET['view-order']) && !empty($_GET['view-order'])) { 237 247 //check if on view-order page and get parameter is available 238 248 $order_id = sanitize_text_field($_GET['view-order']); … … 240 250 //check if on view order-received page and get parameter is available 241 251 $order_id = sanitize_text_field($_GET['order-received']); 242 } elseif (isset($_GET['key']) && !empty($_GET['key']) && version_compare( WC_VERSION, '5.9', '>=')) {252 } elseif (isset($_GET['key']) && !empty($_GET['key']) && amsb_check_wc_version('5.9', '>=') && function_exists('wc_get_order_id_by_order_key')) { 243 253 $order_id = wc_get_order_id_by_order_key( sanitize_text_field($_GET['key']) ); 244 254 } else { 245 $url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; 246 $template_name = strpos($url,'/order-received/') === false ? '/view-order/' : '/order-received/'; 247 if (strpos($url,$template_name) !== false) { 248 $start = strpos($url,$template_name); 249 $first_part = substr($url, $start+strlen($template_name)); 250 $order_id = substr($first_part, 0, strpos($first_part, '/')); 255 if (isset($_SERVER['SERVER_NAME']) && isset($_SERVER['REQUEST_URI'])) { 256 $url = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; 257 $template_name = amsb_strpos($url,'/order-received/') === false ? '/view-order/' : '/order-received/'; 258 if (amsb_strpos($url,$template_name) !== false) { 259 $start = amsb_strpos($url,$template_name); 260 if ($start !== false) { 261 $first_part = amsb_substr($url, $start+amsb_strlen($template_name)); 262 $slash_pos = amsb_strpos($first_part, '/'); 263 if ($slash_pos !== false) { 264 $order_id = amsb_substr($first_part, 0, $slash_pos); 265 } 266 } 267 } 251 268 } 252 269 } … … 326 343 try 327 344 { 345 // Validate $post object 346 if (!is_object($post) || !isset($post->post_type) || !isset($post->ID)) { 347 return; 348 } 349 328 350 // Only want to set if this is a old post! 329 351 if (!$update || 'page' !== $post->post_type) { … … 356 378 357 379 $res = self::_curlResp($param, $url); 358 if(empty($res) || $res['error'] == 1) {380 if(empty($res) || (isset($res['error']) && $res['error'] == 1)) { 359 381 throw new Exception('VerificationFailed'); 360 382 } … … 362 384 catch (Exception $ex) 363 385 { 364 $resp['error'] = 1;365 $resp['msg'] = $ex->getMessage();366 386 } 367 387 } … … 395 415 396 416 $res = self::_curlResp($param, $url); 397 if(empty($res) || $res['error'] == 1)417 if(empty($res) || (isset($res['error']) && $res['error'] == 1)) 398 418 throw new Exception('VerificationFailed'); 399 419 } 400 420 catch (Exception $ex) 401 421 { 402 $resp['error'] = 1;403 $resp['msg'] = $ex->getMessage();404 422 } 405 423 } … … 411 429 // Check if our plugin was updated 412 430 $plugin_path = plugin_basename(__FILE__); 413 if (isset($options['plugins']) && is_array($options['plugins']) && in_array($plugin_path, $options['plugins'], true)) {431 if (isset($options['plugins']) && is_array($options['plugins']) && amsb_in_array($plugin_path, $options['plugins'], true)) { 414 432 415 433 // Safely get plugin data … … 420 438 $plugin_data = get_plugin_data(WP_PLUGIN_DIR . '/' . $plugin_path); 421 439 $new_version = isset($plugin_data['Version']) ? $plugin_data['Version'] : ''; // Fetch new version 422 if (!empty($new_version) && preg_match('/^\d+\.\d+\.\d+$/', $new_version)) {440 if (!empty($new_version) && amsb_preg_match('/^\d+\.\d+\.\d+$/', $new_version)) { 423 441 424 442 $app_id = get_option('socialboost_appid', 0); … … 441 459 442 460 // Validate API response 443 if (empty($response) || !empty($response['error'])) { 444 throw new Exception('API request failed: ' . ($response['message'] ?? 'Unknown error')); 461 if (empty($response) || (isset($response['error']) && !empty($response['error']))) { 462 $error_msg = (isset($response['message']) && !empty($response['message'])) ? $response['message'] : 'Unknown error'; 463 throw new Exception('API request failed: ' . $error_msg); 445 464 } 446 465 } … … 454 473 public function sb_ajax_check_grvlsw_settings() 455 474 { 475 $res = array(); 456 476 try { 457 477 // Verify nonce … … 480 500 $param['plugin_type'] = 'WOO'; 481 501 482 $res = array();483 502 $res = self::_curlResp($param,self::$_api_url); 484 503 485 if( !empty($res['is_shop']) && $res['is_shop'] == 1) 486 { 504 if( isset($res['is_shop']) && !empty($res['is_shop']) && $res['is_shop'] == 1) 505 { 506 // Validate required response fields 507 if (!isset($res['id_shop']) || !isset($res['id_site']) || !isset($res['pay_load'])) { 508 throw new Exception('Invalid API response - missing required fields'); 509 } 487 510 update_option( 'socialboost_admin_email', $email); 488 511 update_option( 'socialboost_shop_id', $res['id_shop']); … … 500 523 501 524 } 502 else if ( !empty($res['is_shop']) && $res['is_shop'] == 2)525 else if (isset($res['is_shop']) && !empty($res['is_shop']) && $res['is_shop'] == 2) 503 526 { 504 527 $ip_info = self::_getIPDetails(); … … 538 561 $params['shop_name'] = get_option('blogname'); 539 562 $params['campaign_name']= 'REWARDS'; 540 $params['timezone'] = 'America/Chicago'; //Dummy $p['grappsmav_reg_timezone'];541 $params['date_format'] = 'd/m/Y'; //Dummy$p['grappsmav_reg_date_format'];563 $params['timezone'] = 'America/Chicago'; 564 $params['date_format'] = 'd/m/Y'; 542 565 $params['exclusion_period'] = 0; 543 566 $params['login_url'] = get_option('siteurl'); … … 548 571 $res = self::_curlResp($params, self::$_api_url); 549 572 550 if ( $res['error'] == 0)573 if (isset($res['error']) && $res['error'] == 0) 551 574 { 575 // Validate required response fields 552 576 $res['sb_reg'] = 0; 553 update_option('socialboost_shop_id', $res['id_shop']);554 update_option('socialboost_appid', $res['id_site']);555 update_option('socialboost_payload', $res['pay_load']);577 update_option('socialboost_shop_id', (isset($res['id_shop']) && !empty($res['id_shop'])) ? $res['id_shop'] : ''); 578 update_option('socialboost_appid', (isset($res['id_site']) && !empty($res['id_site'])) ? $res['id_site'] : ''); 579 update_option('socialboost_payload', (isset($res['pay_load']) && !empty($res['pay_load'])) ? $res['pay_load'] : ''); 556 580 update_option('socialboost_admin_email', $email); 557 581 update_option('socialboost_register', 1 ); … … 561 585 $res['frame_url'] = self::$_callback_url.'autologin?id_shop='.$res['id_shop'].'&admin_email='.urlencode($params['email']).'&payload='.$res['pay_load'].'&autoredirect=auto'; 562 586 } 563 else if ( $res['error'] == 1)587 else if (isset($res['error']) && $res['error'] == 1) 564 588 $res['sb_reg'] = 1; 565 else if ( $res['error'] == 2 || $res['error'] == 3)589 else if (isset($res['error']) && ($res['error'] == 2 || $res['error'] == 3)) 566 590 { 567 591 update_option( 'socialboost_register', 3 ); … … 587 611 public function sb_ajax_check_grvlsw_login() 588 612 { 613 $res = array(); 589 614 try 590 615 { … … 595 620 } 596 621 597 if( empty($_POST['socialboost_login_email']) || !filter_var($_POST['socialboost_login_email'], FILTER_VALIDATE_EMAIL))622 if(!isset($_POST['socialboost_login_email']) || empty($_POST['socialboost_login_email']) || !filter_var($_POST['socialboost_login_email'], FILTER_VALIDATE_EMAIL)) 598 623 throw new Exception("Please enter valid email"); 599 624 600 if( empty($_POST['socialboost_login_pwd']))625 if(!isset($_POST['socialboost_login_pwd']) || empty($_POST['socialboost_login_pwd'])) 601 626 throw new Exception("Please enter password"); 602 627 603 $res = array();604 628 $params = array(); 605 629 $email = sanitize_email( $_POST['socialboost_login_email'] ); … … 619 643 throw new Exception("Invalid Email / Password."); 620 644 621 $resCurl = json_decode($response['body'], true);622 623 if ( $resCurl['error'] == 0)645 $resCurl = amsb_json_decode($response['body'], true, array('error' => 1)); 646 647 if (isset($resCurl['error']) && $resCurl['error'] == 0) 624 648 { 625 649 $plugin_type = 'WP'; … … 629 653 630 654 update_option( 'socialboost_admin_email', $adminEmail); 631 update_option( 'socialboost_shop_id', $resCurl['id_shop']);632 update_option('socialboost_appid', $resCurl['id_site']);633 update_option( 'socialboost_payload', $resCurl['pay_load']);655 update_option( 'socialboost_shop_id', (isset($resCurl['id_shop']) && !empty($resCurl['id_shop'])) ? $resCurl['id_shop'] : ''); 656 update_option('socialboost_appid', (isset($resCurl['id_site']) && !empty($resCurl['id_site'])) ? $resCurl['id_site'] : ''); 657 update_option( 'socialboost_payload', (isset($resCurl['pay_load']) && !empty($resCurl['pay_load'])) ? $resCurl['pay_load'] : ''); 634 658 update_option( 'socialboost_register', 1 ); 635 659 … … 646 670 { 647 671 $res['error'] = 1; 648 $res['message'] = ( !empty($resCurl['message'])) ? $resCurl['message'] : "Invalid Email / Password";672 $res['message'] = (isset($resCurl['message']) && !empty($resCurl['message'])) ? $resCurl['message'] : "Invalid Email / Password"; 649 673 } 650 674 … … 699 723 protected static function _curlResp($param,$url) 700 724 { 725 $resp = array(); 701 726 $response = wp_remote_post($url,array('body'=> $param,'timeout' => 10)); 702 727 if (is_array($response) && !empty($response['body'])) { 703 $resp = json_decode($response['body'], true);728 $resp = amsb_json_decode($response['body'], true, array('error' => 1)); 704 729 } else { 705 730 $resp['error'] = 1; … … 711 736 protected static function _getIPDetails() 712 737 { 738 // Get client IP with fallback 739 $ip = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ''; 740 713 741 // Default return value for failure case of API request 714 $ip = $_SERVER['REMOTE_ADDR'];715 742 $ip_details = array('ip'=>$ip, 'city'=>'', 'region_name'=>'', 'country_code'=>'US'); 716 743 717 744 try { 745 // Validate IP is not empty 746 if (empty($ip)) { 747 return $ip_details; 748 } 718 749 719 750 $url = 'http://www.geoplugin.net/json.gp?ip='.$ip; 720 751 $response = wp_remote_get( $url ); 721 752 722 if (is_array($response) && !empty($response['body']))723 { 724 $ipLocArr = json_decode($response['body'], TRUE);753 if (is_array($response) && isset($response['body']) && !empty($response['body'])) 754 { 755 $ipLocArr = amsb_json_decode($response['body'], TRUE, array()); 725 756 726 757 /* … … 730 761 * https://stackoverflow.com/questions/28038278/getting-visitors-city-from-their-ip-not-working-geoplugin 731 762 */ 732 if (!empty($ipLocArr['geoplugin_request']) && $ipLocArr['geoplugin_request'] == $ip && in_array($ipLocArr['geoplugin_status'], array(200, 206))) { 733 $ip_details['ip'] = empty($ipLocArr['geoplugin_request']) ? $ip : $ipLocArr['geoplugin_request']; 734 $ip_details['city'] = empty($ipLocArr['geoplugin_city']) ? null : $ipLocArr['geoplugin_city']; 735 $ip_details['region_name'] = empty($ipLocArr['geoplugin_regionName']) ? null : $ipLocArr['geoplugin_regionName']; 736 $ip_details['country_code'] = empty($ipLocArr['geoplugin_countryCode']) ? 'US' : $ipLocArr['geoplugin_countryCode']; 763 if (is_array($ipLocArr) && isset($ipLocArr['geoplugin_request']) && !empty($ipLocArr['geoplugin_request']) && 764 $ipLocArr['geoplugin_request'] == $ip && 765 isset($ipLocArr['geoplugin_status']) && amsb_in_array($ipLocArr['geoplugin_status'], array(200, 206))) { 766 $ip_details['ip'] = isset($ipLocArr['geoplugin_request']) ? $ipLocArr['geoplugin_request'] : $ip; 767 $ip_details['city'] = isset($ipLocArr['geoplugin_city']) && !empty($ipLocArr['geoplugin_city']) ? $ipLocArr['geoplugin_city'] : ''; 768 $ip_details['region_name'] = isset($ipLocArr['geoplugin_regionName']) && !empty($ipLocArr['geoplugin_regionName']) ? $ipLocArr['geoplugin_regionName'] : ''; 769 $ip_details['country_code'] = isset($ipLocArr['geoplugin_countryCode']) && !empty($ipLocArr['geoplugin_countryCode']) ? $ipLocArr['geoplugin_countryCode'] : 'US'; 737 770 } 738 771 } … … 754 787 755 788 $params['action'] = 'createaccount'; 756 $params['firstname'] = sanitize_text_field($p['socialboost_reg_firstname']);757 $params['lastname'] = sanitize_text_field($p['socialboost_reg_lastname']);758 $params["raffd"] = sanitize_text_field($p['raffd']);789 $params['firstname'] = isset($p['socialboost_reg_firstname']) ? sanitize_text_field($p['socialboost_reg_firstname']) : ''; 790 $params['lastname'] = isset($p['socialboost_reg_lastname']) ? sanitize_text_field($p['socialboost_reg_lastname']) : ''; 791 $params["raffd"] = isset($p['raffd']) ? sanitize_text_field($p['raffd']) : ''; 759 792 $params['companyname'] = get_bloginfo('name'); 760 793 $params['email'] = sanitize_email($p['socialboost_reg_email_user']); … … 832 865 if(isset($_REQUEST['grc'])) 833 866 { 834 if( !session_id())835 session_start();836 837 $_SESSION['grc'] = sanitize_text_field($_REQUEST['grc']);838 $_SESSION['gre'] = sanitize_text_field($_REQUEST['gre']);839 $_SESSION['typ'] = isset($_REQUEST['type']) ? sanitize_text_field($_REQUEST['type']) : 'gr';840 $_SESSION['scopeid'] = sanitize_text_field($_REQUEST['scopeid']);841 $_SESSION['mavtoken']= isset($_REQUEST['mavtoken']) ? sanitize_text_field($_REQUEST['mavtoken']) : '';867 if(amsb_session_start()) 868 { 869 $_SESSION['grc'] = sanitize_text_field($_REQUEST['grc']); 870 $_SESSION['gre'] = isset($_REQUEST['gre']) ? sanitize_text_field($_REQUEST['gre']) : ''; 871 $_SESSION['typ'] = isset($_REQUEST['type']) ? sanitize_text_field($_REQUEST['type']) : 'gr'; 872 $_SESSION['scopeid'] = isset($_REQUEST['scopeid']) ? sanitize_text_field($_REQUEST['scopeid']) : ''; 873 $_SESSION['mavtoken']= isset($_REQUEST['mavtoken']) ? sanitize_text_field($_REQUEST['mavtoken']) : ''; 874 } 842 875 } 843 876 … … 848 881 public function send_comment_to_appsmav($comment_ID) 849 882 { 850 if( !session_id()) 851 session_start(); 883 amsb_session_start(); 852 884 853 885 if(isset($_SESSION['grc'])){ 854 886 855 887 $mavtoken = ''; 856 if ( !empty($_SESSION['mavtoken']))888 if (isset($_SESSION['mavtoken']) && !empty($_SESSION['mavtoken'])) 857 889 $mavtoken = "&mavtoken=" . $_SESSION['mavtoken']; 890 891 $_SESSION['typ'] = isset($_SESSION['typ']) ? $_SESSION['typ'] : ''; 892 $_SESSION['grc'] = isset($_SESSION['grc']) ? $_SESSION['grc'] : ''; 893 $_SESSION['gre'] = isset($_SESSION['gre']) ? $_SESSION['gre'] : ''; 894 $_SESSION['scopeid'] = isset($_SESSION['scopeid']) ? $_SESSION['scopeid'] : ''; 858 895 859 896 switch($_SESSION['typ']) … … 900 937 global $wpdb; 901 938 939 // Initialize $_REQUEST['order_status'] to prevent PHP 8 E_WARNING 940 if(!isset($_REQUEST['order_status']) || empty($_REQUEST['order_status'])) 941 $_REQUEST['order_status'] = ''; 942 902 943 // Check purchase campaign is enabled 903 944 $is_enabled = self::is_purchase_camp_enabled(); … … 907 948 $order = new WC_Order($order_id); 908 949 950 // Validate order exists 951 if (!$order || !method_exists($order, 'get_id') || !$order->get_id()) { 952 return; // Invalid order 953 } 954 909 955 $user_email = ''; 910 956 $ordered_user = $order->get_user(); … … 913 959 914 960 $status = $order->get_status(); 915 $param['order_status'] = strtolower($status); 916 917 if(strtolower($status) != 'processing' && strtolower($status) != 'paid' && strtolower($status) != 'completed') 961 $status_lower = amsb_strtolower($status); 962 $param['order_status'] = $status_lower; 963 964 if($status_lower != 'processing' && $status_lower != 'paid' && $status_lower != 'completed') 918 965 $param['order_status'] = 'pending'; 919 966 920 967 $param['user'] = $ordered_user; 921 if ( version_compare( WC_VERSION,'3.7', '<' ))968 if (amsb_check_wc_version( '3.7', '<' )) 922 969 $couponsArr = $order->get_used_coupons(); 923 970 else … … 931 978 $param['tax'] = $order->get_total_tax(); 932 979 933 if( strtolower($status)== 'pending')980 if($status_lower == 'pending') 934 981 return; 935 982 936 if(!empty($couponsArr) )983 if(!empty($couponsArr) && isset($couponsArr[0])) 937 984 $param['coupon'] = $couponsArr[0]; 938 985 939 if( version_compare( WC_VERSION,'3.0', '<' )) {986 if(amsb_check_wc_version( '3.0', '<' )) { 940 987 $param['name'] = $order->get_billing_first_name(); 941 988 } … … 943 990 { 944 991 $order_data = $order->get_data(); 945 $param['name'] = empty($order_data['billing']['first_name']) ? '' : $order_data['billing']['first_name'];992 $param['name'] = (isset($order_data['billing']['first_name']) && !empty($order_data['billing']['first_name'])) ? $order_data['billing']['first_name'] : ''; 946 993 } 947 994 … … 953 1000 $param['comment'] = 'Order Id - ' . $order_id . ' From ' . get_option('siteurl'); 954 1001 $param['status'] = 'Add'; 955 $param['created_date'] = $order->get_date_created()->format('c'); 1002 $date_created = $order->get_date_created(); 1003 $param['created_date'] = ($date_created && method_exists($date_created, 'format')) ? $date_created->format('c') : date('c'); 956 1004 $param['user_ip'] = $order->get_customer_ip_address(); 957 1005 958 if( version_compare( WC_VERSION,'3.0', '<' ))1006 if(amsb_check_wc_version( '3.0', '<' )) 959 1007 $curOrder = $order->get_order_currency(); 960 1008 else … … 970 1018 971 1019 $prodArr = $order->get_items(); 1020 1021 // Validate items array 1022 if (!is_array($prodArr) || empty($prodArr)) { 1023 $prodArr = array(); 1024 } 1025 972 1026 $total = 0; 973 1027 974 1028 foreach($prodArr as $prod) 975 1029 { 976 $product = new WC_Product($prod['product_id']); 1030 // Validate product ID exists in array 1031 if (!isset($prod['product_id'])) { 1032 continue; 1033 } 1034 1035 $product = wc_get_product($prod['product_id']); 1036 if (!$product) { 1037 continue; // Skip if product not found 1038 } 1039 977 1040 $get_items_sql = $wpdb->prepare("select * from {$wpdb->prefix}postmeta WHERE meta_key = %s AND post_id = %d", '_price', $prod['product_id']); 978 1041 $line_item = $wpdb->get_row($get_items_sql); 979 $price = $line_item->meta_value; 980 981 if(empty($price)) 982 $price = $product->price; 983 984 $total += $price * $prod['qty']; 985 } 986 987 $ratio = $param['subtotal'] / $total; 988 $param['total'] = $param['total'] / $ratio; 989 $param['subtotal'] = $param['subtotal'] / $ratio; 990 $param['shipping'] = $param['shipping'] / $ratio; 991 $param['shipping_tax'] = $param['shipping_tax'] / $ratio; 992 $param['tax'] = $param['tax'] / $ratio; 1042 1043 // Get price from meta or product object 1044 $price = 0; 1045 if ($line_item && isset($line_item->meta_value) && !empty($line_item->meta_value)) { 1046 $price = $line_item->meta_value; 1047 } else { 1048 $price = $product->get_price(); 1049 } 1050 1051 $prod['qty'] = isset($prod['qty']) ? $prod['qty'] : 1; 1052 $total += floatval($price) * floatval($prod['qty']); 1053 } 1054 1055 $ratio = 1; 1056 if ($total > 0) { 1057 $ratio = ($param['subtotal'] > 0) ? ($param['subtotal'] / $total) : 1; 1058 $param['total'] = $param['total'] / $ratio; 1059 $param['subtotal'] = $param['subtotal'] / $ratio; 1060 $param['shipping'] = $param['shipping'] / $ratio; 1061 $param['shipping_tax'] = $param['shipping_tax'] / $ratio; 1062 $param['tax'] = $param['tax'] / $ratio; 1063 } 993 1064 994 1065 $param['currency_conversion'] = array( … … 1009 1080 { 1010 1081 if( $order->get_parent_id() === 0 && get_post_meta( $order_id, 'has_wcmp_sub_order', true ) == '1'){ 1011 $param['comment'] = 'Main WCMp Order Id ' . str_replace('wc-', '', sanitize_text_field($_REQUEST['order_status'])) . ' - ' . $order_id . ' From ' . get_option('socialboost_shop_id', 0).' total '.$param['total'];1082 $param['comment'] = 'Main WCMp Order Id ' . amsb_str_replace('wc-', '', sanitize_text_field($_REQUEST['order_status'])) . ' - ' . $order_id . ' From ' . get_option('socialboost_shop_id', 0).' total '.$param['total']; 1012 1083 $param['total'] = 0; 1013 1084 $param['subtotal'] = 0; … … 1020 1091 { 1021 1092 if( $order->get_parent_id() === 0 && get_post_meta( $order_id, 'has_sub_order', true ) == '1'){ 1022 $param['comment'] = 'Main Dokan Order Id ' . str_replace('wc-', '', sanitize_text_field($_REQUEST['order_status'])) . ' - ' . $order_id . ' From ' . get_option('socialboost_shop_id', 0).' total '.$param['total'];1093 $param['comment'] = 'Main Dokan Order Id ' . amsb_str_replace('wc-', '', sanitize_text_field($_REQUEST['order_status'])) . ' - ' . $order_id . ' From ' . get_option('socialboost_shop_id', 0).' total '.$param['total']; 1023 1094 $param['total'] = 0; 1024 1095 $param['subtotal'] = 0; … … 1053 1124 1054 1125 $order = new WC_Order($order_id); 1126 // Validate order exists 1127 if (!$order || !method_exists($order, 'get_id') || !$order->get_id()) { 1128 return; // Invalid order 1129 } 1055 1130 $status = $order->get_status(); 1056 1131 $arrayAdd = array('processing', 'completed'); … … 1065 1140 $user_email = $ordered_user->get('user_email'); 1066 1141 1067 if( in_array($status, $arrayAdd))1142 if(amsb_in_array($status, $arrayAdd)) 1068 1143 { 1069 1144 $urlApi = self::$_callback_url . self::$_api_version . 'addPurchaseEntry'; … … 1076 1151 } 1077 1152 1078 if ( version_compare( WC_VERSION,'3.7', '<' ))1153 if (amsb_check_wc_version( '3.7', '<' )) 1079 1154 $couponsArr = $order->get_used_coupons(); 1080 1155 else 1081 1156 $couponsArr = $order->get_coupon_codes(); 1082 1157 1083 if(!empty($couponsArr) )1158 if(!empty($couponsArr) && isset($couponsArr[0])) 1084 1159 $param['coupon'] = $couponsArr[0]; 1085 1160 … … 1097 1172 $param['tax'] = $order->get_total_tax(); 1098 1173 1099 if( version_compare( WC_VERSION,'3.0', '<' ))1174 if(amsb_check_wc_version( '3.0', '<' )) 1100 1175 $curOrder = $order->get_order_currency(); 1101 1176 else … … 1109 1184 1110 1185 $prodArr = $order->get_items(); 1186 1187 // Validate items array 1188 if (!is_array($prodArr) || empty($prodArr)) { 1189 $prodArr = array(); 1190 } 1191 1111 1192 $subtotal = 0; 1112 1193 1113 1194 foreach($prodArr as $prod) 1114 1195 { 1115 $product = new WC_Product($prod['product_id']); 1196 // Validate product ID exists in array 1197 if (!isset($prod['product_id'])) { 1198 continue; 1199 } 1200 1201 $product = wc_get_product($prod['product_id']); 1202 if (!$product) { 1203 continue; // Skip if product not found 1204 } 1205 1116 1206 $get_items_sql = $wpdb->prepare("select * from {$wpdb->prefix}postmeta WHERE meta_key = %s AND post_id = %d", '_price', $prod['product_id']); 1117 1207 $line_item = $wpdb->get_row($get_items_sql); 1118 $price = $line_item->meta_value; 1119 1120 if(empty($price)) 1121 $price = $product->price; 1122 1123 $subtotal += $price * $prod['qty']; 1124 } 1125 1126 $ratio = $order->get_subtotal() / $subtotal; 1127 $param['total'] = $param['total'] / $ratio; 1128 $param['subtotal'] = $param['subtotal'] / $ratio; 1129 $param['shipping'] = $param['shipping'] / $ratio; 1130 $param['shipping_tax'] = $param['shipping_tax'] / $ratio; 1131 $param['tax'] = $param['tax'] / $ratio; 1132 $param['refunded'] = $param['refunded'] / $ratio; 1133 $param['discount'] = $param['discount'] / $ratio; 1208 1209 // Get price from meta or product object 1210 $price = 0; 1211 if ($line_item && isset($line_item->meta_value) && !empty($line_item->meta_value)) { 1212 $price = $line_item->meta_value; 1213 } else { 1214 $price = $product->get_price(); 1215 } 1216 1217 $prod['qty'] = isset($prod['qty']) ? $prod['qty'] : 1; 1218 $subtotal += floatval($price) * floatval($prod['qty']); 1219 } 1220 1221 // CRITICAL: Prevent division by zero 1222 $ratio = 1; // Default ratio if division cannot be performed 1223 $order_subtotal = $order->get_subtotal(); 1224 if ($subtotal > 0 && $order_subtotal > 0) { 1225 $ratio = ($order_subtotal > 0) ? ($order_subtotal / $subtotal) : 1; 1226 $param['total'] = $param['total'] / $ratio; 1227 $param['subtotal'] = $param['subtotal'] / $ratio; 1228 $param['shipping'] = $param['shipping'] / $ratio; 1229 $param['shipping_tax'] = $param['shipping_tax'] / $ratio; 1230 $param['tax'] = $param['tax'] / $ratio; 1231 $param['refunded'] = $param['refunded'] / $ratio; 1232 $param['discount'] = $param['discount'] / $ratio; 1233 } 1134 1234 1135 1235 $param['currency_conversion'] = array( … … 1147 1247 } 1148 1248 1149 if(empty($_REQUEST['order_status'])) 1249 if(amsb_check_wc_version( '3.0', '<' )) 1250 { 1251 $param['name'] = $order->get_billing_first_name(); 1252 } 1253 else 1254 { 1255 $order_data = $order->get_data(); 1256 $param['name'] = (isset($order_data['billing']['first_name']) && !empty($order_data['billing']['first_name'])) ? $order_data['billing']['first_name'] : ''; 1257 } 1258 1259 $date_created = $order->get_date_created(); 1260 if(!isset($_REQUEST['order_status']) || empty($_REQUEST['order_status'])) { 1150 1261 $_REQUEST['order_status'] = ''; 1151 1152 if(version_compare( WC_VERSION, '3.0', '<' )) 1153 { 1154 $param['name'] = $order->get_billing_first_name(); 1155 } 1156 else 1157 { 1158 $order_data = $order->get_data(); 1159 $param['name'] = empty($order_data['billing']['first_name']) ? '' : $order_data['billing']['first_name']; 1160 } 1161 1162 $param['created_date'] = $order->get_date_created()->format('c'); 1262 } 1263 1264 $param['created_date'] = ($date_created && method_exists($date_created, 'format')) ? $date_created->format('c') : date('c'); 1163 1265 $param['user_ip'] = $order->get_customer_ip_address(); 1164 1266 $param['email'] = !empty($user_email) ? $user_email : $order->get_billing_email(); 1165 1267 $param['customer_id'] = $order->get_user_id(); 1166 $param['comment'] = 'Order Id ' . str_replace('wc-', '', sanitize_text_field($_REQUEST['order_status'])) . ' - ' . $order_id . ' From ' . get_option('siteurl');1268 $param['comment'] = 'Order Id ' . amsb_str_replace('wc-', '', sanitize_text_field($_REQUEST['order_status'])) . ' - ' . $order_id . ' From ' . get_option('siteurl'); 1167 1269 $param['order'] = 0; 1168 1270 $param['id_order'] = $order_id; … … 1173 1275 { 1174 1276 if( $order->get_parent_id() === 0 && get_post_meta( $order_id, 'has_wcmp_sub_order', true ) == '1'){ 1175 $param['comment'] = 'Main WCMp Order Id ' . str_replace('wc-', '', sanitize_text_field($_REQUEST['order_status'])) . ' - ' . $order_id . ' From ' . get_option('socialboost_shop_id', 0).' total '.$param['total'];1277 $param['comment'] = 'Main WCMp Order Id ' . amsb_str_replace('wc-', '', sanitize_text_field($_REQUEST['order_status'])) . ' - ' . $order_id . ' From ' . get_option('socialboost_shop_id', 0).' total '.$param['total']; 1176 1278 $param['total'] = 0; 1177 1279 $param['subtotal'] = 0; … … 1184 1286 { 1185 1287 if( $order->get_parent_id() === 0 && get_post_meta( $order_id, 'has_sub_order', true ) == '1'){ 1186 $param['comment'] = 'Main Dokan Order Id ' . str_replace('wc-', '', sanitize_text_field($_REQUEST['order_status'])) . ' - ' . $order_id . ' From ' . get_option('socialboost_shop_id', 0).' total '.$param['total'];1288 $param['comment'] = 'Main Dokan Order Id ' . amsb_str_replace('wc-', '', sanitize_text_field($_REQUEST['order_status'])) . ' - ' . $order_id . ' From ' . get_option('socialboost_shop_id', 0).' total '.$param['total']; 1187 1289 $param['total'] = 0; 1188 1290 $param['subtotal'] = 0; … … 1209 1311 global $wpdb; 1210 1312 $order = new WC_Order($order_id); 1313 1314 // Validate order exists 1315 if (!$order || !method_exists($order, 'get_id') || !$order->get_id()) { 1316 return; // Invalid order 1317 } 1211 1318 1212 1319 // Check purchase campaign is enabled … … 1236 1343 $email = $ordered_user->get('user_email'); 1237 1344 1238 if( empty($_REQUEST['refund_amount']))1345 if(!isset($_REQUEST['refund_amount']) || empty($_REQUEST['refund_amount'])) 1239 1346 return; 1240 1347 … … 1248 1355 1249 1356 $param['curShop'] = get_option('woocommerce_currency', 'USD'); 1250 if( version_compare( WC_VERSION,'3.0', '<' ))1357 if(amsb_check_wc_version( '3.0', '<' )) 1251 1358 $param['curOrder'] = $order->get_order_currency(); 1252 1359 else … … 1254 1361 1255 1362 $refundData = array(); 1256 foreach($order->get_refunds() as $refunds) { 1257 $refundData['discount_total'] = $refunds->discount_total; 1258 $refundData['discount_tax'] = $refunds->discount_tax; 1259 $refundData['shipping_total'] = $refunds->shipping_total; 1260 $refundData['shipping_tax'] = $refunds->shipping_tax; 1261 $refundData['cart_tax'] = $refunds->cart_tax; 1262 $refundData['total'] = $refunds->total; 1263 $refundData['total_tax'] = $refunds->total_tax; 1264 $refundData['amount'] = $refunds->amount; 1363 $order_refunds = $order->get_refunds(); 1364 1365 // Validate refunds array 1366 if (!is_array($order_refunds) || empty($order_refunds)) { 1367 return; // No refunds to process 1368 } 1369 1370 foreach($order_refunds as $refunds) { 1371 $refundData['discount_total'] = method_exists($refunds, 'get_discount_total') ? $refunds->get_discount_total() : 0; 1372 $refundData['discount_tax'] = method_exists($refunds, 'get_discount_tax') ? $refunds->get_discount_tax() : 0; 1373 $refundData['shipping_total'] = method_exists($refunds, 'get_shipping_total') ? $refunds->get_shipping_total() : 0; 1374 $refundData['shipping_tax'] = method_exists($refunds, 'get_shipping_tax') ? $refunds->get_shipping_tax() : 0; 1375 $refundData['cart_tax'] = method_exists($refunds, 'get_cart_tax') ? $refunds->get_cart_tax() : 0; 1376 $refundData['total'] = method_exists($refunds, 'get_total') ? $refunds->get_total() : 0; 1377 $refundData['total_tax'] = method_exists($refunds, 'get_total_tax') ? $refunds->get_total_tax() : 0; 1378 $refundData['amount'] = method_exists($refunds, 'get_amount') ? $refunds->get_amount() : 0; 1265 1379 1266 1380 $refundData['product_total'] = 0; 1267 foreach($refunds->get_items(array('line_item')) as $key => $lineItemObj) { 1268 $refundData['product_total'] += $lineItemObj->get_subtotal(); 1381 $refund_items = $refunds->get_items(array('line_item')); 1382 1383 // Validate items array before foreach 1384 if (is_array($refund_items) && !empty($refund_items)) { 1385 foreach($refund_items as $key => $lineItemObj) { 1386 if (method_exists($lineItemObj, 'get_subtotal')) { 1387 $refundData['product_total'] += $lineItemObj->get_subtotal(); 1388 } 1389 } 1269 1390 } 1270 1391 … … 1276 1397 { 1277 1398 $prodArr = $order->get_items(); 1399 1400 // Validate items array 1401 if (!is_array($prodArr) || empty($prodArr)) { 1402 $prodArr = array(); 1403 } 1404 1278 1405 $subtotal = 0; 1279 1406 1280 1407 foreach($prodArr as $prod) 1281 1408 { 1282 $product = new WC_Product($prod['product_id']); 1409 // Validate product ID exists in array 1410 if (!isset($prod['product_id'])) { 1411 continue; 1412 } 1413 1414 $product = wc_get_product($prod['product_id']); 1415 if (!$product) { 1416 continue; // Skip if product not found 1417 } 1418 1283 1419 $get_items_sql = $wpdb->prepare("select * from {$wpdb->prefix}postmeta WHERE meta_key = %s AND post_id = %d", '_price', $prod['product_id']); 1284 1420 $line_item = $wpdb->get_row($get_items_sql); 1285 $price = $line_item->meta_value; 1286 1287 if(empty($price)) 1288 $price = $product->price; 1289 1290 $subtotal += $price * $prod['qty']; 1291 } 1292 1293 $ratio = $order->get_subtotal() / $subtotal; 1294 $refundData['discount_total'] = $refundData['discount_total'] / $ratio; 1295 $refundData['discount_tax'] = $refundData['discount_tax'] / $ratio; 1296 $refundData['shipping_total'] = $refundData['shipping_total'] / $ratio; 1297 $refundData['shipping_tax'] = $refundData['shipping_tax'] / $ratio; 1298 $refundData['cart_tax'] = $refundData['cart_tax'] / $ratio; 1299 $refundData['total'] = $refundData['total'] / $ratio; 1300 $refundData['total_tax'] = $refundData['total_tax'] / $ratio; 1301 $refundData['amount'] = $refundData['amount'] / $ratio; 1302 $refundData['product_total'] = $refundData['product_total'] / $ratio; 1421 1422 // Get price from meta or product object 1423 $price = 0; 1424 if ($line_item && isset($line_item->meta_value) && !empty($line_item->meta_value)) { 1425 $price = $line_item->meta_value; 1426 } else { 1427 $price = $product->get_price(); 1428 } 1429 1430 $prod['qty'] = isset($prod['qty']) ? $prod['qty'] : 1; 1431 $subtotal += floatval($price) * floatval($prod['qty']); 1432 } 1433 1434 // CRITICAL: Prevent division by zero and initialize ratio 1435 $ratio = 1; // Default ratio 1436 $order_subtotal = $order->get_subtotal(); 1437 if ($subtotal > 0 && $order_subtotal > 0) { 1438 $ratio = ($order_subtotal > 0) ? ($order_subtotal / $subtotal) : 1; 1439 $refundData['discount_total'] = $refundData['discount_total'] / $ratio; 1440 $refundData['discount_tax'] = $refundData['discount_tax'] / $ratio; 1441 $refundData['shipping_total'] = $refundData['shipping_total'] / $ratio; 1442 $refundData['shipping_tax'] = $refundData['shipping_tax'] / $ratio; 1443 $refundData['cart_tax'] = $refundData['cart_tax'] / $ratio; 1444 $refundData['total'] = $refundData['total'] / $ratio; 1445 $refundData['total_tax'] = $refundData['total_tax'] / $ratio; 1446 $refundData['amount'] = $refundData['amount'] / $ratio; 1447 $refundData['product_total'] = $refundData['product_total'] / $ratio; 1448 } 1303 1449 1304 1450 $param['currency_conversion'] = array( … … 1327 1473 $param['tax'] = $order->get_total_tax(); 1328 1474 1329 $param['created_date'] = $order->get_date_created()->format('c'); 1475 $date_created = $order->get_date_created(); 1476 $param['created_date'] = ($date_created && method_exists($date_created, 'format')) ? $date_created->format('c') : date('c'); 1330 1477 $param['user_ip'] = $order->get_customer_ip_address(); 1331 1478 $param['email'] = !empty($email) ? $email : $order->get_billing_email(); … … 1336 1483 $urlApi = self::$_callback_url . self::$_api_version . 'removePurchaseEntry'; 1337 1484 1338 if( version_compare( WC_VERSION,'3.0', '<' ))1485 if(amsb_check_wc_version( '3.0', '<' )) 1339 1486 { 1340 1487 $param['name'] = $order->get_billing_first_name(); … … 1343 1490 { 1344 1491 $order_data = $order->get_data(); 1345 $param['name'] = empty($order_data['billing']['first_name']) ? '' : $order_data['billing']['first_name'];1492 $param['name'] = (isset($order_data['billing']['first_name']) && !empty($order_data['billing']['first_name'])) ? $order_data['billing']['first_name'] : ''; 1346 1493 } 1347 1494 … … 1365 1512 global $wpdb; 1366 1513 1367 if( !empty($_REQUEST['action']) && sanitize_text_field($_REQUEST['action']) == 'woocommerce_delete_refund')1514 if(isset($_REQUEST['action']) && !empty($_REQUEST['action']) && sanitize_text_field($_REQUEST['action']) == 'woocommerce_delete_refund') 1368 1515 { 1369 1516 // Check purchase campaign is enabled … … 1373 1520 1374 1521 $refund = new WC_Order_Refund($refund_id); 1375 $order = new WC_Order($refund->post->post_parent); 1522 1523 // Validate refund object exists 1524 if (!$refund || !method_exists($refund, 'get_id') || !$refund->get_id()) { 1525 return; // Invalid refund 1526 } 1527 1528 $parent_order_id = method_exists($refund, 'get_parent_id') ? $refund->get_parent_id() : 0; 1529 if (!$parent_order_id) { 1530 return; // No parent order found 1531 } 1532 $order = new WC_Order($parent_order_id); 1533 1534 // Validate order exists 1535 if (!$order || !method_exists($order, 'get_id') || !$order->get_id()) { 1536 return; // Invalid parent order 1537 } 1376 1538 1377 1539 $param['discount'] = $order->get_total_discount(); … … 1382 1544 $param['tax'] = $order->get_total_tax(); 1383 1545 1384 if( version_compare( WC_VERSION,'3.0', '<' ))1546 if(amsb_check_wc_version( '3.0', '<' )) 1385 1547 $curOrder = $order->get_order_currency(); 1386 1548 else … … 1404 1566 foreach($prodArr as $prod) 1405 1567 { 1406 $product = new WC_Product($prod['product_id']); 1568 // Validate product ID exists in array 1569 if (!isset($prod['product_id'])) { 1570 continue; 1571 } 1572 1573 $product = wc_get_product($prod['product_id']); 1574 if (!$product) { 1575 continue; // Skip if product not found 1576 } 1577 1407 1578 $get_items_sql = $wpdb->prepare("select * from {$wpdb->prefix}postmeta WHERE meta_key = %s AND post_id = %d", '_price', $prod['product_id']); 1408 1579 $line_item = $wpdb->get_row($get_items_sql); 1409 $price = $line_item->meta_value; 1410 1411 if(empty($price)) 1412 $price = $product->price; 1413 1414 $total += $price * $prod['qty']; 1580 1581 // Get price from meta or product object 1582 $price = 0; 1583 if ($line_item && isset($line_item->meta_value) && !empty($line_item->meta_value)) { 1584 $price = $line_item->meta_value; 1585 } else { 1586 $price = $product->get_price(); 1587 } 1588 1589 $prod['qty'] = isset($prod['qty']) ? $prod['qty'] : 1; 1590 $total += floatval($price) * floatval($prod['qty']); 1415 1591 } 1416 1592 1417 $ratio = $param['subtotal'] / $total; 1418 $param['total'] = $param['total'] / $ratio; 1419 } 1420 1421 $param['created_date'] = $order->get_date_created()->format('c'); 1593 if ($total > 0 && $param['subtotal'] > 0) { 1594 $ratio = ($param['subtotal'] > 0) ? ($param['subtotal'] / $total) : 1; 1595 $param['total'] = $param['total'] / $ratio; 1596 } 1597 } 1598 1599 $date_created = $order->get_date_created(); 1600 $param['created_date'] = ($date_created && method_exists($date_created, 'format')) ? $date_created->format('c') : date('c'); 1422 1601 $param['user_ip'] = $order->get_customer_ip_address(); 1423 1602 $param['email'] = !empty($email) ? $email : $order->get_billing_email(); 1424 1603 $param['customer_id'] = $order->get_user_id(); 1425 1604 $param['order'] = 0; 1426 $param['id_order'] = $ refund->post->post_parent;1605 $param['id_order'] = $parent_order_id; // Already obtained from get_parent_id() 1427 1606 $urlApi = self::$_callback_url . self::$_api_version . 'addPurchaseEntry'; 1428 1607 1429 if( version_compare( WC_VERSION,'3.0', '<' ))1608 if(amsb_check_wc_version( '3.0', '<' )) 1430 1609 { 1431 1610 $param['name'] = $order->get_billing_first_name(); … … 1437 1616 } 1438 1617 1439 $param['comment'] = 'Order Id Refund Restore - ' . $ refund->post->post_parent. ' From ' . get_option('siteurl');1618 $param['comment'] = 'Order Id Refund Restore - ' . $parent_order_id . ' From ' . get_option('siteurl'); 1440 1619 $param['status'] = 'Add'; 1441 1620 $param['order_status'] = $order->get_status(); … … 1452 1631 { 1453 1632 $msg = ''; 1633 $params = array(); 1454 1634 try 1455 1635 { … … 1471 1651 $params['name'] = isset($param['name']) ? $param['name'] : ''; 1472 1652 $params['comment'] = isset($param['comment']) ? $param['comment'] : ''; 1473 $params["app_lang"] = str_replace('-', '_', get_bloginfo('language')); 1474 $allparam = implode('#'.$params['app'].'#', $paramSalt); 1653 1654 // Validate get_bloginfo result 1655 $blog_lang = get_bloginfo('language'); 1656 $params["app_lang"] = !empty($blog_lang) ? amsb_str_replace('-', '_', $blog_lang) : ''; 1657 1658 $allparam = amsb_implode('#'.$params['app'].'#', $paramSalt); 1475 1659 $params['salt'] = md5($allparam); 1476 1660 $params['id_shop'] = $shop_id; … … 1503 1687 { 1504 1688 $res = self::_curlResp($params, $urlApi); 1505 if( !empty($res['error']))1689 if(isset($res['error']) && !empty($res['error'])) 1506 1690 $msg = 'Unexpected error occur. Please check with administrator.'; 1507 1691 } … … 1555 1739 throw new Exception('Verification request failed'); 1556 1740 1557 $resp_data = json_decode($response['body'], true);1741 $resp_data = amsb_json_decode($response['body'], true, array('error' => 1)); 1558 1742 1559 1743 if (isset($resp_data['error']) && $resp_data['error'] == 0 && isset($resp_data['config'])) { 1560 $config = $resp_data['config'];1561 1562 if (!empty($app_config) && is_array($app_config) )1744 $config = is_array($resp_data['config']) ? $resp_data['config'] : array(); 1745 1746 if (!empty($app_config) && is_array($app_config) && !empty($config)) 1563 1747 $config = array_merge($app_config, $config); 1564 1748
Note: See TracChangeset
for help on using the changeset viewer.