Context Navigation

← Previous Changeset
Next Changeset →

Changeset 3488708

Timestamp:

03/23/2026 08:48:07 AM (9 days ago)

Author:

flexcubed

Message:

Refactor script registration to include dependencies for admin and front-end scripts, and suppress session start errors in customization function.

Location:

pitchprint

Files:

: 20 edited
: 1 copied

tags/11.3.0 (copied) (copied from pitchprint/trunk)
tags/11.3.0/CHANGELOG.txt (modified) (1 diff)
tags/11.3.0/functions/admin/designs.php (modified) (2 diffs)
tags/11.3.0/functions/admin/orders.php (modified) (2 diffs)
tags/11.3.0/functions/admin/settings.php (modified) (3 diffs)
tags/11.3.0/functions/front/accounts.php (modified) (2 diffs)
tags/11.3.0/functions/front/customize_button.php (modified) (2 diffs)
tags/11.3.0/functions/front/projects.php (modified) (2 diffs)
tags/11.3.0/functions/general/customization.php (modified) (3 diffs)
tags/11.3.0/pitchprint.php (modified) (2 diffs)
tags/11.3.0/readme.txt (modified) (2 diffs)
trunk/CHANGELOG.txt (modified) (1 diff)
trunk/functions/admin/designs.php (modified) (2 diffs)
trunk/functions/admin/orders.php (modified) (2 diffs)
trunk/functions/admin/settings.php (modified) (3 diffs)
trunk/functions/front/accounts.php (modified) (2 diffs)
trunk/functions/front/customize_button.php (modified) (2 diffs)
trunk/functions/front/projects.php (modified) (2 diffs)
trunk/functions/general/customization.php (modified) (3 diffs)
trunk/pitchprint.php (modified) (2 diffs)
trunk/readme.txt (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

pitchprint/tags/11.3.0/CHANGELOG.txt

-                      r3479889
+                      r3488708
+== 11.3.0 =
+Improved user identification for customization data isolation
+Improved session handling reliability
+Replaced deprecated wc_enqueue_js with wp_add_inline_script
 == 11.2.0 =
 Fixed a vulnerability issue confined to uploads the plugin folder

pitchprint/tags/11.3.0/functions/admin/designs.php

-                      r3286188
+                      r3488708
         $credentials = \pitchprint\functions\general\fetch_credentials();
         wc_enqueue_js( PITCHPRINT_ADMIN_DEF . "
+        $pp_inline_js = PITCHPRINT_ADMIN_DEF . "
             PPADMIN.vars = {
                 credentials: { timestamp: '" . $credentials['timestamp'] . "', apiKey: '" . get_option('ppa_api_key') . "', signature: '" . $credentials['signature'] . "'},
 …
             PPADMIN.readyFncs.push('init', 'fetchDesigns');
             if (typeof PPADMIN.start !== 'undefined') PPADMIN.start();
+        ");
+        ";
+        wp_register_script('pitchprint-admin-designs', '', array('pitchprint_admin'), false, true);
+        wp_enqueue_script('pitchprint-admin-designs');
+        wp_add_inline_script('pitchprint-admin-designs', $pp_inline_js);
+    }

pitchprint/tags/11.3.0/functions/admin/orders.php

-                      r3391124
+                      r3488708
         $cred = \pitchprint\functions\general\fetch_credentials();
         wp_enqueue_script('pitchprint_admin', 'https://pitchprint.io/rsc/js/a.wp.js');
         wc_enqueue_js( "var PPADMIN = window.PPADMIN; if (typeof PPADMIN === 'undefined') window.PPADMIN = PPADMIN = { version: '9.0.0', readyFncs: [] };" . "
+        $pp_inline_js = "var PPADMIN = window.PPADMIN; if (typeof PPADMIN === 'undefined') window.PPADMIN = PPADMIN = { version: '9.0.0', readyFncs: [] };" . "
             PPADMIN.vars = {
                 credentials: { timestamp: '" . $cred['timestamp'] . "', apiKey: '" . get_option('ppa_api_key') . "', signature: '" . $cred['signature'] . "'}
 …
             PPADMIN.readyFncs.push('init');
             if (typeof PPADMIN.start !== 'undefined') PPADMIN.start();
+        ");
+        ";
+        wp_register_script('pitchprint-admin-order', '', array('pitchprint_admin'), false, true);
+        wp_enqueue_script('pitchprint-admin-order');
+        wp_add_inline_script('pitchprint-admin-order', $pp_inline_js);
+    }
     function format_pitchprint_order_value($formatted_meta, $order_item) {

pitchprint/tags/11.3.0/functions/admin/settings.php

-                      r3404073
+                      r3488708
         'ppa_settings_section'
     );
+    add_settings_field(
+        'ppa_disable_session',
+        __('Disable Session Backup', 'PitchPrint'),
+        'pitchprint\\functions\\admin\\ppa_disable_session',
+        'pitchprint',
+        'ppa_settings_section'
+    );
     // Register settings with sanitization callbacks
 …
     ]);
     register_setting('pitchprint', 'ppa_email_download_link', [
+        'sanitize_callback' => 'sanitize_text_field'
+    ]);
+    register_setting('pitchprint', 'ppa_disable_session', [
         'sanitize_callback' => 'sanitize_text_field'
     ]);
 …
+}
+function ppa_disable_session() {
+    $checked = checked(get_option('ppa_disable_session'), 'on', false);
+    echo '<input id="ppa_disable_session" name="ppa_disable_session" type="checkbox" ' . $checked . ' />';
+    echo '<label for="ppa_disable_session">' . __('Disable PHP session backup (enable this if your host uses Batcache or similar page caching)', 'PitchPrint') . '</label>';
+}
 function add_settings_link($links) {
     $settings_link = [

pitchprint/tags/11.3.0/functions/front/accounts.php

-                      r3286188
+                      r3488708
         echo '<div id="pp_mydesigns_div"></div>';
         wc_enqueue_js("
+        $pp_inline_js = "
             ajaxsearch = undefined;
             (function(_doc) {
 …
                     isCheckoutPage: " . (is_checkout() ? 'true' : 'false') . "
                 });
+            })(document);");
+            })(document);";
+        wp_register_script('pitchprint-account-init', '', array('pitchprint_class'), false, true);
+        wp_enqueue_script('pitchprint-account-init');
+        wp_add_inline_script('pitchprint-account-init', $pp_inline_js);
+    }

pitchprint/tags/11.3.0/functions/front/customize_button.php

-                      r3391124
+                      r3488708
         $upload_path = file_exists(ABSPATH . 'pitchprint/uploader') ? 'pitchprint/uploader/' : 'wp-content/plugins/pitchprint/uploader/';
         wc_enqueue_js("
+        $pp_inline_js = "
             ajaxsearch = undefined;
             (function(_doc) {
 …
                     ppValue: '{$now_value}',
                 });
+            })(document);");
+            })(document);";
+        wp_register_script('pitchprint-product-init', '', array('pitchprint_class'), false, true);
+        wp_enqueue_script('pitchprint-product-init');
+        wp_add_inline_script('pitchprint-product-init', $pp_inline_js);
         echo '<input type="hidden" id="_w2p_set_option" name="_w2p_set_option" value="' . $now_value . '" />

pitchprint/tags/11.3.0/functions/front/projects.php

-                      r3286188
+                      r3488708
     function save_project_sess() {
         if (!isset($_POST['productId']) || empty($_POST['productId'])) {
             wp_send_json_error('No product ID provided');
 …
     function reset_project_sess() {
         if (!isset($_POST['productId']) || empty($_POST['productId'])) {
             wp_send_json_error('No product ID provided.');

pitchprint/tags/11.3.0/functions/general/customization.php

-                      r3296178
+                      r3488708
     namespace pitchprint\functions\general;
+    function get_user_token() {
+        if (isset($_COOKIE[PITCHPRINT_CUSTOMIZATION_KEY]))
+            return $_COOKIE[PITCHPRINT_CUSTOMIZATION_KEY];
+        // Generate a random token for the user (guest or signed-in)
+        if (!headers_sent()) {
+            $token = bin2hex(random_bytes(16));
+            $cookie_set = setcookie(PITCHPRINT_CUSTOMIZATION_KEY, $token, time() + PITCHPRINT_CUSTOMIZATION_DURATION, '/');
+            if (!$cookie_set) {
+                // Handle error if cookie cannot be set
+                error_log('[PITCHPRINT] Failed to set cookie: ' . PRINT_APP_CUSTOMIZATION_KEY);
+            } else {
+                return $token;
+            }
+    function use_session_backup() {
+        return get_option('ppa_disable_session') !== 'on';
+    }
+    function ensure_session() {
+        if (use_session_backup() && session_status() === PHP_SESSION_NONE && !headers_sent()) {
+            @session_start();
+        }
+    }
+    // Sanitize and validate inputs for better security
+    function get_user_token() {
+        // For logged-in WordPress users, use their user ID as the token.
+        // This ensures data isolation even if cookies are lost or shared.
+        $user_id = get_current_user_id();
+        if ($user_id > 0) {
+            return 'user_' . $user_id;
+        }
+        // For guests, use the cookie token managed by the JS client
+        if (isset($_COOKIE[PITCHPRINT_CUSTOMIZATION_KEY]) && !empty($_COOKIE[PITCHPRINT_CUSTOMIZATION_KEY])) {
+            return sanitize_text_field($_COOKIE[PITCHPRINT_CUSTOMIZATION_KEY]);
+        }
+        return false;
+    }
     function save_customization_data($product_id, $customization_data) {
         $product_id = absint($product_id); // Ensure product_id is an integer
         $customization_data = wp_unslash($customization_data); // Remove slashes from input
+        $product_id = absint($product_id);
+        $customization_data = wp_unslash($customization_data);
         $user_token = get_user_token();
         if (!is_string($user_token) || empty($user_token)) {
             return false; // Invalid token
+            return false;
+        }
         $key = 'pitchprint_' . $user_token . '_' . $product_id;
-        // Try saving to transient first
         delete_transient($key);
         $transient_result = set_transient($key, $customization_data, PITCHPRINT_CUSTOMIZATION_DURATION);
+        $result = set_transient($key, $customization_data, PITCHPRINT_CUSTOMIZATION_DURATION);
+        // Also save to session as a backup
+        if (!headers_sent() && session_status() === PHP_SESSION_NONE) {
+            session_start();
+        // Session backup for hosts that allow it
+        ensure_session();
+        if (session_status() === PHP_SESSION_ACTIVE) {
+            $_SESSION[$key] = $customization_data;
+        }
-        $_SESSION[$key] = $customization_data;
+        // Return the key if transient save was successful, otherwise FALSE
+        return $transient_result !== FALSE ? $key : FALSE;
+        return $result !== FALSE ? $key : FALSE;
+    }
 …
         $user_token = get_user_token();
         if (!is_string($user_token) || empty($user_token)) {
             return false; // Invalid token
+            return false;
+        }
         $key = 'pitchprint_' . $user_token . '_' . $product_id;
-        // Try getting from transient first
         $data = get_transient($key);
         if ($data !== false) {
             return $data;
+        }
+        // If transient failed or expired, try getting from session
+        if (!headers_sent() && session_status() === PHP_SESSION_NONE) {
+            session_start();
+        }
+        if (isset($_SESSION[$key])) {
+            // Optionally, restore the transient if found in session
+        // Fall back to session if transient expired
+        ensure_session();
+        if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION[$key])) {
             return $_SESSION[$key];
+        }
         return false; // Return false if not found in either
+        return false;
+    }
 …
         $user_token = get_user_token();
         if (!is_string($user_token) || empty($user_token)) {
             return false; // Invalid token
+            return false;
+        }
         $key = 'pitchprint_' . $user_token . '_' . $product_id;
-        // Delete from transient
         delete_transient($key);
+        // Delete from session
+        if (!headers_sent() && session_status() === PHP_SESSION_NONE) {
+            session_start();
+        }
+        if (isset($_SESSION[$key])) {
+        ensure_session();
+        if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION[$key])) {
             unset($_SESSION[$key]);
+        }

pitchprint/tags/11.3.0/pitchprint.php

-                      r3479889
+                      r3488708
 *   Description:            A beautiful web based print customization app for your online store. Integrates with WooCommerce.
 *   Author:                 PitchPrint, Inc.
 *   Version:                11.2.0
+*   Version:                11.3.0
 *   Author URI:             https://pitchprint.com
 *   Requires at least:      3.8
 …
              *  @var string
             */
             public $version = '11.2.0';
+            public $version = '11.3.0';
             /**

pitchprint/tags/11.3.0/readme.txt

-                      r3479889
+                      r3488708
 Requires at least: 3.8
 Tested up to: 6.8
 Stable tag: 11.2.0
+Stable tag: 11.3.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+== 11.3.0 =
+Improved user identification for customization data isolation
+Improved session handling reliability
+Replaced deprecated wc_enqueue_js with wp_add_inline_script
 == 11.2.0 =

pitchprint/trunk/CHANGELOG.txt

-                      r3479889
+                      r3488708
+== 11.3.0 =
+Improved user identification for customization data isolation
+Improved session handling reliability
+Replaced deprecated wc_enqueue_js with wp_add_inline_script
 == 11.2.0 =
 Fixed a vulnerability issue confined to uploads the plugin folder

pitchprint/trunk/functions/admin/designs.php

-                      r3286188
+                      r3488708
         $credentials = \pitchprint\functions\general\fetch_credentials();
         wc_enqueue_js( PITCHPRINT_ADMIN_DEF . "
+        $pp_inline_js = PITCHPRINT_ADMIN_DEF . "
             PPADMIN.vars = {
                 credentials: { timestamp: '" . $credentials['timestamp'] . "', apiKey: '" . get_option('ppa_api_key') . "', signature: '" . $credentials['signature'] . "'},
 …
             PPADMIN.readyFncs.push('init', 'fetchDesigns');
             if (typeof PPADMIN.start !== 'undefined') PPADMIN.start();
+        ");
+        ";
+        wp_register_script('pitchprint-admin-designs', '', array('pitchprint_admin'), false, true);
+        wp_enqueue_script('pitchprint-admin-designs');
+        wp_add_inline_script('pitchprint-admin-designs', $pp_inline_js);
+    }

pitchprint/trunk/functions/admin/orders.php

-                      r3391124
+                      r3488708
         $cred = \pitchprint\functions\general\fetch_credentials();
         wp_enqueue_script('pitchprint_admin', 'https://pitchprint.io/rsc/js/a.wp.js');
         wc_enqueue_js( "var PPADMIN = window.PPADMIN; if (typeof PPADMIN === 'undefined') window.PPADMIN = PPADMIN = { version: '9.0.0', readyFncs: [] };" . "
+        $pp_inline_js = "var PPADMIN = window.PPADMIN; if (typeof PPADMIN === 'undefined') window.PPADMIN = PPADMIN = { version: '9.0.0', readyFncs: [] };" . "
             PPADMIN.vars = {
                 credentials: { timestamp: '" . $cred['timestamp'] . "', apiKey: '" . get_option('ppa_api_key') . "', signature: '" . $cred['signature'] . "'}
 …
             PPADMIN.readyFncs.push('init');
             if (typeof PPADMIN.start !== 'undefined') PPADMIN.start();
+        ");
+        ";
+        wp_register_script('pitchprint-admin-order', '', array('pitchprint_admin'), false, true);
+        wp_enqueue_script('pitchprint-admin-order');
+        wp_add_inline_script('pitchprint-admin-order', $pp_inline_js);
+    }
     function format_pitchprint_order_value($formatted_meta, $order_item) {

pitchprint/trunk/functions/admin/settings.php

-                      r3404073
+                      r3488708
         'ppa_settings_section'
     );
+    add_settings_field(
+        'ppa_disable_session',
+        __('Disable Session Backup', 'PitchPrint'),
+        'pitchprint\\functions\\admin\\ppa_disable_session',
+        'pitchprint',
+        'ppa_settings_section'
+    );
     // Register settings with sanitization callbacks
 …
     ]);
     register_setting('pitchprint', 'ppa_email_download_link', [
+        'sanitize_callback' => 'sanitize_text_field'
+    ]);
+    register_setting('pitchprint', 'ppa_disable_session', [
         'sanitize_callback' => 'sanitize_text_field'
     ]);
 …
+}
+function ppa_disable_session() {
+    $checked = checked(get_option('ppa_disable_session'), 'on', false);
+    echo '<input id="ppa_disable_session" name="ppa_disable_session" type="checkbox" ' . $checked . ' />';
+    echo '<label for="ppa_disable_session">' . __('Disable PHP session backup (enable this if your host uses Batcache or similar page caching)', 'PitchPrint') . '</label>';
+}
 function add_settings_link($links) {
     $settings_link = [

pitchprint/trunk/functions/front/accounts.php

-                      r3286188
+                      r3488708
         echo '<div id="pp_mydesigns_div"></div>';
         wc_enqueue_js("
+        $pp_inline_js = "
             ajaxsearch = undefined;
             (function(_doc) {
 …
                     isCheckoutPage: " . (is_checkout() ? 'true' : 'false') . "
                 });
+            })(document);");
+            })(document);";
+        wp_register_script('pitchprint-account-init', '', array('pitchprint_class'), false, true);
+        wp_enqueue_script('pitchprint-account-init');
+        wp_add_inline_script('pitchprint-account-init', $pp_inline_js);
+    }

pitchprint/trunk/functions/front/customize_button.php

-                      r3391124
+                      r3488708
         $upload_path = file_exists(ABSPATH . 'pitchprint/uploader') ? 'pitchprint/uploader/' : 'wp-content/plugins/pitchprint/uploader/';
         wc_enqueue_js("
+        $pp_inline_js = "
             ajaxsearch = undefined;
             (function(_doc) {
 …
                     ppValue: '{$now_value}',
                 });
+            })(document);");
+            })(document);";
+        wp_register_script('pitchprint-product-init', '', array('pitchprint_class'), false, true);
+        wp_enqueue_script('pitchprint-product-init');
+        wp_add_inline_script('pitchprint-product-init', $pp_inline_js);
         echo '<input type="hidden" id="_w2p_set_option" name="_w2p_set_option" value="' . $now_value . '" />

pitchprint/trunk/functions/front/projects.php

-                      r3286188
+                      r3488708
     function save_project_sess() {
         if (!isset($_POST['productId']) || empty($_POST['productId'])) {
             wp_send_json_error('No product ID provided');
 …
     function reset_project_sess() {
         if (!isset($_POST['productId']) || empty($_POST['productId'])) {
             wp_send_json_error('No product ID provided.');

pitchprint/trunk/functions/general/customization.php

-                      r3296178
+                      r3488708
     namespace pitchprint\functions\general;
+    function get_user_token() {
+        if (isset($_COOKIE[PITCHPRINT_CUSTOMIZATION_KEY]))
+            return $_COOKIE[PITCHPRINT_CUSTOMIZATION_KEY];
+        // Generate a random token for the user (guest or signed-in)
+        if (!headers_sent()) {
+            $token = bin2hex(random_bytes(16));
+            $cookie_set = setcookie(PITCHPRINT_CUSTOMIZATION_KEY, $token, time() + PITCHPRINT_CUSTOMIZATION_DURATION, '/');
+            if (!$cookie_set) {
+                // Handle error if cookie cannot be set
+                error_log('[PITCHPRINT] Failed to set cookie: ' . PRINT_APP_CUSTOMIZATION_KEY);
+            } else {
+                return $token;
+            }
+    function use_session_backup() {
+        return get_option('ppa_disable_session') !== 'on';
+    }
+    function ensure_session() {
+        if (use_session_backup() && session_status() === PHP_SESSION_NONE && !headers_sent()) {
+            @session_start();
+        }
+    }
+    // Sanitize and validate inputs for better security
+    function get_user_token() {
+        // For logged-in WordPress users, use their user ID as the token.
+        // This ensures data isolation even if cookies are lost or shared.
+        $user_id = get_current_user_id();
+        if ($user_id > 0) {
+            return 'user_' . $user_id;
+        }
+        // For guests, use the cookie token managed by the JS client
+        if (isset($_COOKIE[PITCHPRINT_CUSTOMIZATION_KEY]) && !empty($_COOKIE[PITCHPRINT_CUSTOMIZATION_KEY])) {
+            return sanitize_text_field($_COOKIE[PITCHPRINT_CUSTOMIZATION_KEY]);
+        }
+        return false;
+    }
     function save_customization_data($product_id, $customization_data) {
         $product_id = absint($product_id); // Ensure product_id is an integer
         $customization_data = wp_unslash($customization_data); // Remove slashes from input
+        $product_id = absint($product_id);
+        $customization_data = wp_unslash($customization_data);
         $user_token = get_user_token();
         if (!is_string($user_token) || empty($user_token)) {
             return false; // Invalid token
+            return false;
+        }
         $key = 'pitchprint_' . $user_token . '_' . $product_id;
-        // Try saving to transient first
         delete_transient($key);
         $transient_result = set_transient($key, $customization_data, PITCHPRINT_CUSTOMIZATION_DURATION);
+        $result = set_transient($key, $customization_data, PITCHPRINT_CUSTOMIZATION_DURATION);
+        // Also save to session as a backup
+        if (!headers_sent() && session_status() === PHP_SESSION_NONE) {
+            session_start();
+        // Session backup for hosts that allow it
+        ensure_session();
+        if (session_status() === PHP_SESSION_ACTIVE) {
+            $_SESSION[$key] = $customization_data;
+        }
-        $_SESSION[$key] = $customization_data;
+        // Return the key if transient save was successful, otherwise FALSE
+        return $transient_result !== FALSE ? $key : FALSE;
+        return $result !== FALSE ? $key : FALSE;
+    }
 …
         $user_token = get_user_token();
         if (!is_string($user_token) || empty($user_token)) {
             return false; // Invalid token
+            return false;
+        }
         $key = 'pitchprint_' . $user_token . '_' . $product_id;
-        // Try getting from transient first
         $data = get_transient($key);
         if ($data !== false) {
             return $data;
+        }
+        // If transient failed or expired, try getting from session
+        if (!headers_sent() && session_status() === PHP_SESSION_NONE) {
+            session_start();
+        }
+        if (isset($_SESSION[$key])) {
+            // Optionally, restore the transient if found in session
+        // Fall back to session if transient expired
+        ensure_session();
+        if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION[$key])) {
             return $_SESSION[$key];
+        }
         return false; // Return false if not found in either
+        return false;
+    }
 …
         $user_token = get_user_token();
         if (!is_string($user_token) || empty($user_token)) {
             return false; // Invalid token
+            return false;
+        }
         $key = 'pitchprint_' . $user_token . '_' . $product_id;
-        // Delete from transient
         delete_transient($key);
+        // Delete from session
+        if (!headers_sent() && session_status() === PHP_SESSION_NONE) {
+            session_start();
+        }
+        if (isset($_SESSION[$key])) {
+        ensure_session();
+        if (session_status() === PHP_SESSION_ACTIVE && isset($_SESSION[$key])) {
             unset($_SESSION[$key]);
+        }

pitchprint/trunk/pitchprint.php

-                      r3479889
+                      r3488708
 *   Description:            A beautiful web based print customization app for your online store. Integrates with WooCommerce.
 *   Author:                 PitchPrint, Inc.
 *   Version:                11.2.0
+*   Version:                11.3.0
 *   Author URI:             https://pitchprint.com
 *   Requires at least:      3.8
 …
              *  @var string
             */
             public $version = '11.2.0';
+            public $version = '11.3.0';
             /**

pitchprint/trunk/readme.txt

-                      r3479889
+                      r3488708
 Requires at least: 3.8
 Tested up to: 6.8
 Stable tag: 11.2.0
+Stable tag: 11.3.0
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 …
 == Changelog ==
+== 11.3.0 =
+Improved user identification for customization data isolation
+Improved session handling reliability
+Replaced deprecated wc_enqueue_js with wp_add_inline_script
 == 11.2.0 =

Note: See TracChangeset for help on using the changeset viewer.

Trac UI Preferences

Plugin Directory