Changeset 2981645

Timestamp:

10/20/2023 10:50:31 AM (2 years ago)

Author:

amadercode

Message:

1. Security bug and plugin version updated

Location:

wp-amazon-shop/trunk

Files:

• includes/import/wp-amazon-shop-import.php (modified) (7 diffs)
• includes/wp-amazon-shop-admin-api.php (modified) (1 diff)
• readme.txt (modified) (1 diff)
• wp-amazon-shop.php (modified) (1 diff)

wp-amazon-shop/trunk/includes/import/wp-amazon-shop-import.php

@@ -88 +88 @@
                             if(!empty($categories)){
                                 foreach ( $categories['categories'] as $index => $category ) {
-                                    echo '<option value="'.$index.'">'.$category.'</option>';
+                                    echo '<option value="' . esc_attr($index) . '">' . esc_html($category) . '</option>';
                                 }
                             }
@@ -126 +126 @@
                             if(!empty($wpas_woo_categories)){
                                 foreach ( $wpas_woo_categories as $category ) {
-                                    echo '<option value="'.$category->name.'">'.$category->name.'</option>';
+                                    echo '<option value="'.esc_attr($category->name).'">'.esc_html($category->name).'</option>';
                                 }
                             }
@@ -782 +782 @@
                             <span class="amazon-product-prime"></span>
                         <?php } ?>
-                        <img src="<?php echo $product['ImageUrl']; ?>" alt="Product">
+                        <img src="<?php echo esc_url($product['ImageUrl']); ?>" alt="<?php echo esc_attr('Product'); ?>">
                     </div>
                 </td>
-                <td class="wpas-import-title" >
-                    <p class="field_text"><?php echo str_replace("\'", "", $product['Title']); ?> </p>
-                    <p class="field_text"><a href="<?php echo esc_url_raw($product['DetailPageURL']); ?>?tag=<?php echo $affiliate_tag;  ?>" target="_blank" class="link_to_source product_url"><?php _e('Amazon Product page', 'wp-amazon-shop') ?></a></p>
-                <td class="wpas-import-asin" > <strong><?php echo $product['ASIN'];?></strong></td>
+                <td class="wpas-import-title">
+                    <p class="field_text"><?php echo esc_html(str_replace("\'", "", $product['Title'])); ?></p>
+                    <p class="field_text"><a href="<?php echo esc_url($product['DetailPageURL'] . '?tag=' . esc_attr($affiliate_tag)); ?>" target="_blank" class="link_to_source product_url"><?php _e('Amazon Product page', 'wp-amazon-shop'); ?></a></p></td>
+                <td class="wpas-import-asin"><strong><?php echo esc_html($product['ASIN']); ?></strong></td>
                 <td class="wpas-import-price">
-                    <p class="field_text"><?php echo $product['Price'];?></strong></p>
+                    <p class="field_text"><?php echo esc_html($product['Price']); ?></p>
                 </td>
                 <td class="wpas-import-rating-review" >
@@ -802 +802 @@
                         $rating_class="a-star-".$formatted_rating;
                         ?>
-                        <div class="amazon-product-rating" data-product-asin="<?php echo $product['ASIN']; ?>">
-                            <i class="a-icon a-icon-star <?php echo $rating_class?>"><span class="a-icon-alt"><?php echo $product['Rating']; ?> <?php _e('out of 5 stars', 'wp-amazon-shop') ?></span></i>
-                            <p>( <a href="<?php echo esc_url_raw($product['DetailPageURL']); ?>?tag=<?php echo $affiliate_tag;  ?>#dp-summary-see-all-reviews" target="_blank"><?php echo $product['TotalReviews'] ;?></a>)</p>
+                        <div class="amazon-product-rating" data-product-asin="<?php echo esc_attr($product['ASIN']); ?>">
+                            <i class="a-icon a-icon-star <?php echo esc_attr($rating_class); ?>"><span class="a-icon-alt"><?php echo esc_html($product['Rating']); ?> <?php _e('out of 5 stars', 'wp-amazon-shop'); ?></span></i>
+                            <p>(<a href="<?php echo esc_url($product['DetailPageURL'] . '?tag=' . esc_attr($affiliate_tag) . '#dp-summary-see-all-reviews'); ?>" target="_blank"><?php echo esc_html($product['TotalReviews']); ?></a>)</p>
                         </div>
                     <?php } ?>
                 </td>
                 <td class="wpas-import-action">
-                    <button type="button" wpas-import-data="<?php echo $import_data;?>" class="button button-primary button-small wpas-item-import-btn"><?php _e('Import to WooCommerce', 'wp-amazon-shop') ?></button>
+                    <button type="button" wpas-import-data="<?php echo esc_attr($import_data);?>" class="button button-primary button-small wpas-item-import-btn"><?php _e('Import to WooCommerce', 'wp-amazon-shop') ?></button>
                     <p class="wpas-import-success-action"></p>
                 </td>
@@ -825 +825 @@
         global $wp_error;
         $response = array();
-        $sku = sanitize_text_field( $_POST['sku']);
-        $title = str_replace("\'", "", sanitize_text_field($_POST['title']));
-        $price = wpas_clean($_POST['price']);
-        $product_url = esc_url_raw( $_POST['amazon_url']);
-        $image_url = esc_url_raw($_POST['image']);
+        $sku = sanitize_text_field(isset($_POST['sku']) ? $_POST['sku'] : '');
+        $title = sanitize_text_field(isset($_POST['title']) ? $_POST['title'] : '');
+        $price = floatval(isset($_POST['price']) ? $_POST['price'] : 0.0);
+        $product_url = esc_url_raw(isset($_POST['amazon_url']) ? $_POST['amazon_url'] : '');
+        $image_url = esc_url_raw(isset($_POST['image']) ? $_POST['image'] : '');
         $product_id = wc_get_product_id_by_sku($sku);
         if ($product_id) {
@@ -838 +838 @@
             if($this->wpas_capabitlity()){
                 //inserting functionality
+                $post_content = $title . '<br><img src="' . esc_url($image_url) . '" alt="' . esc_attr($title) . '"><br><br><a href="' . esc_url($product_url) . '" target="_blank">Product Link</a>';
                 $post = array(
                     'post_author' => 1,
-                    'post_content' => $title . '<br><img src="' . $image_url . '" alt="' . $title . '"><br> <br>  <a href="' . esc_url_raw($product_url) . '"  target="_blank">Product Link</a>',
+                    'post_content' =>$post_content,
                     'post_status' => "publish",
                     'post_title' => $title,
@@ -880 +881 @@
                         $upload_dir = wp_upload_dir(); // Set upload folder
                         $image_data = file_get_contents($big_image_url); // Get image data
+
                         $unique_file_name = wp_unique_filename($upload_dir['path'], $image_name); // Generate unique name
                         $filename = basename($unique_file_name); // Create image file name
-
-                        // Check folder permission and define file location
-                        if (wp_mkdir_p($upload_dir['path'])) {
-                            $file = $upload_dir['path'] . '/' . $filename;
-                        } else {
-                            $file = $upload_dir['basedir'] . '/' . $filename;
-                        }
-
-                        // Create the image  file on the server
-                        file_put_contents($file, $image_data);
-
-                        // Check image file type
-                        $wp_filetype = wp_check_filetype($filename, null);
-
-                        // Set attachment data
-                        $attachment = array(
-                            'post_mime_type' => $wp_filetype['type'],
-                            'post_title' => sanitize_file_name($filename),
-                            'post_content' => '',
-                            'post_status' => 'inherit'
-                        );
-
-                        // Create the attachment
-                        $attach_id = wp_insert_attachment($attachment, $file, $post_id);
-
-                        // Include image.php
-                        require_once(ABSPATH . 'wp-admin/includes/image.php');
-
-                        // Define attachment metadata
-                        $attach_data = wp_generate_attachment_metadata($attach_id, $file);
-
-                        // Assign metadata to attachment
-                        wp_update_attachment_metadata($attach_id, $attach_data);
-
-                        // And finally assign featured image to post
-                        $set_thumb = set_post_thumbnail($post_id, $attach_id);
-                        if ($set_thumb != false) {
-                            $response['status'] = 200;
-                            $response['success_action'] = '<a href="' . get_admin_url() . '/post.php?post=' . $post_id . '&action=edit" target="_blank">' . __('Edit', 'wp-amazon-shop') . '</a> | <a href="' . get_permalink($post_id) . '" target="_blank">' . __('View', 'wp-amazon-shop') . '</a>';
-                            $response['message'] = __('Imported successfully', 'wp-amazon-shop');
+                        //Allow following images type only to upload but other file type.
+                        $allowed_file_types = array( 'image/jpeg', 'image/png', 'image/gif' ); // Define allowed image types
+                        $file_info = new finfo(FILEINFO_MIME_TYPE);
+                        $file_type = $file_info->buffer($image_data);
+                        if (in_array($file_type, $allowed_file_types)) {
+                            // Check folder permission and define file location
+                            if (wp_mkdir_p($upload_dir['path'])) {
+                                $file = $upload_dir['path'] . '/' . $filename;
+                            } else {
+                                $file = $upload_dir['basedir'] . '/' . $filename;
+                            }
+
+                            // Create the image  file on the server
+                            file_put_contents($file, $image_data);
+
+                            // Check image file type
+                            $wp_filetype = wp_check_filetype($filename, null);
+
+                            // Set attachment data
+                            $attachment = array(
+                                'post_mime_type' => $wp_filetype['type'],
+                                'post_title' => sanitize_file_name($filename),
+                                'post_content' => '',
+                                'post_status' => 'inherit'
+                            );
+
+                            // Create the attachment
+                            $attach_id = wp_insert_attachment($attachment, $file, $post_id);
+
+                            // Include image.php
+                            require_once(ABSPATH . 'wp-admin/includes/image.php');
+
+                            // Define attachment metadata
+                            $attach_data = wp_generate_attachment_metadata($attach_id, $file);
+
+                            // Assign metadata to attachment
+                            wp_update_attachment_metadata($attach_id, $attach_data);
+
+                            // And finally assign featured image to post
+                            $set_thumb = set_post_thumbnail($post_id, $attach_id);
+                            // if ($set_thumb != false) {
+                                $response['status'] = 200;
+                                $response['success_action'] = '<a href="' . get_admin_url() . '/post.php?post=' . $post_id . '&action=edit" target="_blank">' . __('Edit', 'wp-amazon-shop') . '</a> | <a href="' . get_permalink($post_id) . '" target="_blank">' . __('View', 'wp-amazon-shop') . '</a>';
+                                $response['message'] = __('Imported successfully', 'wp-amazon-shop');
                         } else {
                             $response['status'] = 200;

wp-amazon-shop/trunk/includes/wp-amazon-shop-admin-api.php

@@ -307 +307 @@
      * @return void
      */
-    public function display_meta_box_field ( $field = array(), $post ) {
+    public function display_meta_box_field ( $field = array(), $post=null ) {
 
         if ( ! is_array( $field ) || 0 == count( $field ) ) return;

wp-amazon-shop/trunk/readme.txt

@@ -1 +1 @@
 === Dropshipping & Affiliation with Amazon ===
-Contributors: amadercode
+Contributors: amadercode,ttareq10
 Donate link: https://www.amadercode.com
 Tags: amazon, amazon shop,affiliate,amazon affiliate, dropship, amazon dropship,amazon product search, amazon product import,amazon product auto link
 Requires at least: 4.4
-Tested up to: 6.0.1
+Tested up to: 6.3.2
 WC requires at least: 4.0
-WC tested up to: 6.7.0
-Stable tag: 2.1.1
+WC tested up to: 8.2.1
+Stable tag: 2.1.3
 Requires PHP: 5.6.0
 License: GPLv2 or later

wp-amazon-shop/trunk/wp-amazon-shop.php

@@ -8 +8 @@
  * Author URI: http://www.amadercode.com/
  * Requires at least: 4.4
- * Tested up to: 6.0.1
+ * Tested up to: 6.3.2
  * WC requires at least: 3.0
- * WC tested up to: 6.7.0 
- * Stable tag: 2.1.2
+ * WC tested up to:  8.2.1 
+ * Stable tag: 2.1.3
  * Text Domain: wp-amazon-shop
  * Domain Path: /lang/