Showing with 34 additions and 23 deletions.
  1. +4 −0 CHANGELOG.md
  2. +2 −2 backend/settings-panel.class.php
  3. +1 −1 classes/fields.class.php
  4. +1 −1 classes/plugin.class.php
  5. +11 −11 inc/admin.php
  6. +1 −1 package.json
  7. +8 −1 readme.txt
  8. +2 −2 templates/admin/existing-meta.php
  9. +2 −2 templates/admin/ppom-fields.php
  10. +2 −2 woocommerce-product-addon.php
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
##### [Version 32.0.7](https://github.com/Codeinwp/woocommerce-product-addon/compare/v32.0.6...v32.0.7) (2023-05-03)

- Harden security

##### [Version 32.0.6](https://github.com/Codeinwp/woocommerce-product-addon/compare/v32.0.5...v32.0.6) (2023-04-19)

- [Fix] Resolved an issue where the Edit Cart feature was losing the value of certain fields based on conditional logic.
Expand Down
4 changes: 2 additions & 2 deletions backend/settings-panel.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -468,7 +468,7 @@ function ppom_migrate_settings_panel() {
if ( $old_settings == 'yes' ) {
delete_option( 'ppom_settings_migration_done' );

wp_redirect( $ppom_settings_url );
wp_redirect( esc_url_raw( $ppom_settings_url ) );
exit;
} else {

Expand All @@ -484,7 +484,7 @@ function ppom_migrate_settings_panel() {

update_option( 'ppom_settings_migration_done', 1 );

wp_redirect( $ppom_settings_url );
wp_redirect( esc_url_raw( $ppom_settings_url ) );
exit;
}
}
Expand Down
2 changes: 1 addition & 1 deletion classes/fields.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,7 @@ function load_script( $hook ) {
'loader' => PPOM_URL . '/images/loading.gif',
'ppomProActivated'=>ppom_pro_is_installed() ? 'yes' : 'no',
'i18n' => [
'addGroupUrl'=>add_query_arg( array( 'action' => 'new' ) ),
'addGroupUrl' => esc_url( add_query_arg( array( 'action' => 'new' ) ) ),
'addGroupLabel'=>esc_html__( 'Add New Group', 'woocommerce-product-addon' ),
'bulkActionsLabel'=>esc_html__( 'Bulk Actions', 'woocommerce-product-addon' ),
'deleteLabel'=>esc_html__( 'Delete', 'woocommerce-product-addon' ),
Expand Down
2 changes: 1 addition & 1 deletion classes/plugin.class.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,7 @@ function nm_meta_bulk_action() {
return;
}

wp_redirect( $sendback );
wp_redirect( esc_url_raw( $sendback ) );

exit();
}
Expand Down
22 changes: 11 additions & 11 deletions inc/admin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,10 +47,10 @@ function ppom_admin_product_meta_column( $column, $post_id ) {
),
$ppom_settings_url
);
echo sprintf( __( '<a href="%1$s">%2$s</a>', 'woocommerce-product-addon' ), $url_edit, $meta_title );
echo sprintf( __( '<a href="%1$s">%2$s</a>', 'woocommerce-product-addon' ), esc_url( $url_edit ), $meta_title );
echo ', ';
} else {
echo sprintf( __( '<a class="btn button" href="%1$s">%2$s</a>', 'woocommerce-product-addon' ), $ppom_settings_url, 'Add Fields' );
echo sprintf( __( '<a class="btn button" href="%1$s">%2$s</a>', 'woocommerce-product-addon' ), esc_url( $ppom_settings_url ), 'Add Fields' );
}
}
} elseif ( $ppom->ppom_settings ) {
Expand All @@ -61,9 +61,9 @@ function ppom_admin_product_meta_column( $column, $post_id ) {
),
$ppom_settings_url
);
echo sprintf( __( '<a href="%1$s">%2$s</a>', 'woocommerce-product-addon' ), $url_edit, $ppom->meta_title );
echo sprintf( __( '<a href="%1$s">%2$s</a>', 'woocommerce-product-addon' ), esc_url( $url_edit ), $ppom->meta_title );
} else {
echo sprintf( __( '<a class="btn button" href="%1$s">%2$s</a>', 'woocommerce-product-addon' ), $ppom_settings_url, 'Add Fields' );
echo sprintf( __( '<a class="btn button" href="%1$s">%2$s</a>', 'woocommerce-product-addon' ), esc_url( $ppom_settings_url ), 'Add Fields' );
}

break;
Expand Down Expand Up @@ -125,7 +125,7 @@ function ppom_meta_list( $post ) {
);
$ppom_setting_url = add_query_arg( $ppom_add_args, $ppom_setting );

$html .= sprintf( __( ' - <a href="%s" target="_blank">Create New Meta</a></p>', 'woocommerce-product-addon' ), $ppom_setting_url );
$html .= sprintf( __( ' - <a href="%s" target="_blank">Create New Meta</a></p>', 'woocommerce-product-addon' ), esc_url( $ppom_setting_url ) );

echo apply_filters( 'ppom_select_meta_in_product', $html, $ppom, $all_meta );

Expand Down Expand Up @@ -299,7 +299,7 @@ function ppom_admin_save_form_meta() {
'message' => __( 'Form added successfully', 'woocommerce-product-addon' ),
'status' => 'success',
'productmeta_id' => $ppom_id,
'redirect_to' => $redirect_to,
'redirect_to' => esc_url_raw( $redirect_to ),
);
} else {

Expand Down Expand Up @@ -336,7 +336,7 @@ function ppom_admin_update_form_meta() {
'message' => __( 'Since version 22.0, Database has some changes. Please Deactivate & then activate the PPOM plugin.', 'woocommerce-product-addon' ),
'status' => 'error',
'productmeta_id' => $productmeta_id,
'redirect_to' => $redirect_to,
'redirect_to' => esc_url_raw( $redirect_to ),
);

wp_send_json( $resp );
Expand Down Expand Up @@ -450,15 +450,15 @@ function( $pm ) {
'message' => __( 'Form updated successfully', 'woocommerce-product-addon' ),
'status' => 'success',
'productmeta_id' => $productmeta_id,
'redirect_to' => $redirect_to,
'redirect_to' => esc_url_raw( $redirect_to ),
);
} else {

$resp = array(
'message' => __( 'Form updated successfully.', 'woocommerce-product-addon' ),
'status' => 'success',
'productmeta_id' => $productmeta_id,
'redirect_to' => $redirect_to,
'redirect_to' => esc_url_raw( $redirect_to ),
);
}

Expand Down Expand Up @@ -677,7 +677,7 @@ function ppom_admin_bar_menu() {
array(
'id' => 'ppom-setting-bar',
'title' => sprintf( __( '%s', 'woocommerce-product-addon' ), $bar_title ),
'href' => $ppom_setting_url,
'href' => esc_url( $ppom_setting_url ),
)
);

Expand All @@ -697,7 +697,7 @@ function ppom_admin_bar_menu() {
array(
'id' => "ppom-setting-bar-{$meta->productmeta_id}",
'title' => sprintf( __( '%s', 'woocommerce-product-addon' ), $bar_title ),
'href' => $apply_link,
'href' => esc_url( $apply_link ),
'parent' => 'ppom-setting-bar',
)
);
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "woocommerce-product-addon",
"version": "32.0.6",
"version": "32.0.7",
"description": "PPOM for WooCommerce",
"main": "index.js",
"repository": "https://github.com/Codeinwp/woocommerce-product-addon",
Expand Down
9 changes: 8 additions & 1 deletion readme.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ Contributors: themeisle
Tags: woocommerce product addons, woocommerce product options, woocommerce product fields, woocommerce product, woocommerce product addon
Requires at least: 3.5
Tested up to: 6.2
Stable tag: 32.0.6
Stable tag: 32.0.7
License: GPLv2
License URI: http://www.gnu.org/licenses/gpl-2.0.html
Requires PHP: 7.2
Expand Down Expand Up @@ -122,6 +122,13 @@ If you feels that PPOM Free or PPOM PRO versions are not enough for your needs,

== Changelog ==

##### [Version 32.0.7](https://github.com/Codeinwp/woocommerce-product-addon/compare/v32.0.6...v32.0.7) (2023-05-03)

- Harden security




##### [Version 32.0.6](https://github.com/Codeinwp/woocommerce-product-addon/compare/v32.0.5...v32.0.6) (2023-04-19)

- [Fix] Resolved an issue where the Edit Cart feature was losing the value of certain fields based on conditional logic.
Expand Down
4 changes: 2 additions & 2 deletions templates/admin/existing-meta.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,13 +59,13 @@
array(
'productmeta_id' => $productmeta->productmeta_id,
'do_meta' => 'edit',
)
)
);
$url_clone = add_query_arg(
array(
'productmeta_id' => $productmeta->productmeta_id,
'do_meta' => 'clone',
)
)
);
$url_clone = wp_nonce_url( $url_clone, 'ppom_clone_nonce_action', 'ppom_clone_nonce' );
$url_products = admin_url( 'edit.php?post_type=product', ( is_ssl() ? 'https' : 'http' ) );
Expand Down
4 changes: 2 additions & 2 deletions templates/admin/ppom-fields.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,10 @@
'action' => false,
'productmeta_id' => false,
'do_meta' => false,
)
)
);

echo '<p><a class="btn btn-primary" href="' . $url_cancel . '">' . __( '&laquo; Existing Product Meta', 'woocommerce-product-addon' ) . '</a></p>';
echo '<p><a class="btn btn-primary" href="' . esc_url( $url_cancel ) . '">' . __( '&laquo; Existing Product Meta', 'woocommerce-product-addon' ) . '</a></p>';

$product_id = isset( $_GET['product_id'] ) ? intval( $_GET['product_id'] ) : '';

Expand Down
4 changes: 2 additions & 2 deletions woocommerce-product-addon.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* Plugin Name: PPOM for WooCommerce
* Plugin URI: https://themeisle.com/plugins/ppom-pro/
* Description: PPOM (Personalized Product Meta Manager) plugin allow WooCommerce Store Admin to create unlimited input fields and files to attach with Product Pages.
* Version: 32.0.6
* Version: 32.0.7
* Author: Themeisle
* Text Domain: woocommerce-product-addon
* Domain Path: /languages
Expand All @@ -26,7 +26,7 @@
define( 'PPOM_URL', untrailingslashit( plugin_dir_url( __FILE__ ) ) );
define( 'PPOM_WP_PLUGIN_DIR', untrailingslashit( plugin_dir_path( __DIR__ ) ) );
define( 'PPOM_BASENAME', basename( PPOM_WP_PLUGIN_DIR ) );
define( 'PPOM_VERSION', '32.0.6' );
define( 'PPOM_VERSION', '32.0.7' );
define( 'PPOM_DB_VERSION', '30.1.0' );
define( 'PPOM_PRODUCT_META_KEY', '_product_meta_id' );
define( 'PPOM_TABLE_META', 'nm_personalized' );
Expand Down