Changeset 3283287
- Timestamp:
- 04/28/2025 10:02:51 AM (11 months ago)
- Location:
- seur/trunk
- Files:
-
- 29 edited
-
classes/class-seur-collections.php (modified) (3 diffs)
-
classes/class-seur-global.php (modified) (3 diffs)
-
classes/class-seur-seguimiento.php (modified) (3 diffs)
-
classes/tcpdf/include/tcpdf_static.php (modified) (1 diff)
-
classes/tcpdf/tcpdf.php (modified) (1 diff)
-
core/functions/functions.php (modified) (13 diffs)
-
core/installer.php (modified) (20 diffs)
-
core/labels-cpt/labels-cpt.php (modified) (4 diffs)
-
core/pages/rates/custom-name-rates.php (modified) (1 diff)
-
core/pages/rates/seur-add-form.php (modified) (2 diffs)
-
core/pages/rates/seur-create-rate.php (modified) (1 diff)
-
core/pages/rates/seur-custom-rates.php (modified) (1 diff)
-
core/pages/rates/seur-delete.php (modified) (1 diff)
-
core/pages/rates/seur-edit-form.php (modified) (3 diffs)
-
core/pages/rates/seur-import-custom-rates.php (modified) (13 diffs)
-
core/pages/rates/seur-update.php (modified) (2 diffs)
-
core/pages/setting-options/advanced-settings.php (modified) (2 diffs)
-
core/pages/setting-options/user-settings.php (modified) (1 diff)
-
core/pages/seur-get-labels.php (modified) (3 diffs)
-
core/pages/status/status-check.php (modified) (1 diff)
-
core/tracking/back/tracking-back.php (modified) (1 diff)
-
core/woocommerce/includes/class-seur_local_shipping_method.php (modified) (2 diffs)
-
core/woocommerce/includes/class-wc-shipping-seur.php (modified) (1 diff)
-
core/woocommerce/includes/metabox/seur-metabox.php (modified) (3 diffs)
-
core/woocommerce/includes/seur-woo-functions.php (modified) (6 diffs)
-
core/woocommerce/seur-woocommerce.php (modified) (2 diffs)
-
loader.php (modified) (2 diffs)
-
readme.txt (modified) (2 diffs)
-
uninstall.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
seur/trunk/classes/class-seur-collections.php
r3191344 r3283287 14 14 15 15 private string $seur_adr; 16 /** 17 * @var false|mixed 18 */ 19 private mixed $client_secret; 20 /** 21 * @var false|mixed 22 */ 23 private mixed $accountnumber; 24 /** 25 * @var false|mixed 26 */ 27 private mixed $nif; 28 /** 29 * @var false|mixed 30 */ 31 private mixed $phone; 16 private $client_secret; 17 private $accountnumber; 18 private $nif; 19 private $phone; 32 20 private string $name; 33 /** 34 * @var false|mixed 35 */ 36 private mixed $email; 21 private $email; 37 22 private string $streetname; 38 /** 39 * @var false|mixed 40 */ 41 private mixed $cityname; 42 /** 43 * @var false|mixed 44 */ 45 private mixed $postalcode; 46 /** 47 * @var false|mixed 48 */ 49 private mixed $country; 23 private $cityname; 24 private $postalcode; 25 private $country; 50 26 private string $token; 51 27 … … 211 187 } 212 188 if ( seur()->log_is_acive() ) { 213 seur()->slog( '$response_body: ' . print_r( $result, true 189 seur()->slog( '$response_body: ' . print_r( $result, true) ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_print_r 214 190 } 215 191 return json_decode( $result, true ); … … 238 214 if ( seur()->log_is_acive() ) { 239 215 seur()->slog( 'Cancelando recogida con referencia: ' . $reference ); 240 seur()->slog( 'Data enviada: ' . print_r( $data, true ));216 seur()->slog( 'Data enviada: ' . $data); 241 217 } 242 218 -
seur/trunk/classes/class-seur-global.php
r3261412 r3283287 1071 1071 public function is_seur_order($order_id) { 1072 1072 global $wpdb; 1073 global $post; 1074 $sql = $wpdb->prepare( 1075 "SELECT distinct o.order_id 1076 FROM {$wpdb->prefix}woocommerce_order_items o 1077 inner join {$wpdb->prefix}woocommerce_order_itemmeta om on om.order_item_id = o.order_item_id 1078 where om.meta_key = %s and (om.meta_value like %s) 1079 AND o.order_id = %d 1080 UNION 1081 SELECT distinct p.ID 1082 FROM {$wpdb->prefix}posts p 1083 inner join {$wpdb->prefix}postmeta m on m.post_id = p.ID 1084 where post_type = %s 1085 and meta_key like %s 1086 and ID = %d", 1087 ['method_id', 'seur', $order_id, 'shop_order', 'shipping', $post->ID] 1088 ); 1089 $sql = str_replace('seur', '%seur%', $sql); 1090 $sql = str_replace('shipping', '_seur_shipping%', $sql); 1091 1092 $result = $wpdb->get_results($sql); 1073 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom query required, no core function available 1074 $result = $wpdb->get_results( 1075 $wpdb->prepare( 1076 "SELECT DISTINCT o.order_id 1077 FROM {$wpdb->prefix}woocommerce_order_items o 1078 INNER JOIN {$wpdb->prefix}woocommerce_order_itemmeta om ON om.order_item_id = o.order_item_id 1079 WHERE om.meta_key = %s AND om.meta_value LIKE %s 1080 AND o.order_id = %d 1081 UNION 1082 SELECT DISTINCT p.ID 1083 FROM {$wpdb->prefix}posts p 1084 INNER JOIN {$wpdb->prefix}postmeta m ON m.post_id = p.ID 1085 WHERE post_type = %s 1086 AND meta_key LIKE %s 1087 AND ID = %d", 1088 [ 1089 'method_id', 1090 '%seur%', 1091 $order_id, 1092 'shop_order', 1093 '_seur_shipping%', 1094 $order_id 1095 ] 1096 )); 1097 //var_dump($wpdb->last_query); die; 1093 1098 return !empty($result); 1094 1099 } … … 1096 1101 public function is_seur_local_method($custom_rate_id) { 1097 1102 global $wpdb; 1103 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom query required, no core function available 1098 1104 return $wpdb->get_results($wpdb->prepare( 1099 1105 "SELECT ID … … 1151 1157 return (!empty($label_ids)); 1152 1158 } 1159 1160 public function seur_download_rates_csv() { 1161 global $wpdb; 1162 $table_name = $wpdb->prefix . 'seur_custom_rates'; 1163 // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.DirectDatabaseQuery.DirectQuery -- Table name is hardcoded and safe 1164 $rates = $wpdb->get_results( "SELECT * FROM {$table_name}", ARRAY_A ); 1165 1166 if ( empty( $rates ) ) { 1167 wp_die( 'No hay tarifas para exportar.' ); 1168 } 1169 1170 // Limpiar el buffer de salida para evitar HTML no deseado 1171 ob_clean(); 1172 header( 'Content-Type: text/csv; charset=utf-8' ); 1173 header( 'Content-Disposition: attachment; filename=seur_tarifas_actuales.csv' ); 1174 header( 'Pragma: no-cache' ); 1175 header( 'Expires: 0' ); 1176 1177 // Abrir salida para CSV 1178 $output = fopen( 'php://output', 'w' ); 1179 1180 // Reemplazar los saltos de línea en los códigos postales para exportar 1181 // Eliminar las columnas "created_at" y "updated_at" 1182 foreach ( $rates as &$row ) { 1183 $row['postcode'] = str_replace("\r\n", "|", $row['postcode']); 1184 unset( $row['created_at'], $row['updated_at'] ); 1185 } 1186 unset($row); // Para evitar referencias inesperadas 1187 1188 // Escribir encabezados sin las columnas eliminadas 1189 fputcsv( $output, array_keys( $rates[0] ) ); 1190 1191 // Escribir filas sin las columnas eliminadas 1192 foreach ( $rates as $row ) { 1193 fputcsv( $output, $row ); 1194 } 1195 1196 // Cerrar salida 1197 fclose( $output ); // phpcs:ignore WordPress.WP.AlternativeFunctions.file_system_operations_fclose -- php://output is not a real file and WP_Filesystem is not applicable 1198 1199 // Detener la ejecución de WordPress 1200 exit; 1201 } 1153 1202 } 1154 1203 -
seur/trunk/classes/class-seur-seguimiento.php
r3234068 r3283287 93 93 $ref = get_post_meta( $label_id, '_seur_shipping_id_number', true); 94 94 95 $url_call = $this->seur_adr . '?ref=' . $ref . '&refType=REFERENCE &idNumber=' . $this->id_number.95 $url_call = $this->seur_adr . '?ref=' . $ref . '&refType=REFERENCE' . 96 96 '&accountNumber=' . $this->accoun_number . '&businessUnit=' . $this->business_unit; 97 97 … … 146 146 function getStatusExpedition($eventCode) { 147 147 global $wpdb; 148 // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Table name is hardcoded and safe, no caching applicable 148 149 $result = $wpdb->get_results($wpdb->prepare( 149 150 "SELECT * FROM {$wpdb->prefix}seur_status WHERE cod_situ = %s", … … 167 168 $order_id = get_post_meta( $label_id, '_seur_shipping_order_id', true); 168 169 if ($expeditionStatusKey = getExpeditionStatusKey($expeditionStatus)) { 170 // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Table name is hardcoded and safe, no caching applicable 169 171 $wpdb->query($wpdb->prepare( 170 172 "UPDATE {$wpdb->prefix}wc_order_stats SET status=%s WHERE order_id = %d", -
seur/trunk/classes/tcpdf/include/tcpdf_static.php
r3176965 r3283287 348 348 header('Content-Length: '.$length); 349 349 } 350 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Output is pdf data, escaping not appropriate. 350 351 echo $data; 351 352 } -
seur/trunk/classes/tcpdf/tcpdf.php
r3176965 r3283287 7652 7652 TCPDF_STATIC::sendOutputData($this->getBuffer(), $this->bufferlen); 7653 7653 } else { 7654 // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- Output is pdf data, escaping not appropriate. 7654 7655 echo $this->getBuffer(); 7655 7656 } -
seur/trunk/core/functions/functions.php
r3264469 r3283287 125 125 function seur_custom_rates_load_js() { 126 126 127 wp_enqueue_script( 'custom-rates-seur', SEUR_PLUGIN_URL . 'assets/js/custom-rates.js', array(), SEUR_OFFICIAL_VERSION 128 wp_enqueue_script( 'jquery-datattables-seur-rates', SEUR_PLUGIN_URL . 'assets/js/jquery.dataTables.min.js', array( 'jquery', 'jquery-ui-core' ), SEUR_OFFICIAL_VERSION );129 wp_enqueue_script( 'jqueryui-datattables-seur-rates', SEUR_PLUGIN_URL . 'assets/js/dataTables.jqueryui.min.js', array( 'jquery', 'jquery-ui-core' ), SEUR_OFFICIAL_VERSION );130 wp_enqueue_script( 'datattables-seur-rates', SEUR_PLUGIN_URL . 'assets/js/datatables.min.js', array( 'jquery-datattables-seur-rates' ), SEUR_OFFICIAL_VERSION );131 wp_enqueue_script( 'custom-table-seur-rates', SEUR_PLUGIN_URL . 'assets/js/seur-custom-rates.js', array( 'datattables-seur-rates', 'jquery-ui-autocomplete' ), SEUR_OFFICIAL_VERSION );127 wp_enqueue_script( 'custom-rates-seur', SEUR_PLUGIN_URL . 'assets/js/custom-rates.js', array(), SEUR_OFFICIAL_VERSION, true); 128 wp_enqueue_script( 'jquery-datattables-seur-rates', SEUR_PLUGIN_URL . 'assets/js/jquery.dataTables.min.js', array( 'jquery', 'jquery-ui-core' ), SEUR_OFFICIAL_VERSION, true ); 129 wp_enqueue_script( 'jqueryui-datattables-seur-rates', SEUR_PLUGIN_URL . 'assets/js/dataTables.jqueryui.min.js', array( 'jquery', 'jquery-ui-core' ), SEUR_OFFICIAL_VERSION, true ); 130 wp_enqueue_script( 'datattables-seur-rates', SEUR_PLUGIN_URL . 'assets/js/datatables.min.js', array( 'jquery-datattables-seur-rates' ), SEUR_OFFICIAL_VERSION, true ); 131 wp_enqueue_script( 'custom-table-seur-rates', SEUR_PLUGIN_URL . 'assets/js/seur-custom-rates.js', array( 'datattables-seur-rates', 'jquery-ui-autocomplete' ), SEUR_OFFICIAL_VERSION, true ); 132 132 $seurratesphpfiles = array( 133 133 'pathtorates' => SEUR_PLUGIN_URL . 'core/pages/rates/', … … 140 140 */ 141 141 function seur_select2_load_js() { 142 wp_enqueue_script( 'seur-select2', SEUR_PLUGIN_URL . 'assets/js/select2.js', array( 'jquery', 'jquery-ui-core' ), SEUR_OFFICIAL_VERSION );142 wp_enqueue_script( 'seur-select2', SEUR_PLUGIN_URL . 'assets/js/select2.js', array( 'jquery', 'jquery-ui-core' ), SEUR_OFFICIAL_VERSION, true ); 143 143 } 144 144 … … 147 147 */ 148 148 function seur_settings_load_js() { 149 wp_enqueue_script( 'seur-tooltip', SEUR_PLUGIN_URL . 'assets/js/tooltip.js', array( 'jquery-ui-tooltip' ), SEUR_OFFICIAL_VERSION );150 wp_enqueue_script( 'seur-switchery', SEUR_PLUGIN_URL . 'assets/js/switchery.min.js', array(), SEUR_OFFICIAL_VERSION );151 wp_enqueue_script( 'seur-admin', SEUR_PLUGIN_URL . 'assets/js/seur-advanced-settings.js', array(), SEUR_OFFICIAL_VERSION );149 wp_enqueue_script( 'seur-tooltip', SEUR_PLUGIN_URL . 'assets/js/tooltip.js', array( 'jquery-ui-tooltip' ), SEUR_OFFICIAL_VERSION, true ); 150 wp_enqueue_script( 'seur-switchery', SEUR_PLUGIN_URL . 'assets/js/switchery.min.js', array(), SEUR_OFFICIAL_VERSION, false ); 151 wp_enqueue_script( 'seur-admin', SEUR_PLUGIN_URL . 'assets/js/seur-advanced-settings.js', array(), SEUR_OFFICIAL_VERSION, true ); 152 152 } 153 153 … … 156 156 */ 157 157 function seur_select2_custom_load_js() { 158 wp_enqueue_script( 'seur-select2custom', SEUR_PLUGIN_URL . 'assets/js/select2custom.js', array( 'seur-select2' ), SEUR_OFFICIAL_VERSION );158 wp_enqueue_script( 'seur-select2custom', SEUR_PLUGIN_URL . 'assets/js/select2custom.js', array( 'seur-select2' ), SEUR_OFFICIAL_VERSION, true ); 159 159 } 160 160 … … 163 163 */ 164 164 function seur_auto_country_state_js() { 165 wp_enqueue_script( 'seur-country-state', SEUR_PLUGIN_URL . 'assets/js/seur-country-state.js', array( 'jquery' ), SEUR_OFFICIAL_VERSION );165 wp_enqueue_script( 'seur-country-state', SEUR_PLUGIN_URL . 'assets/js/seur-country-state.js', array( 'jquery' ), SEUR_OFFICIAL_VERSION, true ); 166 166 } 167 167 … … 170 170 */ 171 171 function seur_datepicker_js() { 172 wp_enqueue_script( 'seur-datepicker', SEUR_PLUGIN_URL . 'assets/js/seur-datepicker.js', array( 'jquery', 'jquery-ui-datepicker' ), SEUR_OFFICIAL_VERSION );172 wp_enqueue_script( 'seur-datepicker', SEUR_PLUGIN_URL . 'assets/js/seur-datepicker.js', array( 'jquery', 'jquery-ui-datepicker' ), SEUR_OFFICIAL_VERSION, true ); 173 173 } 174 174 … … 177 177 */ 178 178 function seur_status_js() { 179 wp_enqueue_script( 'seur-status', SEUR_PLUGIN_URL . 'assets/js/seur-report.js', array( 'jquery' ), SEUR_OFFICIAL_VERSION );179 wp_enqueue_script( 'seur-status', SEUR_PLUGIN_URL . 'assets/js/seur-report.js', array( 'jquery' ), SEUR_OFFICIAL_VERSION, true ); 180 180 } 181 181 … … 187 187 188 188 if ( 'seur' == $post_type ) { 189 wp_enqueue_script( 'seur-lavels-script_compatibility', SEUR_PLUGIN_URL . 'assets/js/pdf/compatibility.js', array(), SEUR_OFFICIAL_VERSION 190 wp_enqueue_script( 'seur-lavels-script_l10n', SEUR_PLUGIN_URL . 'assets/js/pdf/l10n.js', array(), SEUR_OFFICIAL_VERSION );191 wp_enqueue_script( 'seur-lavels-script_pdf', SEUR_PLUGIN_URL . 'assets/js/pdf/pdf.js', array(), SEUR_OFFICIAL_VERSION );192 wp_enqueue_script( 'seur-lavels-script_viewer', SEUR_PLUGIN_URL . 'assets/js/pdf/viewer.js', array(), SEUR_OFFICIAL_VERSION );189 wp_enqueue_script( 'seur-lavels-script_compatibility', SEUR_PLUGIN_URL . 'assets/js/pdf/compatibility.js', array(), SEUR_OFFICIAL_VERSION, true); 190 wp_enqueue_script( 'seur-lavels-script_l10n', SEUR_PLUGIN_URL . 'assets/js/pdf/l10n.js', array(), SEUR_OFFICIAL_VERSION, true ); 191 wp_enqueue_script( 'seur-lavels-script_pdf', SEUR_PLUGIN_URL . 'assets/js/pdf/pdf.js', array(), SEUR_OFFICIAL_VERSION, true ); 192 wp_enqueue_script( 'seur-lavels-script_viewer', SEUR_PLUGIN_URL . 'assets/js/pdf/viewer.js', array(), SEUR_OFFICIAL_VERSION , true); 193 193 $translation_array = array( 194 194 'path_js_pdf' => SEUR_PLUGIN_URL . 'assets/js/pdf', … … 538 538 function seur_get_countries_states( $country ) { 539 539 540 if (!preg_match('/^[A-Z]{2}$/', $country)) { 541 return false; 542 } 543 540 544 $states = array(); 541 545 $states_file = SEUR_PLUGIN_PATH . 'core/places/states/' . $country . '.php'; … … 559 563 global $wpdb; 560 564 $table = $wpdb->prefix . SEUR_TBL_SCR; 561 $query = $wpdb->prepare( "SELECT * FROM $table WHERE type = %s ORDER BY ID ASC", $type ); 562 return $wpdb->get_results( $query, $output_type ); 565 566 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table lookup, no caching applicable 567 return $wpdb->get_results( 568 $wpdb->prepare("SELECT * FROM $table WHERE type = %s ORDER BY ID ASC", $type) // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Table name is safe and hardcoded 569 , $output_type 570 ); 563 571 } 564 572 … … 593 601 function seur_search_availables_rates( $country = '*', $state = '*', $postcode = '*', $price_weight = 0 ) { 594 602 global $wpdb; 603 595 604 $type = get_option( 'seur_rates_type_field' ); // 'price' o 'weight', definido en la configuración de SEUR 596 605 $table = $wpdb->prefix . SEUR_TBL_SCR; 597 606 598 $query = " 599 SELECT * 600 FROM $table 601 WHERE type = %s 602 AND country = COALESCE( 603 (SELECT %s 604 FROM $table 605 WHERE type = %s 606 AND country = %s 607 AND (state = %s OR state = '*') 608 AND (min".$type." <= %f AND max".$type." > %f) 609 LIMIT 1), 610 '*' 611 ) 612 AND state = COALESCE( 613 (SELECT %s 614 FROM $table 615 WHERE type = %s 616 AND (country = %s OR country = '*') 617 AND state = %s 618 AND (min".$type." <= %f AND max".$type." > %f) 619 LIMIT 1), 620 '*' 621 ) 622 AND min".$type." <= %f 623 AND max".$type." > %f 624 ORDER BY ID ASC;"; 625 626 $query = $wpdb->prepare( 627 $query, 628 $type, 629 $country, $type, $country, $state, $price_weight, $price_weight, 630 $state, $type, $country, $state, $price_weight, $price_weight, 631 $price_weight, $price_weight 632 ); 633 634 $results = $wpdb->get_results($query, 'ARRAY_A'); 635 636 // Filtrar resultados 637 $filteredResults = array_filter($results, function ($row) use ($postcode) { 638 return matchPostcode($postcode, $row['postcode']); 607 $valid_types = [ 'price', 'weight' ]; 608 if ( ! in_array( $type, $valid_types, true ) ) { 609 return []; // Tipo no válido 610 } 611 612 $min_col = 'min' . $type; 613 $max_col = 'max' . $type; 614 615 $sql = "SELECT * 616 FROM $table 617 WHERE type = %s 618 AND country = COALESCE( 619 (SELECT country 620 FROM $table 621 WHERE type = %s 622 AND country = %s 623 AND (state = %s OR state = '*') 624 AND ($min_col <= %f AND $max_col > %f) 625 LIMIT 1), 626 '*' 627 ) 628 AND state = COALESCE( 629 (SELECT state 630 FROM $table 631 WHERE type = %s 632 AND (country = %s OR country = '*') 633 AND state = %s 634 AND ($min_col <= %f AND $max_col > %f) 635 LIMIT 1), 636 '*' 637 ) 638 AND $min_col <= %f 639 AND $max_col > %f 640 ORDER BY ID ASC;"; 641 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.PreparedSQL.NotPrepared -- Custom table lookup, no caching applicable, Table name safe and hardcoded and Query prepared in the line above 642 $results = $wpdb->get_results( 643 644 $wpdb->prepare( 645 $sql // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared -- Query prepared in the line above 646 ,$type, 647 $type, $country, $state, $price_weight, $price_weight, 648 $type, $country, $state, $price_weight, $price_weight, 649 $price_weight, $price_weight 650 ), ARRAY_A ); 651 652 // Filtrar por código postal 653 $filteredResults = array_filter( $results, function ( $row ) use ( $postcode ) { 654 return matchPostcode( $postcode, $row['postcode'] ); 639 655 }); 640 656 657 // Registrar en el log si está activado 641 658 if ( defined( 'WP_DEBUG' ) && WP_DEBUG ) { 642 659 $log = new WC_Logger(); 643 $log->add( 'seur', 'Tarifas disponibles encontradas: ' . print_r( $filteredResults, true ) ); 644 } 660 $log->add( 'seur', 'Tarifas disponibles encontradas: ' . print_r( $filteredResults, true ) ); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_print_r 661 } 662 645 663 return $filteredResults; 646 664 } … … 1710 1728 1711 1729 // Obtener los nuevos valores de los campos desde $_POST 1712 $new_shipping_address = [ 1713 'first_name' => isset($_POST['_shipping_first_name']) ? sanitize_text_field($_POST['_shipping_first_name']) : '', 1714 'last_name' => isset($_POST['_shipping_last_name']) ? sanitize_text_field($_POST['_shipping_last_name']) : '', 1715 'company' => isset($_POST['_shipping_company']) ? sanitize_text_field($_POST['_shipping_company']) : '', 1716 'address_1' => isset($_POST['_shipping_address_1']) ? sanitize_text_field($_POST['_shipping_address_1']) : '', 1717 'address_2' => isset($_POST['_shipping_address_2']) ? sanitize_text_field($_POST['_shipping_address_2']) : '', 1718 'city' => isset($_POST['_shipping_city']) ? sanitize_text_field($_POST['_shipping_city']) : '', 1719 'state' => isset($_POST['_shipping_state']) ? sanitize_text_field($_POST['_shipping_state']) : '', 1720 'postcode' => isset($_POST['_shipping_postcode']) ? sanitize_text_field($_POST['_shipping_postcode']) : '', 1721 'country' => isset($_POST['_shipping_country']) ? sanitize_text_field($_POST['_shipping_country']) : '', 1722 'phone' => isset($_POST['_shipping_phone']) ? sanitize_text_field($_POST['_shipping_phone']) : '', 1723 'customer_note' => isset($_POST['_customer_note']) ? sanitize_text_field($_POST['_customer_note']) : '', 1724 ]; 1730 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended 1731 $new_shipping_address['first_name'] = isset($_POST['_shipping_first_name']) ? sanitize_text_field(wp_unslash($_POST['_shipping_first_name'])) : ''; 1732 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended 1733 $new_shipping_address['last_name'] = isset($_POST['_shipping_last_name']) ? sanitize_text_field(wp_unslash($_POST['_shipping_last_name'])) : ''; 1734 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended 1735 $new_shipping_address['company'] = isset($_POST['_shipping_company']) ? sanitize_text_field(wp_unslash($_POST['_shipping_company'])) : ''; 1736 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended 1737 $new_shipping_address['address_1'] = isset($_POST['_shipping_address_1']) ? sanitize_text_field(wp_unslash($_POST['_shipping_address_1'])) : ''; 1738 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended 1739 $new_shipping_address['address_2'] = isset($_POST['_shipping_address_2']) ? sanitize_text_field(wp_unslash($_POST['_shipping_address_2'])) : ''; 1740 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended 1741 $new_shipping_address['city'] = isset($_POST['_shipping_city']) ? sanitize_text_field(wp_unslash($_POST['_shipping_city'])) : ''; 1742 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended 1743 $new_shipping_address['state'] = isset($_POST['_shipping_state']) ? sanitize_text_field(wp_unslash($_POST['_shipping_state'])) : ''; 1744 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended 1745 $new_shipping_address['postcode'] = isset($_POST['_shipping_postcode']) ? sanitize_text_field(wp_unslash($_POST['_shipping_postcode'])) : ''; 1746 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended 1747 $new_shipping_address['country'] = isset($_POST['_shipping_country']) ? sanitize_text_field(wp_unslash($_POST['_shipping_country'])) : ''; 1748 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended 1749 $new_shipping_address['phone'] = isset($_POST['_shipping_phone']) ? sanitize_text_field(wp_unslash($_POST['_shipping_phone'])) : ''; 1750 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended 1751 $new_shipping_address['customer_note'] = isset($_POST['_customer_note']) ? sanitize_text_field(wp_unslash($_POST['_customer_note'])) : ''; 1725 1752 1726 1753 // Validaciones … … 1803 1830 ob_start(); 1804 1831 include $file_path; 1805 $ output = ob_get_clean();1806 echo $output;1832 $data = include $file_path; 1833 echo esc_html($data); 1807 1834 } else { 1808 1835 echo "Error: No se encontró el archivo de procesamiento."; -
seur/trunk/core/installer.php
r3261412 r3283287 14 14 function deleteTableSeurSpvr() { 15 15 global $wpdb; 16 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.DirectDatabaseQuery.SchemaChange -- Custom table drop, no caching applicable 16 17 $wpdb->query( "DROP TABLE IF EXISTS {$wpdb->prefix}seur_svpr" ); 17 18 } … … 22 23 if ( $seur_table_version_saved !== '1.0.5' && SEUR_TABLE_VERSION === '1.0.5' ) { 23 24 global $wpdb; 25 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table deletion, no caching applicable 24 26 $wpdb->query( "DELETE FROM {$wpdb->prefix}actionscheduler_actions WHERE hook='seur_get_token_hook'" ); 25 27 update_option( 'seur_table_version', SEUR_TABLE_VERSION ); … … 72 74 include_once plugin_dir_path( __FILE__ ).'../data/seur-products.php'; 73 75 $products = get_seur_product(); 74 76 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table lookup, no caching applicable 75 77 $ratesCustomNames = $wpdb->get_results($wpdb->prepare(" 76 78 SELECT option_name, option_value as custom_name … … 88 90 } 89 91 } 90 92 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table lookup, no caching applicable 91 93 $ordersShippingMethods = $wpdb->get_results($wpdb->prepare(" 92 94 select order_id, order_item_name … … 545 547 global $wpdb; 546 548 $table_name = $wpdb->prefix . 'seur_custom_rates'; 547 549 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 548 550 $wpdb->insert( 549 551 $table_name, … … 561 563 ) 562 564 ); 565 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 563 566 $wpdb->insert( 564 567 $table_name, … … 576 579 ) 577 580 ); 581 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 578 582 $wpdb->insert( 579 583 $table_name, … … 591 595 ) 592 596 ); 597 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 593 598 $wpdb->insert( 594 599 $table_name, … … 606 611 ) 607 612 ); 613 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 608 614 $wpdb->insert( 609 615 $table_name, … … 621 627 ) 622 628 ); 629 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 623 630 $wpdb->insert( 624 631 $table_name, … … 636 643 ) 637 644 ); 645 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 638 646 $wpdb->insert( 639 647 $table_name, … … 651 659 ) 652 660 ); 661 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 653 662 $wpdb->insert( 654 663 $table_name, … … 666 675 ) 667 676 ); 677 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 668 678 $wpdb->insert( 669 679 $table_name, … … 681 691 ) 682 692 ); 693 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 683 694 $wpdb->insert( 684 695 $table_name, … … 696 707 ) 697 708 ); 709 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 698 710 $wpdb->insert( 699 711 $table_name, … … 711 723 ) 712 724 ); 725 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 713 726 $wpdb->insert( 714 727 $table_name, … … 726 739 ) 727 740 ); 741 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 728 742 $wpdb->insert( 729 743 $table_name, … … 741 755 ) 742 756 ); 757 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 743 758 $wpdb->insert( 744 759 $table_name, … … 756 771 ) 757 772 ); 773 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 758 774 $wpdb->insert( 759 775 $table_name, … … 884 900 885 901 // Verificar si la columna 'postcode' existe antes de modificarla 902 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Custom table alter, no caching applicable 886 903 $column_exists = $wpdb->get_results("SHOW COLUMNS FROM `$table_name` LIKE '$column_name'"); 887 904 if (!empty($column_exists)) { 888 905 // Modificar la columna 'postcode' a VARCHAR(200) con valor por defecto '*' 906 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.DirectDatabaseQuery.SchemaChange, WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Custom table alter, no caching applicable 889 907 $wpdb->query("ALTER TABLE `$table_name` MODIFY `$column_name` VARCHAR(200) NOT NULL DEFAULT '*'"); 890 908 update_option('seur_db_version', SEUR_DB_VERSION); -
seur/trunk/core/labels-cpt/labels-cpt.php
r3261412 r3283287 451 451 } 452 452 453 $current_order_id = 0; 453 454 foreach($id_orders as $label_id => $id_order) 454 455 { 456 if ($current_order_id == $id_order) { 457 continue; 458 } 455 459 $order = wc_get_order( $id_order ); 456 460 … … 469 473 470 474 $ecbs = $order->get_meta('_seur_label_ecbs', true); 475 if (is_serialized($ecbs)) { 476 $ecbs = unserialize($ecbs); 477 } 471 478 $order_manifest['ecbs'] = $ecbs; 472 479 $order_manifest['producto'] = get_post_meta( $label_id, '_seur_shipping_product', true ); 473 480 $order_manifest['servicio'] = get_post_meta( $label_id, '_seur_shipping_service', true ); 474 $order_manifest['bultos'] = get_post_meta( $label_id, '_seur_shipping_packages', true);475 $order_manifest['peso'] = get_post_meta( $label_id, '_seur_shipping_weight', true);481 $order_manifest['bultos'] = $order->get_meta('_seur_shipping_packages', true); 482 $order_manifest['peso'] = $order->get_meta('_seur_shipping_weight', true); 476 483 $order_manifest['otros'] = get_post_meta( $label_id, '_seur_shipping_order_customer_comments', true ); 477 484 $order_manifest['cashondelivery'] = 0; … … 481 488 482 489 update_post_meta( $label_id, '_seur_shipping_manifested', 1 ); 490 491 if ($current_order_id !== $id_order) { 492 $current_order_id = $id_order; 493 } 483 494 } 484 495 … … 661 672 <td colspan="2">'.$order['otros'].'</td> 662 673 <td>0.0</td> 663 <td>'. $order['peso'].'</td>674 <td>'. round($order['peso']/$order['bultos'], 2).'</td> 664 675 <td>0</td> 665 676 <td>0</td> -
seur/trunk/core/pages/rates/custom-name-rates.php
r3179024 r3283287 22 22 foreach ($products as $custom_name => $product) { 23 23 $rate_name_value = ''; 24 if (isset($_POST[$product['field'].'_custom_name_field'])) { 25 $rate_name_value = sanitize_text_field(wp_unslash($_POST[$product['field'] . '_custom_name_field'])); 24 25 $field_key = $product['field'] . '_custom_name_field'; 26 if ( isset( $_POST[ $field_key ] ) ) { 27 $rate_name_value = sanitize_text_field( wp_unslash( $_POST[ $field_key ] ) ); 26 28 } 27 29 update_option($product['field'] . '_custom_name_field', $rate_name_value); -
seur/trunk/core/pages/rates/seur-add-form.php
r3261412 r3283287 44 44 <form method='post' id='emp-SaveForm' action="#"> 45 45 <?php esc_html_e( 'Include the rates of the transport options that your customers can choose', 'seur' ); ?> 46 <input type='hidden' name='new_seur_rate_nonce_field' value='<?php echo esc_attr( wp_create_nonce( 'new_seur_rate_nonce_field' ) ); ?>' /> 46 47 <table class='table table-bordered'> 47 48 <tr> … … 78 79 <td><?php esc_html_e( 'Postcode', 'seur' ); ?></td> 79 80 <td><textarea title="<?php esc_html_e( 'Type a Postcode', 'seur' ); ?>" name="postcode" id="postcode" placeholder="<?php echo esc_html("List 1 postcode per line");?>" class="form-control" cols="29" rows="5" required=""></textarea> 80 <br><span class="description"><?php echo SEUR_RATES_POSTALCODE_DESCRIPTION . esc_html__('Add 1 per line'); ?></span>81 <br><span class="description"><?php echo esc_html(SEUR_RATES_POSTALCODE_DESCRIPTION) . esc_html__('Add 1 per line', 'seur'); ?></span> 81 82 </td> 82 83 </tr> -
seur/trunk/core/pages/rates/seur-create-rate.php
r3261412 r3283287 68 68 $seur_maxweight = '9999999'; 69 69 } 70 // phpcs:ignore WordPress.DB.DirectDatabaseQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Safe custom table insertion not caching applicable 70 71 $wpdb->insert( 71 72 $table, -
seur/trunk/core/pages/rates/seur-custom-rates.php
r3254005 r3283287 10 10 } 11 11 $rates_type = get_option( 'seur_rates_type_field' ); 12 12 // phpcs:ignore WordPress.Security.NonceVerification.Recommended -- It's a link, no form to verify 13 13 if ( isset( $_GET['action'] ) && $_GET['action'] === 'download_seur_rates_csv' ) { 14 global $wpdb; 15 $table_name = $wpdb->prefix . 'seur_custom_rates'; 16 17 $rates = $wpdb->get_results( "SELECT * FROM {$table_name}", ARRAY_A ); 18 19 if ( empty( $rates ) ) { 20 wp_die( 'No hay tarifas para exportar.' ); 21 } 22 23 // Limpiar el buffer de salida para evitar HTML no deseado 24 ob_clean(); 25 header( 'Content-Type: text/csv; charset=utf-8' ); 26 header( 'Content-Disposition: attachment; filename=seur_tarifas_actuales.csv' ); 27 header( 'Pragma: no-cache' ); 28 header( 'Expires: 0' ); 29 30 // Abrir salida para CSV 31 $output = fopen( 'php://output', 'w' ); 32 33 // Eliminar las columnas "created_at" y "updated_at" 34 foreach ( $rates as &$row ) { 35 unset( $row['created_at'], $row['updated_at'] ); 36 } 37 unset($row); // Para evitar referencias inesperadas 38 39 // Escribir encabezados sin las columnas eliminadas 40 fputcsv( $output, array_keys( $rates[0] ) ); 41 42 // Escribir filas sin las columnas eliminadas 43 foreach ( $rates as $row ) { 44 fputcsv( $output, $row ); 45 } 46 47 // Cerrar salida 48 fclose( $output ); 49 50 // Detener la ejecución de WordPress 51 exit; 14 seur()->seur_download_rates_csv(); 52 15 } 53 16 ?> -
seur/trunk/core/pages/rates/seur-delete.php
r2643080 r3283287 14 14 */ 15 15 function seur_delete_rate() { 16 if ( sanitize_text_field( wp_unslash( $_POST['del_id'] ) ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated,WordPress.Security.NonceVerification.Missing 17 18 19 20 $id = sanitize_text_field( wp_unslash( $_POST['del_id'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated,WordPress.Security.NonceVerification.Missing 21 $table= $wpdb->prefix . 'seur_custom_rates';22 $getrates = $wpdb->get_results( "SELECT * FROM {$wpdb->prefix}seur_custom_rates ORDER BY ID ASC" ); 23 24 16 // phpcs:ignore WordPress.Security.NonceVerification.Missing -- Nonce verification is not applicable here, ajax request 17 if ( isset( $_POST['del_id'] ) ) { // Validación básica 18 global $wpdb; 19 // phpcs:ignore WordPress.Security.NonceVerification.Missing 20 $id = absint( wp_unslash( $_POST['del_id'] ) ); 21 $table = $wpdb->prefix . 'seur_custom_rates'; 22 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Safe custom table deletion no caching applicable 23 $wpdb->delete( $table, array( 'ID' => $id ), array( '%d' ) ); 24 } 25 25 } -
seur/trunk/core/pages/rates/seur-edit-form.php
r3261412 r3283287 15 15 function seur_edit_rate() { 16 16 17 17 if ( isset( $_GET['edit_id'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended 18 18 global $wpdb; 19 19 20 $id = sanitize_text_field( wp_unslash( $_GET['edit_id'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended 20 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended -- Nonce verification is not applicable here 21 $id = absint( wp_unslash( $_GET['edit_id'] ) ); 22 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table lookup by ID 21 23 $getrate = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}seur_custom_rates WHERE ID = %d", $id ) ); 22 24 $min_value = ($getrate->type=='price'? $getrate->minprice: $getrate->minweight); … … 46 48 <table class='table table-bordered'> 47 49 <input type='hidden' name='id' value='<?php echo esc_html( $getrate->ID ); ?>' /> 50 <input type='hidden' name='edit_rate_nonce_field' value='<?php echo esc_attr( wp_create_nonce( 'edit_rate_nonce_field' ) ); ?>' /> 51 48 52 <tr> 49 53 <td><?php esc_html_e( 'Rate', 'seur' ); ?></td> … … 137 141 <td><?php esc_html_e( 'Postcode', 'seur' ); ?></td> 138 142 <td><textarea title="<?php esc_html_e( 'Type a Postcode', 'seur' ); ?>" name="postcode" id="postcode" class="form-control" cols="29" rows="5" required=""><?php echo esc_html( $getrate->postcode ); ?></textarea> 139 <br><span class="description"><?php echo SEUR_RATES_POSTALCODE_DESCRIPTION . esc_html__('Add 1 per line'); ?></span>143 <br><span class="description"><?php echo esc_html(SEUR_RATES_POSTALCODE_DESCRIPTION) . esc_html__('Add 1 per line', 'seur'); ?></span> 140 144 </td> 141 145 </tr> -
seur/trunk/core/pages/rates/seur-import-custom-rates.php
r3261412 r3283287 15 15 if ( isset( $_POST['import_custom_rates'] ) && check_admin_referer( 'seur_import_custom_rates_nonce', 'seur_import_custom_rates_nonce_field' ) ) { 16 16 try { 17 // Validar que el archivo fue subido sin errores 18 if ( isset( $_FILES['csv_file'] ) && isset( $_FILES['csv_file']['error'] ) && $_FILES['csv_file']['error'] === UPLOAD_ERR_OK ) { 19 $file = $_FILES['csv_file']; 20 21 // Validar que el archivo es un CSV 22 $file_type = wp_check_filetype( $file['name'] ); 23 if ( $file_type['ext'] !== 'csv' ) { 17 18 if ( 19 isset( $_FILES['csv_file'] ) && 20 isset( $_FILES['csv_file']['error'] ) && 21 $_FILES['csv_file']['error'] === UPLOAD_ERR_OK 22 ) { 23 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated -- the input is validated in previous lines 24 $original_name = sanitize_file_name( $_FILES['csv_file']['name'] ); 25 // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated -- the input is validated in previous lines 26 $tmp_name = sanitize_text_field( $_FILES['csv_file']['tmp_name'] ); 27 28 $file_type = wp_check_filetype( $original_name ); 29 if ( $file_type['ext'] !== 'csv' ) { 24 30 echo '<div class="notice notice-error"><p>El archivo subido no es un CSV.</p></div>'; 25 31 } else { … … 44 50 } 45 51 46 $uploaded_file = $upload_path . sanitize_file_name( $file['name'] );47 48 if ( $wp_filesystem->put_contents( $uploaded_file, $wp_filesystem->get_contents( $file['tmp_name'] ), FS_CHMOD_FILE ) ) { 49 52 $uploaded_file = trailingslashit( $upload_path ) . $original_name; 53 if ( $wp_filesystem->put_contents( $uploaded_file, $wp_filesystem->get_contents( $tmp_name ), FS_CHMOD_FILE ) ) { 54 55 // Procesar el archivo CSV 50 56 $result = seur_process_csv( $uploaded_file ); 51 57 … … 76 82 } 77 83 } else { 78 echo '<div class="notice notice-error"><p>Error de seguridad. Por favor, recargue la página e inténtelo de nuevo.</p></div>'; 84 //verificar si se ha hecho submit 85 if ( isset( $_POST['import_custom_rates'] ) ) { 86 echo '<div class="notice notice-error"><p>Error de seguridad. Por favor, recargue la página e inténtelo de nuevo.</p></div>'; 87 } 79 88 } 80 89 81 90 if ( isset( $_GET['action'] ) && $_GET['action'] === 'download_seur_rates_csv' ) { 82 global $wpdb; 83 $table_name = $wpdb->prefix . 'seur_custom_rates'; 84 85 $rates = $wpdb->get_results( "SELECT * FROM {$table_name}", ARRAY_A ); 86 87 if ( empty( $rates ) ) { 88 wp_die( 'No hay tarifas para exportar.' ); 89 } 90 91 // Limpiar el buffer de salida para evitar HTML no deseado 92 ob_clean(); 93 header( 'Content-Type: text/csv; charset=utf-8' ); 94 header( 'Content-Disposition: attachment; filename=seur_tarifas_actuales.csv' ); 95 header( 'Pragma: no-cache' ); 96 header( 'Expires: 0' ); 97 98 // Abrir salida para CSV 99 $output = fopen( 'php://output', 'w' ); 100 101 // Reemplazar los saltos de línea en los códigos postales para exportar 102 // Eliminar las columnas "created_at" y "updated_at" 103 foreach ( $rates as &$row ) { 104 $row['postcode'] = str_replace("\r\n", "|", $row['postcode']); 105 unset( $row['created_at'], $row['updated_at'] ); 106 } 107 unset($row); // Para evitar referencias inesperadas 108 109 // Escribir encabezados sin las columnas eliminadas 110 fputcsv( $output, array_keys( $rates[0] ) ); 111 112 // Escribir filas sin las columnas eliminadas 113 foreach ( $rates as $row ) { 114 fputcsv( $output, $row ); 115 } 116 117 // Cerrar salida 118 fclose( $output ); 119 120 // Detener la ejecución de WordPress 121 exit; 91 seur()->seur_download_rates_csv(); 122 92 } 123 93 … … 132 102 133 103 // Iniciar una transacción 104 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using SQL transactions intentionally 134 105 $wpdb->query( 'START TRANSACTION' ); 135 106 … … 209 180 // Verificar si el ID existe 210 181 if ( !empty( $record['ID'] ) ) { 182 // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.DirectDatabaseQuery.DirectQuery -- Table name is hardcoded and safe 211 183 $existing_record = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}seur_custom_rates WHERE ID = %d", $record['ID'] ) ); 212 184 … … 220 192 } 221 193 if ( !empty( $update_data ) ) { 194 // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.DirectDatabaseQuery.DirectQuery -- Table name is hardcoded and safe 222 195 $wpdb->update( 223 196 "{$wpdb->prefix}seur_custom_rates", … … 238 211 239 212 // Insertar un nuevo registro 213 // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared, WordPress.DB.DirectDatabaseQuery.NoCaching, WordPress.DB.DirectDatabaseQuery.DirectQuery -- Table name is hardcoded and safe 240 214 $wpdb->insert( "{$wpdb->prefix}seur_custom_rates", array_filter( $record ) ); 241 215 } … … 244 218 // Comprobar si hay errores antes de confirmar o revertir la transacción 245 219 if ( !empty($error_messages) ) { 220 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using SQL transactions intentionally 246 221 $wpdb->query('ROLLBACK'); // Revertir la transacción 247 222 return [ … … 252 227 253 228 // Confirmar la transacción si no hay errores 229 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using SQL transactions intentionally 254 230 $wpdb->query('COMMIT'); 255 231 return [ … … 258 234 ]; 259 235 } else { 236 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using SQL transactions intentionally 260 237 $wpdb->query('ROLLBACK'); // Revertir la transacción 261 238 return [ … … 265 242 } 266 243 } catch ( Exception $e ) { 244 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Using SQL transactions intentionally 267 245 $wpdb->query('ROLLBACK'); // Revertir la transacción en caso de excepción 268 246 return [ … … 283 261 Los ejemplos deben ser eliminados antes de la importación final. 284 262 <br> 285 O bien descargue las tarifas actuales aquí í263 O bien descargue las tarifas actuales aquí 286 264 <a href="<?php echo esc_url( admin_url( 'admin.php?page=seur_rates_prices&tab=import_custom_rates&action=download_seur_rates_csv' ) ); ?>"> 287 265 Descargar Tarifas Actuales en CSV … … 300 278 <li><strong>country</strong>: País al que se aplica la tarifa. Use "*" para aplicar a todos los países.</li> 301 279 <li><strong>state</strong>: Estado o provincia al que se aplica la tarifa. Use "*" para aplicar a todos los estados.</li> 302 <li><strong>postcode</strong>: Código postal al que se aplica la tarifa. <?php echo SEUR_RATES_POSTALCODE_DESCRIPTION .' Separar los valores con "|", por ejemplo: 01*|02*|03001..03010'; ?></li>280 <li><strong>postcode</strong>: Código postal al que se aplica la tarifa. <?php echo esc_html(SEUR_RATES_POSTALCODE_DESCRIPTION) . esc_html(' Separar los valores con "|", por ejemplo: 01*|02*|03001..03010'); ?></li> 303 281 <li><strong>minprice</strong>: Precio mínimo para aplicar la tarifa.</li> 304 282 <li><strong>maxprice</strong>: Precio máximo para aplicar la tarifa.</li> -
seur/trunk/core/pages/rates/seur-update.php
r3261412 r3283287 64 64 } 65 65 66 $wpdb->update( 66 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table update, no caching applicable 67 $result = $wpdb->update( 67 68 $table, 68 69 array( … … 93 94 array( '%d' ) 94 95 ); 95 if ( ! $wpdb->insert_id) {96 if ( $result ) { 96 97 echo '<div class="notice notice-success">' . esc_html__( 'Rate successfully updated', 'seur' ) . '</div>'; 97 98 } else { -
seur/trunk/core/pages/setting-options/advanced-settings.php
r3261412 r3283287 207 207 } 208 208 209 210 209 function seur_uploads_dir_field() { 211 210 $uploads_dir = seur()->get_option('seur_uploads_dir'); 212 if ( !file_exists($uploads_dir)) {213 echo '<div id="seur_uploads_dir">' .esc_html('Directory not found').' 214 <button type="button" class="button" onclick="seur_create_upload_folder_ajax()">' .esc_html('Regenerate folder').'</button>211 if ( ! file_exists( $uploads_dir ) ) { 212 echo '<div id="seur_uploads_dir">' . esc_html( 'Directory not found' ) . ' 213 <button type="button" class="button" onclick="seur_create_upload_folder_ajax()">' . esc_html( 'Regenerate folder' ) . '</button> 215 214 </div>'; 216 215 } else { 217 echo '<div id="seur_uploads_dir">'.esc_html($uploads_dir).'</div>'; 218 if (!is_writable($uploads_dir)) { 219 echo '<br><strong>'.esc_html('Directory is not writable').'!!!</strong>'; 216 echo '<div id="seur_uploads_dir">' . esc_html( $uploads_dir ) . '</div>'; 217 218 // Inicializar WP_Filesystem si no está listo 219 if ( ! function_exists( 'request_filesystem_credentials' ) ) { 220 require_once ABSPATH . 'wp-admin/includes/file.php'; 221 } 222 global $wp_filesystem; 223 if ( WP_Filesystem( request_filesystem_credentials( '', '', false, false, null ) ) ) { 224 if ( ! $wp_filesystem->is_writable( $uploads_dir ) ) { 225 echo '<br><strong>' . esc_html( 'Directory is not writable' ) . '!!!</strong>'; 226 } 227 } else { 228 echo '<br><strong>' . esc_html( 'Could not initialize WP_Filesystem' ) . '</strong>'; 220 229 } 221 230 } … … 245 254 246 255 // register all setings. 247 register_setting( 'seur-advanced-settings-section', 'seur_activate_geolabel_field' ); 248 register_setting( 'seur-advanced-settings-section', 'seur_activate_free_shipping_field' ); 249 register_setting( 'seur-advanced-settings-section', 'seur_preaviso_notificar_field' ); 250 register_setting( 'seur-advanced-settings-section', 'seur_activate_local_pickup_field' ); 251 register_setting( 'seur-advanced-settings-section', 'seur_google_maps_api_field' ); 252 register_setting( 'seur-advanced-settings-section', 'seur_after_get_label_field' ); 253 register_setting( 'seur-advanced-settings-section', 'seur_preaviso_notificar_field' ); 254 register_setting( 'seur-advanced-settings-section', 'seur_reparto_notificar_field' ); 255 register_setting( 'seur-advanced-settings-section', 'seur_tipo_notificacion_field' ); 256 register_setting( 'seur-advanced-settings-section', 'seur_tipo_etiqueta_field' ); 257 register_setting( 'seur-advanced-settings-section', 'seur_aduana_origen_field' ); 258 register_setting( 'seur-advanced-settings-section', 'seur_aduana_destino_field' ); 259 register_setting( 'seur-advanced-settings-section', 'seur_tipo_mercancia_field' ); 260 register_setting( 'seur-advanced-settings-section', 'seur_id_mercancia_field' ); 261 register_setting( 'seur-advanced-settings-section', 'seur_descripcion_field' ); 262 register_setting( 'seur-advanced-settings-section', 'seur_uploads_dir' ); 263 256 register_setting( 'seur-advanced-settings-section', 'seur_activate_geolabel_field', [ 'sanitize_callback' => 'rest_sanitize_boolean' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 257 register_setting( 'seur-advanced-settings-section', 'seur_activate_free_shipping_field', [ 'sanitize_callback' => 'rest_sanitize_boolean' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 258 register_setting( 'seur-advanced-settings-section', 'seur_preaviso_notificar_field', [ 'sanitize_callback' => 'rest_sanitize_boolean' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 259 register_setting( 'seur-advanced-settings-section', 'seur_activate_local_pickup_field', [ 'sanitize_callback' => 'rest_sanitize_boolean' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 260 register_setting( 'seur-advanced-settings-section', 'seur_after_get_label_field', [ 'sanitize_callback' => 'rest_sanitize_boolean' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 261 register_setting( 'seur-advanced-settings-section', 'seur_reparto_notificar_field', [ 'sanitize_callback' => 'rest_sanitize_boolean' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 262 263 register_setting( 'seur-advanced-settings-section', 'seur_google_maps_api_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 264 register_setting( 'seur-advanced-settings-section', 'seur_tipo_notificacion_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 265 register_setting( 'seur-advanced-settings-section', 'seur_tipo_etiqueta_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 266 register_setting( 'seur-advanced-settings-section', 'seur_tipo_mercancia_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 267 register_setting( 'seur-advanced-settings-section', 'seur_id_mercancia_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 268 register_setting( 'seur-advanced-settings-section', 'seur_aduana_origen_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 269 register_setting( 'seur-advanced-settings-section', 'seur_aduana_destino_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 270 register_setting( 'seur-advanced-settings-section', 'seur_descripcion_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 271 //'seur_uploads_dir' already registered 264 272 } 265 273 add_action( 'admin_init', 'display_seur_advanced_settings_panel_fields' ); -
seur/trunk/core/pages/setting-options/user-settings.php
r3176965 r3283287 347 347 348 348 // register all setings. 349 register_setting( 'seur-user-settings-section', 'seur_test_field' ); 350 register_setting( 'seur-user-settings-section', 'seur_log_field' ); 351 register_setting( 'seur-user-settings-section', 'seur_nif_field' ); 352 register_setting( 'seur-user-settings-section', 'seur_rates_tax_field' ); 353 register_setting( 'seur-user-settings-section', 'seur_rates_type_field' ); 354 register_setting( 'seur-user-settings-section', 'seur_empresa_field' ); 355 register_setting( 'seur-user-settings-section', 'seur_viatipo_field' ); 356 register_setting( 'seur-user-settings-section', 'seur_vianombre_field' ); 357 register_setting( 'seur-user-settings-section', 'seur_vianumero_field' ); 358 register_setting( 'seur-user-settings-section', 'seur_escalera_field' ); 359 register_setting( 'seur-user-settings-section', 'seur_piso_field' ); 360 register_setting( 'seur-user-settings-section', 'seur_puerta_field' ); 361 register_setting( 'seur-user-settings-section', 'seur_postal_field' ); 362 register_setting( 'seur-user-settings-section', 'seur_poblacion_field' ); 363 register_setting( 'seur-user-settings-section', 'seur_provincia_field' ); 364 register_setting( 'seur-user-settings-section', 'seur_pais_field' ); 365 register_setting( 'seur-user-settings-section', 'seur_telefono_field' ); 366 register_setting( 'seur-user-settings-section', 'seur_email_field' ); 367 register_setting( 'seur-user-settings-section', 'seur_contacto_nombre_field' ); 368 register_setting( 'seur-user-settings-section', 'seur_contacto_apellidos_field' ); 369 register_setting( 'seur-user-settings-section', 'seur_client_secret_field' ); 370 register_setting( 'seur-user-settings-section', 'seur_user_field' ); 371 register_setting( 'seur-user-settings-section', 'seur_password_field' ); 372 register_setting( 'seur-user-settings-section', 'seur_client_id_field' ); 373 register_setting( 'seur-user-settings-section', 'seur_accountnumber_field' ); 374 register_setting( 'seur-user-settings-section', 'seur_ccc_field' ); 375 register_setting( 'seur-user-settings-section', 'seur_int_ccc_field' ); 376 register_setting( 'seur-user-settings-section', 'seur_franquicia_field' ); 349 register_setting( 'seur-user-settings-section', 'seur_test_field', [ 'sanitize_callback' => 'rest_sanitize_boolean' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 350 register_setting( 'seur-user-settings-section', 'seur_log_field' , [ 'sanitize_callback' => 'rest_sanitize_boolean' ]); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 351 352 register_setting( 'seur-user-settings-section', 'seur_nif_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 353 register_setting( 'seur-user-settings-section', 'seur_rates_tax_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 354 register_setting( 'seur-user-settings-section', 'seur_rates_type_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 355 register_setting( 'seur-user-settings-section', 'seur_empresa_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 356 register_setting( 'seur-user-settings-section', 'seur_viatipo_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 357 register_setting( 'seur-user-settings-section', 'seur_vianombre_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 358 register_setting( 'seur-user-settings-section', 'seur_vianumero_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 359 register_setting( 'seur-user-settings-section', 'seur_escalera_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 360 register_setting( 'seur-user-settings-section', 'seur_piso_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 361 register_setting( 'seur-user-settings-section', 'seur_puerta_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 362 register_setting( 'seur-user-settings-section', 'seur_postal_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 363 register_setting( 'seur-user-settings-section', 'seur_poblacion_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 364 register_setting( 'seur-user-settings-section', 'seur_provincia_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 365 register_setting( 'seur-user-settings-section', 'seur_pais_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 366 register_setting( 'seur-user-settings-section', 'seur_telefono_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 367 register_setting( 'seur-user-settings-section', 'seur_email_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 368 register_setting( 'seur-user-settings-section', 'seur_contacto_nombre_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 369 register_setting( 'seur-user-settings-section', 'seur_contacto_apellidos_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 370 register_setting( 'seur-user-settings-section', 'seur_client_secret_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 371 register_setting( 'seur-user-settings-section', 'seur_user_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 372 register_setting( 'seur-user-settings-section', 'seur_password_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 373 register_setting( 'seur-user-settings-section', 'seur_client_id_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 374 register_setting( 'seur-user-settings-section', 'seur_accountnumber_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 375 register_setting( 'seur-user-settings-section', 'seur_ccc_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 376 register_setting( 'seur-user-settings-section', 'seur_int_ccc_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 377 register_setting( 'seur-user-settings-section', 'seur_franquicia_field', [ 'sanitize_callback' => 'sanitize_text_field' ] ); // phpcs:ignore PluginCheck.CodeAnalysis.SettingSanitization.register_settingDynamic -- Sanitization callback is safe and known 377 378 } 378 379 add_action( 'admin_init', 'display_seur_user_sittings_panel_fields' ); -
seur/trunk/core/pages/seur-get-labels.php
r3254005 r3283287 171 171 } 172 172 173 if ( $_SERVER['REQUEST_METHOD'] != 'POST') { ?>173 if (isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] != 'POST') { ?> 174 174 <div class="wrap"> 175 175 <h1 class="wp-heading-inline"><?php esc_html_e( 'Modify Packages', 'seur' ); ?></h1> … … 212 212 } 213 213 214 if ( $_SERVER['REQUEST_METHOD'] === 'POST' && isset( $_POST['seur-number-packages'] ) && isset( $_POST['seur-shipping-weight'] ) ) {214 if (isset( $_SERVER['REQUEST_METHOD'] ) && $_SERVER['REQUEST_METHOD'] === 'POST' && isset( $_POST['seur-number-packages'] ) && isset( $_POST['seur-shipping-weight'] ) ) { 215 215 if ( ! isset( $_POST['seur_modify_packages_nonce_field'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['seur_modify_packages_nonce_field'] ) ), 'seur_modify_packages_action' ) ) { 216 216 exit; … … 249 249 <?php 250 250 } else { 251 echo '<p>' . esc_html__( 'Error updating packages: ' . $response['errors'][0]['detail'], 'seur') . '</p>';251 echo '<p>' . esc_html__( 'Error updating packages: ', 'seur'). esc_html($response['errors'][0]['detail']) . '</p>'; 252 252 } 253 253 } else { -
seur/trunk/core/pages/status/status-check.php
r3176965 r3283287 354 354 <td data-export-label="Check for <?php echo esc_html( $table_name ); ?>"><?php echo esc_html__( 'Check for', 'seur' ) . ' ' . esc_html( $table_name ); ?></td> 355 355 <?php 356 if ( $wpdb->get_var( $wpdb->prepare( 'SHOW TABLES LIKE %d', $table_name ) ) === $table_name ) { 356 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Table existence check is required 357 if ( $wpdb->get_var( $wpdb->prepare( 'SHOW TABLES LIKE %s', $table_name ) ) === $table_name ) { 357 358 echo '<td><span class="yes">✔</span></td>'; 358 359 } else { -
seur/trunk/core/tracking/back/tracking-back.php
r3254005 r3283287 15 15 function seur_register_meta_boxes_tracking() { 16 16 $screen = seur_get_order_screen(); 17 $order_id = isset($_GET['id']) ? $_GET['id'] : ''; 17 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended -- Nonce verification is not applicable here 18 $order_id = isset( $_GET['id'] ) ? absint( wp_unslash( $_GET['id'] ) ) : 0; 18 19 if (seur()->is_seur_order($order_id)) { 19 20 add_meta_box('seurmetaboxtracking', __('SEUR Tracking', 'seur'), 'seur_metabox_tracking_callback', $screen, 'side', 'low'); -
seur/trunk/core/woocommerce/includes/class-seur_local_shipping_method.php
r3234068 r3283287 241 241 $i++; 242 242 } 243 seur()->slog('$centro: ' . print_r($centro, true)); 243 seur()->slog('$centro: ' . print_r($centro, true)); // phpcs:ignore WordPress.PHP.DevelopmentFunctions.error_log_print_r 244 244 return $centro; 245 245 //} … … 436 436 */ 437 437 function seur_validation_2shop_fields() { 438 438 // phpcs:ignore WordPress.Security.NonceVerification.Missing -- not needed 439 439 $seur_cutom_rate_ID = sanitize_text_field( wp_unslash($_POST['shipping_method'][0]??'')); 440 440 if (seur()->is_seur_local_method($seur_cutom_rate_ID)) { -
seur/trunk/core/woocommerce/includes/class-wc-shipping-seur.php
r3209024 r3283287 365 365 public function clear_transients() { 366 366 global $wpdb; 367 367 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table deletion not caching applicable 368 368 $wpdb->query( "DELETE FROM `$wpdb->options` WHERE `option_name` LIKE ('_transient_seur_quote_%') OR `option_name` LIKE ('_transient_timeout_seur_quote_%')" ); 369 369 } -
seur/trunk/core/woocommerce/includes/metabox/seur-metabox.php
r3254005 r3283287 15 15 function seur_register_meta_boxes() { 16 16 $screen = seur_get_order_screen(); 17 $order_id = isset($_GET['id']) ? $_GET['id'] : ''; 17 // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended -- Nonce verification is not applicable here 18 $order_id = isset( $_GET['id'] ) ? absint( wp_unslash( $_GET['id'] ) ) : 0; 18 19 if (seur()->is_seur_order($order_id)) { 19 20 add_meta_box('seurmetabox', __('SEUR Labels', 'seur'), 'seur_metabox_callback', $screen, 'side', 'low'); … … 42 43 ); 43 44 add_thickbox(); 45 // phpcs:ignore PluginCheck.CodeAnalysis.ImageFunctions.NonEnqueuedImage -- Image is static and not stored in the media library 44 46 echo '<img src="'. esc_url( SEUR_PLUGIN_URL ) .'assets/img/icon-96x37.png" alt="SEUR Image" width="96" height="37" />'; 45 47 for ($k=0;$k<=1;$k++) { … … 59 61 <?php 60 62 } 61 } else { ?>62 <img src="<?php echo esc_url( SEUR_PLUGIN_URL ); ?>assets/img/icon-96x37.png" alt="SEUR Image" width="96" height="37" /> 63 <?php63 } else { 64 // phpcs:ignore PluginCheck.CodeAnalysis.ImageFunctions.NonEnqueuedImage -- Image is static and not stored in the media library 65 echo '<img src="'. esc_url( SEUR_PLUGIN_URL ) .'assets/img/icon-96x37.png" alt="SEUR Image" width="96" height="37" />'; 64 66 $url_upload_dir = get_site_option( 'seur_uploads_url_labels' ); 65 67 $label_ids = seur_get_labels_ids($order->get_id()); -
seur/trunk/core/woocommerce/includes/seur-woo-functions.php
r3261412 r3283287 26 26 function seur_add_cart_weight_hpos( $order_id ) 27 27 { 28 if (WC()->cart ) {28 if (WC()->cart && WC()->cart->cart_contents_count > 0) { 29 29 $order = new WC_Order($order_id); 30 30 31 $product_name = ''; 31 32 $ship_methods = maybe_unserialize($order->get_shipping_methods()); 32 33 foreach ($ship_methods as $ship_method) { … … 53 54 function seur_add_cart_weight( $order_id ) { 54 55 global $woocommerce; 55 56 $weight = $woocommerce->cart->cart_contents_weight; 57 update_post_meta( $order_id, '_seur_cart_weight', $weight ); 56 if ( $woocommerce->cart->cart_contents_count > 0 ) { 57 $weight = $woocommerce->cart->cart_contents_weight; 58 update_post_meta($order_id, '_seur_cart_weight', $weight); 59 } 58 60 } 59 61 … … 264 266 $action = $wp_list_table->current_action(); 265 267 268 // 2. check the ID 269 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 266 270 if (isset($_REQUEST['id'])) { 271 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 267 272 $post_ids = array_map( 'absint', (array) $_REQUEST['id'] ); 268 273 } 274 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 269 275 if (isset($_REQUEST['post'])) { 276 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 270 277 $post_ids = array_map( 'absint', (array) $_REQUEST['post'] ); 271 278 } … … 328 335 } 329 336 337 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 330 338 if ( isset( $_GET['post_status'] ) ) { 331 $sendback = add_query_arg( 'post_status', sanitize_text_field(wp_unslash($_GET['post_status'])), $sendback ); 339 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 340 $sendback = add_query_arg( 'post_status', sanitize_text_field(wp_unslash($_GET['post_status'])), $sendback ); 332 341 } 333 342 … … 502 511 <option value="seur" 503 512 <?php 513 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 504 514 $_shop_order_seur_shipping_method = isset( $_GET['_shop_order_seur_shipping_method'] ) ? esc_attr( sanitize_text_field(wp_unslash($_GET['_shop_order_seur_shipping_method']))) : ''; 505 515 if ($_shop_order_seur_shipping_method == 'seur') { … … 529 539 530 540 function seur_filter_orders_by_shipping_method_query( $vars ) { 531 532 533 if ( seur_is_order_page($typenow) &&534 isset( $_GET['_shop_order_seur_shipping_method'] ) &&535 !empty($_GET['_shop_order_seur_shipping_method'])) {541 global $typenow; 542 543 // phpcs:ignore WordPress.Security.NonceVerification.Recommended 544 if (seur_is_order_page( $typenow ) && isset( $_GET['_shop_order_seur_shipping_method'] ) && ! empty( $_GET['_shop_order_seur_shipping_method'] ) 545 ) { 536 546 $products = seur()->get_products(); 537 $vars['meta_key'] = '_seur_shipping'; 538 $vars['meta_value'] = 'seur'; 547 // Filtro por defecto 548 $meta_query = [ 549 [ 550 'key' => '_seur_shipping', 551 'value' => 'seur', 552 ] 553 ]; 554 $user_input = sanitize_text_field( wp_unslash( $_GET['_shop_order_seur_shipping_method'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended 539 555 foreach ( $products as $code => $product ) { 540 $custom_name = get_option( $product['field'].'_custom_name_field')?get_option($product['field'].'_custom_name_field'):$code;556 $custom_name = get_option( $product['field'] . '_custom_name_field' ) ?: $code; 541 557 $shippment_sani = sanitize_title( $custom_name ); 542 if ( $shippment_sani == sanitize_text_field( wp_unslash( $_GET['_shop_order_seur_shipping_method']))) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended 543 $vars['meta_key'] = '_seur_shipping_method_service_real_name'; 544 $vars['meta_value'] = $code; 558 559 if ( $shippment_sani === $user_input ) { 560 $meta_query = [ 561 [ 562 'key' => '_seur_shipping_method_service_real_name', 563 'value' => $code, 564 ] 565 ]; 545 566 break; 546 567 } 547 568 } 548 } 549 return $vars; 569 $vars['meta_query'] = $meta_query; // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query 570 } 571 return $vars; 550 572 } 551 573 if (seur_is_wc_order_hpos_enabled()) { -
seur/trunk/core/woocommerce/seur-woocommerce.php
r3176965 r3283287 168 168 // instance. 169 169 if ( ! $this->is_zone_has_seur( 0 ) ) { 170 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table insert, no caching applicable 170 171 $wpdb->query( $wpdb->prepare( "INSERT INTO {$wpdb->prefix}woocommerce_shipping_zone_methods ( zone_id, method_id, method_order, is_enabled ) VALUES ( %d, %s, %d, %d )", 0, 'seur', 1, 1 ) ); 171 172 // add settings to the newly created instance to options table. … … 232 233 public function is_zone_has_seur( $zone_id ) { 233 234 global $wpdb; 234 235 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Custom table lookup, no caching applicable 235 236 return (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(instance_id) FROM {$wpdb->prefix}woocommerce_shipping_zone_methods WHERE method_id = 'seur' AND zone_id = %d", $zone_id ) ) > 0; 236 237 } -
seur/trunk/loader.php
r3264469 r3283287 4 4 * Plugin URI: http://www.seur.com/ 5 5 * Description: Add SEUR shipping method to WooCommerce. The SEUR plugin for WooCommerce allows you to manage your order dispatches in a fast and easy way 6 * Version: 2.2.2 36 * Version: 2.2.24 7 7 * Author: SEUR Oficial 8 8 * Author URI: http://www.seur.com/ 9 * Tested up to: 6. 7.29 * Tested up to: 6.8 10 10 * WC requires at least: 3.0 11 11 * WC tested up to: 9.1.4 … … 20 20 use Automattic\WooCommerce\Utilities\FeaturesUtil; 21 21 22 define( 'SEUR_OFFICIAL_VERSION', '2.2.2 3' );22 define( 'SEUR_OFFICIAL_VERSION', '2.2.24' ); 23 23 define( 'SEUR_DB_VERSION', '1.0.5' ); 24 24 define( 'SEUR_TABLE_VERSION', '1.0.5' ); -
seur/trunk/readme.txt
r3264469 r3283287 3 3 Tags: woocommerce, shipping, seur, logistica, enviar paquete 4 4 Requires at least: 4.0 5 Tested up to: 6. 7.26 Stable tag: 2.2.2 35 Tested up to: 6.8 6 Stable tag: 2.2.24 7 7 WC requires at least: 3.0 8 8 WC tested up to: 9.1.4 … … 93 93 94 94 == Changelog == 95 96 == 2.2.24 == 97 * ADDED: WordPress 6.8 compatibility 98 * ADDED: Check cart before save weight 99 * FIXED: Vulnerability SET-467 95 100 96 101 == 2.2.23 == -
seur/trunk/uninstall.php
r3159775 r3283287 109 109 110 110 // Drop tables. 111 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.SchemaChange, WordPress.DB.DirectDatabaseQuery.NoCaching -- Required for uninstall cleanup no caching applicable 111 112 $wpdb->query( "DROP TABLE IF EXISTS {$wpdb->prefix}seur_reco" ); 113 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.SchemaChange, WordPress.DB.DirectDatabaseQuery.NoCaching -- Required for uninstall cleanup no caching applicable 112 114 $wpdb->query( "DROP TABLE IF EXISTS {$wpdb->prefix}seur_ecb" ); 115 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.SchemaChange, WordPress.DB.DirectDatabaseQuery.NoCaching -- Required for uninstall cleanup no caching applicable 113 116 $wpdb->query( "DROP TABLE IF EXISTS {$wpdb->prefix}seur_svpr" ); 117 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.SchemaChange, WordPress.DB.DirectDatabaseQuery.NoCaching -- Required for uninstall cleanup no caching applicable 114 118 $wpdb->query( "DROP TABLE IF EXISTS {$wpdb->prefix}seur_custom_rates" ); 115 119 116 120 // remove seur_labels post type. 121 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Removing custom post type and related data 117 122 $wpdb->query( "DELETE FROM {$wpdb->posts} WHERE post_type IN ('seur_labels');" ); 123 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Removing custom post type and related data 118 124 $wpdb->query( "DELETE meta FROM {$wpdb->postmeta} meta LEFT JOIN {$wpdb->posts} posts ON posts.ID = meta.post_id WHERE posts.ID IS NULL;" ); 125 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Removing custom post type and related data 119 126 $wpdb->delete( $wpdb->term_taxonomy, array( 'taxonomy' => 'labels-product' ) ); 127 120 128 // Delete orphan relationships. 129 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Removing custom post type and related data 121 130 $wpdb->query( "DELETE tr FROM {$wpdb->term_relationships} tr LEFT JOIN {$wpdb->posts} posts ON posts.ID = tr.object_id WHERE posts.ID IS NULL;" ); 122 131 123 132 // Delete orphan terms. 133 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Removing custom post type and related data 124 134 $wpdb->query( "DELETE t FROM {$wpdb->terms} t LEFT JOIN {$wpdb->term_taxonomy} tt ON t.term_id = tt.term_id WHERE tt.term_id IS NULL;" ); 125 135 126 136 // Delete orphan term meta. 127 137 if ( ! empty( $wpdb->termmeta ) ) { 138 // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching -- Removing custom post type and related data 128 139 $wpdb->query( "DELETE tm FROM {$wpdb->termmeta} tm LEFT JOIN {$wpdb->term_taxonomy} tt ON tm.term_id = tt.term_id WHERE tt.term_id IS NULL;" ); 129 140 }
Note: See TracChangeset
for help on using the changeset viewer.