Changeset 3451109

Timestamp:

01/31/2026 05:31:25 PM (3 weeks ago)

Author:

redefiningtheweb

Message:

Updated to version 2.3.0

Location:

mercado

Files:

• tags/2.2.0/admin/partials/ssp/ssp.class.php (deleted)
• tags/2.2.0/assets/imports (added)
• tags/2.2.0/assets/imports/all.css (added)
• tags/2.2.0/assets/imports/montserrat.css (added)
• trunk/admin/partials/ssp/ssp.class.php (deleted)
• trunk/admin/partials/ssp/ssp.customized.class.php (modified) (4 diffs)
• trunk/admin/rtwmer-class-mercado-admin.php (modified) (2 diffs)
• trunk/assets/imports (added)
• trunk/assets/imports/all.css (added)
• trunk/assets/imports/montserrat.css (added)
• trunk/public/partials/rtwmer_Vendor_Store/rtwmer_Vendor_Store_shortcode_cb.php (modified) (3 diffs)
• trunk/rtwmer-mercado.php (modified) (2 diffs)

mercado/trunk/admin/partials/ssp/ssp.customized.class.php

@@ -857 +857 @@
                     $rtwmer_field = ( $rtwmer_is_join ) ? $rtwmer_column['db'] : '`' . $rtwmer_column['db'] . '`';
 
-                    $rtwmer_global_search_clauses[] = $wpdb->prepare(
-                        "{$rtwmer_field} LIKE %s",
-                        '%' . $rtwmer_search_value . '%'
-                    );
+                    // $rtwmer_global_search_clauses[] = $wpdb->prepare("{$rtwmer_field} LIKE %s", '%' . $rtwmer_search_value . '%');
+                    $rtwmer_global_search_clauses[] = $rtwmer_field . " LIKE '%" . esc_sql( $wpdb->esc_like( $rtwmer_search_value ) ) . "%'";
                 }
             }
@@ -885 +883 @@
                 $rtwmer_field = ( $rtwmer_is_join ) ? $rtwmer_column['db'] : '`' . $rtwmer_column['db'] . '`';
 
-                $rtwmer_column_search_clauses[] = $wpdb->prepare(
-                    "{$rtwmer_field} LIKE %s",
-                    '%' . $rtwmer_search_value . '%'
-                );
+                // $rtwmer_column_search_clauses[] = $wpdb->prepare(
+                //     "{$rtwmer_field} LIKE %s",
+                //     '%' . $rtwmer_search_value . '%'
+                // );
+                $rtwmer_column_search_clauses[] = $rtwmer_field . " LIKE '%" . esc_sql( $wpdb->esc_like( $rtwmer_search_value ) ) . "%'";
             }
         }
@@ -965 +964 @@
             ";
         }
-
-        // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared
+        // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared,PluginCheck.Security.DirectDB.UnescapedDBParameter
         $rtwmer_results = $wpdb->get_results( $rtwmer_query );
+
 
         /**
@@ -973 +972 @@
          */
 
-        // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+        $rtwmer_table = esc_sql( $rtwmer_table );
+        $rtwmer_primary_key = esc_sql( $rtwmer_primary_key );
+        // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
         $rtwmer_records_total = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(`{$rtwmer_primary_key}`) FROM `{$rtwmer_table}`" ) );
 

mercado/trunk/admin/rtwmer-class-mercado-admin.php

@@ -1032 +1032 @@
             wp_dropdown_users($rtwmer_meta_args);
         }
+        wp_nonce_field( 'rtwmer_assign_user_action', 'rtwmer_assign_user_nonce' );
         do_action("rtwmer_add_field_in_vendor_metabox");
     }
@@ -1059 +1060 @@
     function rtwmer_mercado_redirect_post_location_cb($rtwmer_prod_location,$rtwmer_prod_id)
     {
+        if (
+            ! isset( $_POST['rtwmer_assign_user_nonce'] ) ||
+            ! wp_verify_nonce( sanitize_text_field(wp_unslash($_POST['rtwmer_assign_user_nonce'])), 'rtwmer_assign_user_action' )
+        ) {
+            return $rtwmer_prod_location;
+        }
         if( isset($_POST) && !empty($_POST) && is_array($_POST))
         {

mercado/trunk/public/partials/rtwmer_Vendor_Store/rtwmer_Vendor_Store_shortcode_cb.php

@@ -26 +26 @@
     $rtwmer_sort = "ASC";
 }
-
-if (isset($_POST['rtwmer_name']) && !empty($_POST['rtwmer_name'])) {
-    $rtwmer_vendor_name = isset($_POST['rtwmer_name']) ? sanitize_text_field(wp_unslash($_POST['rtwmer_name'])) : '';
-} else {
-    $rtwmer_vendor_name = "";
+if (
+    isset( $_POST['rtwmer_submit_form'], $_POST['rtwmer_store_search_nonce'] ) &&
+    wp_verify_nonce( sanitize_text_field(wp_unslash( $_POST['rtwmer_store_search_nonce'] )), 'rtwmer_store_search_action' )
+) {
+    if (isset($_POST['rtwmer_name']) && !empty($_POST['rtwmer_name'])) {
+        $rtwmer_vendor_name = isset($_POST['rtwmer_name']) ? sanitize_text_field(wp_unslash($_POST['rtwmer_name'])) : '';
+    } else {
+        $rtwmer_vendor_name = "";
+    }
 }
 
@@ -90 +94 @@
         </div>
     <div class="rtwmer_filter_fields">
-            <form method="post">
+            <form method="post">'.wp_nonce_field( 'rtwmer_store_search_action', 'rtwmer_store_search_nonce' ).'
                 <input type="text" name="rtwmer_name" class="rtwmer_vendor_name_field" placeholder="'.esc_html__("Search by vendor username","mercado").'">
                 <button type="submit" name="rtwmer_submit_form" class="rtwmer_form_submit mdc-button">
@@ -320 +324 @@
          $rtwmer_stores[] = '</div>';
   
-    if (empty($_POST['rtwmer_name'])) {
-        if ($rtwmer_total_users > $rtwmer_total_query) {
-            $rtwmer_temp_var = '<div id="rtwmer_ven_pagination" class="clearfix">';
-            $rtwmer_current_page = max(1, get_query_var('paged'));
-            $rtwmer_temp_var .= paginate_links(array(
-                'base' => get_pagenum_link(1) . '%_%',
-                'format' => '/page/%#%/',
-                'current' => $rtwmer_current_page,
-                'total' => $rtwmer_total_pages,
-                'prev_next' => true,
-                'type' => 'list',
-            ));
+    if (
+        isset( $_POST['rtwmer_submit_form'], $_POST['rtwmer_store_search_nonce'] ) &&
+        wp_verify_nonce( sanitize_text_field(wp_unslash( $_POST['rtwmer_store_search_nonce'] )), 'rtwmer_store_search_action' )
+    ){
+        if (empty($_POST['rtwmer_name'])) {
+            if ($rtwmer_total_users > $rtwmer_total_query) {
+                $rtwmer_temp_var = '<div id="rtwmer_ven_pagination" class="clearfix">';
+                $rtwmer_current_page = max(1, get_query_var('paged'));
+                $rtwmer_temp_var .= paginate_links(array(
+                    'base' => get_pagenum_link(1) . '%_%',
+                    'format' => '/page/%#%/',
+                    'current' => $rtwmer_current_page,
+                    'total' => $rtwmer_total_pages,
+                    'prev_next' => true,
+                    'type' => 'list',
+                ));
+            }
+            $rtwmer_temp_var .= '</div>';
+            $rtwmer_stores[] = $rtwmer_temp_var;
         }
-        $rtwmer_temp_var .= '</div>';
-        $rtwmer_stores[] = $rtwmer_temp_var;
     }
 

mercado/trunk/rtwmer-mercado.php

@@ -19 +19 @@
  * Plugin URI:        http://www.redefiningtheweb.com/plugins/
  * Description:       Turn your Woocommerce into MultiVendor MarketPlace, A Woocommerce Extension, which convert your store into a Multivendor Marketplace.
- * Version:           2.2.0
+ * Version:           2.3.0
  * Author:            RedefiningTheWeb
  * Author URI:        http://www.redefiningtheweb.com
@@ -27 +27 @@
  * Domain Path:       /languages
  * WC requires at least: 4.2.0
- * WC tested up to: 10.4.3
+ * WC tested up to: 9.4.2
  */