Skip to content

Commit

Permalink
Merge pull request #44 from LinkNacional/dev
Browse files Browse the repository at this point in the history 
1.3.2 Atualização de funções para escape de atributos
  • Loading branch information
@emanuellopess
emanuellopess authored Mar 5, 2024
2 parents a8026a1 + 3999014 commit 0ed8dd4
Show file tree
Hide file tree
Showing 5 changed files with 47 additions and 44 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
### 1.3.2 - 14/02/2024
- Substitution of echo to esc_html_e or esc_attr_e, adjust to comply with wordpress regulations

### 1.3.1 - 06/11/23
- Add cache no-store attribute to the PDF generation request

Expand Down
3 changes: 3 additions & 0 deletions README.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,9 @@ The Invoice Payment for WooCommerce plugin is now live and working.

== Changelog ==

= 1.3.2 =
* Substitution of echo to esc_html_e or esc_attr_e, adjust to comply with wordpress regulations

= 1.3.1 =
* add cache no-store attribute to the PDF generation request

Expand Down
75 changes: 36 additions & 39 deletions admin/class-wc-invoice-payment-admin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,9 +210,9 @@ public function render_settings_page(): void {
$text_before_payment_link = get_option('lkn_wcip_text_before_payment_link');

$html_templates_list = implode(array_map(function ($template) use ($global_template): string {
$template_id = $template['id'];
$friendly_template_name = $template['friendly_name'];
$preview_url = WC_PAYMENT_INVOICE_ROOT_URL . "includes/templates/$template_id/preview.webp";
$template_id = esc_attr($template['id']);
$friendly_template_name = esc_html($template['friendly_name']);
$preview_url = esc_url(WC_PAYMENT_INVOICE_ROOT_URL . "includes/templates/$template_id/preview.webp");

$selected = $global_template === $template_id ? 'selected' : '';

Expand Down Expand Up @@ -245,7 +245,7 @@ class="wcip-form-wrap"
name="lkn_wcip_payment_global_template"
id="lkn_wcip_payment_global_template"
class="regular-text"
>
>
<?php echo $html_templates_list; ?>
</select>
</div>
Expand All @@ -262,7 +262,7 @@ class="regular-text"
id="lkn_wcip_template_logo_url"
class="regular-text"
type="url"
value="<?php echo $template_logo_url; ?>"
value="<?php esc_attr_e($template_logo_url); ?>"
>
</div>

Expand All @@ -273,7 +273,7 @@ class="regular-text"
<textarea
name="lkn_wcip_default_footer"
id="lkn_wcip_default_footer"
><?php echo $default_footer; ?></textarea>
><?php esc_html_e($default_footer); ?></textarea>
</div>

<div class="input-row-wrap input-row-wrap-global-settings">
Expand All @@ -283,7 +283,7 @@ class="regular-text"
<textarea
name="lkn_wcip_sender_details"
id="lkn_wcip_sender_details"
><?php echo $sender_details; ?></textarea>
><?php esc_html_e($sender_details); ?></textarea>
</div>

<div class="input-row-wrap input-row-wrap-global-settings">
Expand All @@ -293,7 +293,7 @@ class="regular-text"
<textarea
name="lkn_wcip_text_before_payment_link"
id="lkn_wcip_text_before_payment_link"
><?php echo $text_before_payment_link; ?></textarea>
><?php esc_html_e($text_before_payment_link); ?></textarea>
</div>
</div>
</div>
Expand Down Expand Up @@ -355,9 +355,9 @@ public function render_edit_invoice_page(): void {
$templates_list = $this->handler_invoice_templates->get_templates_list();

$html_templates_list = implode(array_map(function ($template) use ($invoice_template): string {
$template_id = $template['id'];
$friendly_template_name = $template['friendly_name'];
$preview_url = WC_PAYMENT_INVOICE_ROOT_URL . "includes/templates/$template_id/preview.webp";
$template_id = esc_attr($template['id']);
$friendly_template_name = esc_html($template['friendly_name']);
$preview_url = esc_url(WC_PAYMENT_INVOICE_ROOT_URL . "includes/templates/$template_id/preview.webp");

$selected = $invoice_template === $template_id ? 'selected' : '';

Expand Down Expand Up @@ -389,14 +389,14 @@ class="wcip-form-wrap"
<input
id="wcip_rest_nonce"
type="hidden"
value="<?php echo wp_create_nonce('wp_rest'); ?>"
value="<?php esc_attr_e(wp_create_nonce('wp_rest')); ?>"
>
<?php wp_nonce_field('lkn_wcip_edit_invoice', 'nonce'); ?>
<div class="wcip-invoice-data">
<!-- Invoice details -->
<h2 class="title">
<?php _e('Invoice details', 'wc-invoice-payment'); ?>
<?php esc_html_e('#' . $invoiceId); ?>
<?php echo esc_html('#' . $invoiceId); ?>
</h2>
<div class="invoice-row-wrap">
<div class="invoice-column-wrap">
Expand Down Expand Up @@ -463,7 +463,7 @@ class="regular-text"
name="lkn_wcip_select_invoice_template"
id="lkn_wcip_select_invoice_template"
class="regular-text"
value="<?php echo $invoice_template; ?>"
value="<?php esc_attr_e($invoice_template); ?>"
required
>
<option value="global">
Expand All @@ -486,7 +486,7 @@ class="regular-text"
id="lkn_wcip_name_input"
class="regular-text"
required
value="<?php esc_html_e($order->get_billing_first_name() . ' ' . $order->get_billing_last_name()); ?>"
value="<?php echo esc_attr($order->get_billing_first_name() . ' ' . $order->get_billing_last_name()); ?>"
>
</div>
<div class="input-row-wrap">
Expand All @@ -508,7 +508,7 @@ class="regular-text"
name="lkn_wcip_extra_data"
id="lkn_wcip_extra_data"
class="regular-text"
><?php echo $order->get_meta('wcip_extra_data'); ?></textarea>
><?php esc_html_e($order->get_meta('wcip_extra_data')); ?></textarea>
</div>
</div>
</div>
Expand Down Expand Up @@ -545,7 +545,7 @@ class="text-bold"><?php _e('Invoice actions', 'wc-invoice-payment'); ?></span>
<a
class="lkn_wcip_generate_pdf_btn"
href="#"
data-invoice-id="<?php echo $invoiceId; ?>"
data-invoice-id="<?php esc_attr_e($invoiceId); ?>"
><?php _e('Download invoice', 'wc-invoice-payment'); ?></a>
</div>
</div>
Expand Down Expand Up @@ -687,7 +687,7 @@ class="invoice-column-wrap"
<textarea
name="lkn-wc-invoice-payment-footer-notes"
id="lkn-wc-invoice-payment-footer-notes"
><?php echo $order->get_meta('wcip_footer_notes'); ?></textarea>
><?php esc_html_e($order->get_meta('wcip_footer_notes')); ?></textarea>
</div>
</div>
</div>
Expand Down Expand Up @@ -716,7 +716,7 @@ public function render_invoice_list_page(): void {
<input
id="wcip_rest_nonce"
type="hidden"
value="<?php echo wp_create_nonce('wp_rest'); ?>"
value="<?php esc_attr_e(wp_create_nonce('wp_rest')); ?>"
>

<div class="wrap">
Expand Down Expand Up @@ -780,9 +780,9 @@ public function new_invoice_form(): void {
$templates_list = $this->handler_invoice_templates->get_templates_list();

$html_templates_list = implode(array_map(function ($template): string {
$template_id = $template['id'];
$friendly_template_name = $template['friendly_name'];
$preview_url = WC_PAYMENT_INVOICE_ROOT_URL . "includes/templates/$template_id/preview.webp";
$template_id = esc_attr($template['id']);
$friendly_template_name = esc_html($template['friendly_name']);
$preview_url = esc_url(WC_PAYMENT_INVOICE_ROOT_URL . "includes/templates/$template_id/preview.webp");

return "<option data-preview-url='$preview_url' value='$template_id'>$friendly_template_name</option>";
}, $templates_list));
Expand Down Expand Up @@ -821,25 +821,25 @@ class="wcip-form-wrap"
class="regular-text"
>
<option value="wc-pending">
<?php echo _x('Pending payment', 'Order status', 'woocommerce'); ?>
<?php esc_html_e(_x('Pending payment', 'Order status', 'woocommerce')); ?>
</option>
<option value="wc-processing">
<?php echo _x('Processing', 'Order status', 'woocommerce'); ?>
<?php esc_html_e(_x('Processing', 'Order status', 'woocommerce')); ?>
</option>
<option value="wc-on-hold">
<?php echo _x('On hold', 'Order status', 'woocommerce'); ?>
<?php esc_html_e(_x('On hold', 'Order status', 'woocommerce')); ?>
</option>
<option value="wc-completed">
<?php echo _x('Completed', 'Order status', 'woocommerce'); ?>
<?php esc_html_e(_x('Completed', 'Order status', 'woocommerce')); ?>
</option>
<option value="wc-cancelled">
<?php echo _x('Cancelled', 'Order status', 'woocommerce'); ?>
<?php esc_html_e(_x('Cancelled', 'Order status', 'woocommerce')); ?>
</option>
<option value="wc-refunded">
<?php echo _x('Refunded', 'Order status', 'woocommerce'); ?>
<?php esc_html_e(_x('Refunded', 'Order status', 'woocommerce')); ?>
</option>
<option value="wc-failed">
<?php echo _x('Failed', 'Order status', 'woocommerce'); ?>
<?php esc_html_e(_x('Failed', 'Order status', 'woocommerce')); ?>
</option>
</select>
</div>
Expand Down Expand Up @@ -1025,7 +1025,7 @@ class="invoice-column-wrap"
name="lkn-wc-invoice-payment-footer-notes"
id="lkn-wc-invoice-payment-footer-notes"
class="regular-text"
><?php echo $default_footer; ?></textarea>
><?php esc_html_e($default_footer); ?></textarea>
</div>
</div>
</div>
Expand Down Expand Up @@ -1156,12 +1156,10 @@ public function add_invoice_form_submit_handle(): void {
$order->add_order_note(__('Order details manually sent to customer.', 'woocommerce'), false, true);
}
// Success message

echo '<div class="lkn_wcip_notice_positive">' . __('Invoice successfully saved', 'wc-invoice-payment') . '</div>';
echo '<div class="lkn_wcip_notice_positive">' . esc_html(__('Invoice successfully saved', 'wc-invoice-payment')) . '</div>';
} else {
// Error message

echo '<div class="lkn_wcip_notice_negative">' . __('Error on invoice generation', 'wc-invoice-payment') . '</div>';
// Error messages
echo '<div class="lkn_wcip_notice_negative">' . esc_html(__('Error on invoice generation', 'wc-invoice-payment')) . '</div>';
}
}
}
Expand Down Expand Up @@ -1275,10 +1273,10 @@ public function edit_invoice_form_submit_handle(): void {
}

// Success message
echo '<div class="lkn_wcip_notice_positive">' . __('Invoice successfully saved', 'wc-invoice-payment') . '</div>';
echo '<div class="lkn_wcip_notice_positive">' . esc_html(__('Invoice successfully saved', 'wc-invoice-payment')) . '</div>';
} else {
// Error message
echo '<div class="lkn_wcip_notice_negative">' . __('Error on invoice generation', 'wc-invoice-payment') . '</div>';
echo '<div class="lkn_wcip_notice_negative">' . esc_html(__('Error on invoice generation', 'wc-invoice-payment')) . '</div>';
}
} elseif ('GET' == $_SERVER['REQUEST_METHOD'] && isset($_GET['lkn_wcip_delete'])) {
// Validates request for deleting invoice
Expand All @@ -1297,8 +1295,7 @@ public function edit_invoice_form_submit_handle(): void {
wp_redirect(home_url('wp-admin/admin.php?page=wc-invoice-payment'));
} else {
// Show error message

echo '<div class="lkn_wcip_notice_negative">' . __('Error on invoice deletion', 'wc-invoice-payment') . '</div>';
echo '<div class="lkn_wcip_notice_negative">' . esc_html(__('Error on invoice generation', 'wc-invoice-payment')) . '</div>';
}
}
}
Expand Down
6 changes: 3 additions & 3 deletions admin/class-wc-invoice-payment-table.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1289,7 +1289,7 @@ public function display_rows_or_placeholder() {
$this->display_rows();
} else {
echo '<tr class="no-items"><td class="colspanchange" colspan="' . $this->get_column_count() . '">';
$this->no_items();
esc_html_e($this->no_items());
echo '</td></tr>';
}
}
Expand Down Expand Up @@ -1352,7 +1352,7 @@ protected function single_row_columns($item) {
echo call_user_func(
[$this, '_column_' . $column_name],
$item,
$classes,
esc_attr($classes),
$data,
$primary
);
Expand All @@ -1363,7 +1363,7 @@ protected function single_row_columns($item) {
echo '</td>';
} else {
echo "<td $attributes>";
echo $this->column_default($item, $column_name);
echo esc_html($this->column_default($item, $column_name));
echo $this->handle_row_actions($item, $column_name, $primary);
echo '</td>';
}
Expand Down
4 changes: 2 additions & 2 deletions wc-invoice-payment.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
* Plugin Name: Invoice Payment for WooCommerce
* Plugin URI: https://www.linknacional.com/wordpress/plugins/
* Description: Invoice payment generation and management for WooCommerce.
* Version: 1.3.1
* Version: 1.3.2
* Author: Link Nacional
* Author URI: https://www.linknacional.com/
* License: GPL-2.0+
Expand All @@ -34,7 +34,7 @@
* Start at version 1.0.0 and use SemVer - https://semver.org
* Rename this for your plugin and update it as you release new versions.
*/
define('WC_PAYMENT_INVOICE_VERSION', '1.3.1');
define('WC_PAYMENT_INVOICE_VERSION', '1.3.2');
define('WC_PAYMENT_INVOICE_TRANSLATION_PATH', plugin_dir_path(__FILE__) . 'languages/');
define('WC_PAYMENT_INVOICE_ROOT_DIR', plugin_dir_path(__FILE__));
define('WC_PAYMENT_INVOICE_ROOT_URL', plugin_dir_url(__FILE__));
Expand Down

0 comments on commit 0ed8dd4

Please sign in to comment.