From 81c66b25b98dd8a90de89b869ee0dc46987db059 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 12:46:50 +0600 Subject: [PATCH 01/53] refactor: page view scripts load from template --- includes/PageViews.php | 33 ++++++---------------------- templates/page-views.php | 47 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 26 deletions(-) create mode 100644 templates/page-views.php diff --git a/includes/PageViews.php b/includes/PageViews.php index 028e9bca28..eb18e6082c 100755 --- a/includes/PageViews.php +++ b/includes/PageViews.php @@ -19,31 +19,13 @@ public function __construct() { } public function load_scripts() { - $nonce = wp_create_nonce( 'dokan_pageview' ); - - echo ''; + dokan_get_template( + 'page-views', array( + 'nonce' => wp_create_nonce( 'dokan_pageview' ), + 'post_id' => get_the_ID(), + 'ajax_url' => admin_url( 'admin-ajax.php' ), + ) + ); } public function load_views() { @@ -81,5 +63,4 @@ public function update_ajax() { wp_die(); } - } diff --git a/templates/page-views.php b/templates/page-views.php new file mode 100644 index 0000000000..6bd86520ef --- /dev/null +++ b/templates/page-views.php @@ -0,0 +1,47 @@ + + + From a8557eeb0a0bd64c66e235f53097ba1615fd889d Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 12:47:19 +0600 Subject: [PATCH 02/53] refactor: escaping tooltip text --- includes/Admin/Hooks.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/Admin/Hooks.php b/includes/Admin/Hooks.php index 0543fd0b55..1719795714 100644 --- a/includes/Admin/Hooks.php +++ b/includes/Admin/Hooks.php @@ -96,7 +96,7 @@ class="dokan_product_author_override" data-minimum_input_length="0" data-data='' > - + Date: Fri, 10 May 2024 12:47:43 +0600 Subject: [PATCH 03/53] refactor: escaping dokan withdraw method title --- includes/Admin/SetupWizard.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/Admin/SetupWizard.php b/includes/Admin/SetupWizard.php index d7353c5dbb..59b2e02bb7 100644 --- a/includes/Admin/SetupWizard.php +++ b/includes/Admin/SetupWizard.php @@ -515,7 +515,7 @@ public function dokan_setup_withdraw() {
From 879b16712d79ec5796b5d535ecb18f2c890270df Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 12:48:05 +0600 Subject: [PATCH 04/53] refactor: escaping installed error message --- includes/Admin/SetupWizardNoWC.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/Admin/SetupWizardNoWC.php b/includes/Admin/SetupWizardNoWC.php index 71f1a1e10a..3c15210fe9 100644 --- a/includes/Admin/SetupWizardNoWC.php +++ b/includes/Admin/SetupWizardNoWC.php @@ -129,7 +129,7 @@ public function install_woocommerce() { delete_transient( '_wc_activation_redirect' ); if ( is_wp_error( $installed ) ) { - wp_die( $installed->get_error_message(), __( 'Error installing WooCommerce plugin', 'dokan-lite' ) ); + wp_die( esc_html( $installed->get_error_message() ), esc_html__( 'Error installing WooCommerce plugin', 'dokan-lite' ) ); } set_transient( 'dokan_setup_wizard_no_wc', true, 15 * MINUTE_IN_SECONDS ); From 27f37c9cc6f6a6a0fca33f193b58831275e31b42 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 12:48:43 +0600 Subject: [PATCH 05/53] style: ignore scaping wc_esc_json function --- includes/Admin/SetupWizardWCAdmin.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/Admin/SetupWizardWCAdmin.php b/includes/Admin/SetupWizardWCAdmin.php index 1a6cd2b49d..b158dc0a15 100644 --- a/includes/Admin/SetupWizardWCAdmin.php +++ b/includes/Admin/SetupWizardWCAdmin.php @@ -287,7 +287,7 @@ class="switch-input" type="checkbox" name="wc-wizard-service--enabled" value="yes" - data-plugins="" + data-plugins="" > @@ -331,7 +331,7 @@ class="" placeholder="" - data-plugins="" + data-plugins="" /> From 854151f036190da73885994f327cda559861f298 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 12:49:06 +0600 Subject: [PATCH 06/53] refactor: escaping note and ship info --- includes/Ajax.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/Ajax.php b/includes/Ajax.php index 7b983a18f7..4b1926db53 100755 --- a/includes/Ajax.php +++ b/includes/Ajax.php @@ -414,7 +414,7 @@ public function add_order_note() { echo 'customer-note'; } echo '">
'; - echo wpautop( wptexturize( $note ) ); // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped + echo wp_kses_post( wpautop( wptexturize( $note ) ) ); echo '

' . esc_html__( 'Delete note', 'dokan-lite' ) . '

'; echo ''; } @@ -484,7 +484,7 @@ public function add_shipping_tracking_info() { echo '
  • '; - echo wpautop( wptexturize( $ship_info ) ); // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped + echo wp_kses_post( wpautop( wptexturize( $ship_info ) ) ); echo '

    ' . esc_html__( 'Delete', 'dokan-lite' ) . '

    '; echo '
    • '; From b2a4973cb25b8bef0cfb21c5f6696fa8b34fbc0f Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 12:49:28 +0600 Subject: [PATCH 07/53] refactor: heading control description --- includes/Customizer/HeadingControl.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/includes/Customizer/HeadingControl.php b/includes/Customizer/HeadingControl.php index f8514a0da6..5887b3f60c 100644 --- a/includes/Customizer/HeadingControl.php +++ b/includes/Customizer/HeadingControl.php @@ -28,7 +28,9 @@ protected function render_content() { description ) ) { ?> - description; ?> + + description, wp_kses_allowed_html( 'user_description' ) ); ?> + Date: Fri, 10 May 2024 12:50:03 +0600 Subject: [PATCH 08/53] style: ignore escaping the svg label image from radio image control --- includes/Customizer/RadioImageControl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/Customizer/RadioImageControl.php b/includes/Customizer/RadioImageControl.php index 85768bf89e..e723e26588 100644 --- a/includes/Customizer/RadioImageControl.php +++ b/includes/Customizer/RadioImageControl.php @@ -80,7 +80,7 @@ public function render_content() {
    From 52969798b254278b17680e8b20ae98acfbb78d85 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 16:00:34 +0600 Subject: [PATCH 28/53] refactor: escaping variables --- templates/products/listing-status-filter.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/products/listing-status-filter.php b/templates/products/listing-status-filter.php index b1e790860a..a3f44c9d82 100644 --- a/templates/products/listing-status-filter.php +++ b/templates/products/listing-status-filter.php @@ -20,7 +20,7 @@ total ) ); + printf( esc_html__( 'All (%s)', 'dokan-lite' ), esc_html( number_format_i18n( $post_counts->total ) ) ); ?> From 6eb097fb8263531ccd16f9b4320afafc4bfdfd72 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 16:00:51 +0600 Subject: [PATCH 29/53] refactor: title text --- templates/products/new-product.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/products/new-product.php b/templates/products/new-product.php index 65b379528c..4bc7b0a649 100755 --- a/templates/products/new-product.php +++ b/templates/products/new-product.php @@ -128,11 +128,11 @@ %s', esc_url( dokan_edit_product_url( $created_product ) ), - get_the_title( $created_product ) + esc_html( get_the_title( $created_product ) ) ) ); ?> From 616e251bf12d37f04acf1aefd987e03ec9f8627e Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 16:01:11 +0600 Subject: [PATCH 30/53] refactor: ecaping some text --- templates/products/products-listing.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/products/products-listing.php b/templates/products/products-listing.php index 86a258c40b..10dc773356 100755 --- a/templates/products/products-listing.php +++ b/templates/products/products-listing.php @@ -135,7 +135,7 @@ class="dokan-btn dokan-btn-theme" __( 'Simple', 'dokan-lite' ) ] ); + $product_types = apply_filters( 'dokan_product_types', [ 'simple' => esc_html__( 'Simple', 'dokan-lite' ) ] ); $args = array( 'posts_per_page' => 15, @@ -251,13 +251,13 @@ class="dokan-btn dokan-btn-theme" '_product_listing_filter_nonce' => wp_create_nonce( 'product_listing_filter' ), ], 'type' => 'array', - 'prev_text' => __( '« Previous', 'dokan-lite' ), - 'next_text' => __( 'Next »', 'dokan-lite' ), + 'prev_text' => esc_html__( '« Previous', 'dokan-lite' ), + 'next_text' => esc_html__( 'Next »', 'dokan-lite' ), ) ); echo '\n"; echo '
    '; } From 45969e7a35e80f6ce2127e5b7bb7f2324c278e22 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 16:01:26 +0600 Subject: [PATCH 31/53] refactor: escaping localize text --- .../settings/bank-payment-method-settings.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/templates/settings/bank-payment-method-settings.php b/templates/settings/bank-payment-method-settings.php index 19adba915f..9963fe9aed 100644 --- a/templates/settings/bank-payment-method-settings.php +++ b/templates/settings/bank-payment-method-settings.php @@ -27,7 +27,7 @@ ' . __( 'This is required', 'dokan-lite' ) . ''; + echo '' . esc_html__( 'This is required', 'dokan-lite' ) . ''; } ?> @@ -49,7 +49,7 @@ ' . __( 'This is required', 'dokan-lite' ) . ''; + echo '' . esc_html__( 'This is required', 'dokan-lite' ) . ''; } ?> @@ -66,7 +66,7 @@ ' . __( 'This is required', 'dokan-lite' ) . ''; + echo '' . esc_html__( 'This is required', 'dokan-lite' ) . ''; } ?> @@ -84,7 +84,7 @@ ' . __( 'This is required', 'dokan-lite' ) . ''; + echo '' . esc_html__( 'This is required', 'dokan-lite' ) . ''; } ?> @@ -102,7 +102,7 @@ ' . __( 'This is required', 'dokan-lite' ) . ''; + echo '' . esc_html__( 'This is required', 'dokan-lite' ) . ''; } ?> @@ -120,7 +120,7 @@ ' . __( 'This is required', 'dokan-lite' ) . ''; + echo '' . esc_html__( 'This is required', 'dokan-lite' ) . ''; } ?> @@ -138,7 +138,7 @@ ' . __( 'This is required', 'dokan-lite' ) . ''; + echo '' . esc_html__( 'This is required', 'dokan-lite' ) . ''; } ?> @@ -156,7 +156,7 @@ ' . __( 'This is required', 'dokan-lite' ) . ''; + echo '' . esc_html__( 'This is required', 'dokan-lite' ) . ''; } ?> From aedd25ea1d5507bc6ff2b8e4b813b3e6e9e65d43 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 16:01:44 +0600 Subject: [PATCH 32/53] refactor: ecaping some text --- templates/settings/payment.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/templates/settings/payment.php b/templates/settings/payment.php index 10f53ba3cb..b361a2c355 100644 --- a/templates/settings/payment.php +++ b/templates/settings/payment.php @@ -28,8 +28,11 @@ <?php echo esc_attr( $method_key ); ?> @@ -60,7 +63,7 @@ if ( isset( $profile_info['payment'][ $method_key ] ) && ! empty( dokan_withdraw_get_method_additional_info( $method_key ) ) ) { ?> - + From 9b45c34e8dc49ec84336dce3197ce42d8e048da5 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 16:02:03 +0600 Subject: [PATCH 33/53] refactor: dynamic time format data --- templates/settings/store-form.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/settings/store-form.php b/templates/settings/store-form.php index 86d9ffc671..5d52baa7f0 100644 --- a/templates/settings/store-form.php +++ b/templates/settings/store-form.php @@ -62,7 +62,7 @@
    - + banner ×
    @@ -102,7 +102,7 @@
    - + gravtar ×
    @@ -325,7 +325,7 @@ lang : dokan_helper.timepicker_locale, minTime : '12:00 am', maxTime : '11:30 pm', - timeFormat : '', + timeFormat : '', scrollDefault : 'now', }); From 19efdc286fac31978b163b3a075ceb4e9f8c5cd9 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 16:24:54 +0600 Subject: [PATCH 34/53] update: phpcs rule set for capabilities --- phpcs.xml.dist | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/phpcs.xml.dist b/phpcs.xml.dist index 2608411bbe..343d3d6f29 100755 --- a/phpcs.xml.dist +++ b/phpcs.xml.dist @@ -139,4 +139,28 @@ 0 + + + + + + + + + + + + + + + + + + + + + + + + From 24ca638e40508438ccdfae226fa3c79f5314d834 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 16:37:17 +0600 Subject: [PATCH 35/53] update: phpcs config --- phpcs.xml.dist | 24 ++++-------------------- 1 file changed, 4 insertions(+), 20 deletions(-) diff --git a/phpcs.xml.dist b/phpcs.xml.dist index 343d3d6f29..e29edffb01 100755 --- a/phpcs.xml.dist +++ b/phpcs.xml.dist @@ -140,27 +140,11 @@ 0 - + + - - - - - - - - - - - - - - - - - - - + + From 0266b6f58c096263f1d734099a7f3b47b6330458 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 16:53:51 +0600 Subject: [PATCH 36/53] update: phpcs rule as per woocommerce --- phpcs.xml.dist | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/phpcs.xml.dist b/phpcs.xml.dist index e29edffb01..0737a552dc 100755 --- a/phpcs.xml.dist +++ b/phpcs.xml.dist @@ -140,10 +140,30 @@ 0 - - + + + - + + + + + + + + + + + + + + + + + + + + From bfc1a4b3cb38480354757768d15b9dc376cddae3 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 10 May 2024 17:14:22 +0600 Subject: [PATCH 37/53] refactor: phpcs issues --- includes/Ajax.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/includes/Ajax.php b/includes/Ajax.php index 4b1926db53..be8591c592 100755 --- a/includes/Ajax.php +++ b/includes/Ajax.php @@ -265,8 +265,8 @@ public function grant_access_to_download() { include dirname( __DIR__ ) . '/templates/orders/order-download-permission-html.php'; - $loop ++; - $file_count ++; + $loop++; + $file_count++; } } } @@ -692,6 +692,7 @@ public function dokan_json_search_products_tags() { $drop_down_tags = apply_filters( 'dokan_search_product_tags_for_vendor_products', [ + 'taxonomy' => 'product_tag', 'name__like' => $name, 'hide_empty' => 0, 'orderby' => 'name', @@ -701,7 +702,7 @@ public function dokan_json_search_products_tags() { ] ); - $product_tags = get_terms( 'product_tag', $drop_down_tags ); + $product_tags = get_terms( $drop_down_tags ); if ( $product_tags ) { foreach ( $product_tags as $pro_term ) { From b7047d36373468ec8613a82e96957cc29704fd3e Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Mon, 13 May 2024 11:45:50 +0600 Subject: [PATCH 38/53] added: Available roles in the phpcs for PHPCS check --- phpcs.xml.dist | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/phpcs.xml.dist b/phpcs.xml.dist index 0737a552dc..ca6d2195f7 100755 --- a/phpcs.xml.dist +++ b/phpcs.xml.dist @@ -163,6 +163,48 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 0c374936d34191be7bd289446f81ea0126674e64 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Mon, 13 May 2024 11:46:45 +0600 Subject: [PATCH 39/53] refactor: fix wp data sanitization errors for SetupWizard.php --- includes/Admin/SetupWizard.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/Admin/SetupWizard.php b/includes/Admin/SetupWizard.php index 59b2e02bb7..b20a47cdc8 100644 --- a/includes/Admin/SetupWizard.php +++ b/includes/Admin/SetupWizard.php @@ -731,9 +731,9 @@ public function dokan_setup_withdraw_save() { check_admin_referer( 'dokan-setup' ); $options = get_option( 'dokan_withdraw', [] ); - $options['withdraw_methods'] = ! empty( $_POST['withdraw_methods'] ) ? wc_clean( wp_unslash( $_POST['withdraw_methods'] ) ) : []; + $options['withdraw_methods'] = ! empty( $_POST['withdraw_methods'] ) ? array_map( 'sanitize_text_field', wp_unslash( $_POST['withdraw_methods'] ) ) : []; $options['withdraw_limit'] = ! empty( $_POST['withdraw_limit'] ) ? (float) wc_format_decimal( sanitize_text_field( wp_unslash( $_POST['withdraw_limit'] ) ) ) < 0 ? 0 : wc_format_decimal( sanitize_text_field( wp_unslash( $_POST['withdraw_limit'] ) ) ) : 0; - $options['withdraw_order_status'] = ! empty( $_POST['withdraw_order_status'] ) ? wc_clean( wp_unslash( $_POST['withdraw_order_status'] ) ) : []; + $options['withdraw_order_status'] = ! empty( $_POST['withdraw_order_status'] ) ? sanitize_text_field( wp_unslash( $_POST['withdraw_order_status'] ) ) : []; /** * Filter dokan_withdraw options before saving in setup wizard From bfd36c5127cb14cfec1f0f0413b051deb636f2d1 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Mon, 13 May 2024 11:46:57 +0600 Subject: [PATCH 40/53] refactor: fix wp data sanitization errors for SetupWizardNoWC.php --- includes/Admin/SetupWizardNoWC.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/includes/Admin/SetupWizardNoWC.php b/includes/Admin/SetupWizardNoWC.php index 3c15210fe9..e4ba97be59 100644 --- a/includes/Admin/SetupWizardNoWC.php +++ b/includes/Admin/SetupWizardNoWC.php @@ -228,15 +228,15 @@ public static function add_wc_html_step_start() { public static function save_wc_store_setup_data() { check_admin_referer( 'dokan-setup' ); - $address = isset( $_POST['store_address'] ) ? wc_clean( wp_unslash( $_POST['store_address'] ) ) : ''; - $address_2 = isset( $_POST['store_address_2'] ) ? wc_clean( wp_unslash( $_POST['store_address_2'] ) ) : ''; - $city = isset( $_POST['store_city'] ) ? wc_clean( wp_unslash( $_POST['store_city'] ) ) : ''; - $country = isset( $_POST['store_country'] ) ? wc_clean( wp_unslash( $_POST['store_country'] ) ) : ''; - $state = isset( $_POST['store_state'] ) ? wc_clean( wp_unslash( $_POST['store_state'] ) ) : '*'; - $postcode = isset( $_POST['store_postcode'] ) ? wc_clean( wp_unslash( $_POST['store_postcode'] ) ) : ''; - $currency_code = isset( $_POST['currency_code'] ) ? wc_clean( wp_unslash( $_POST['currency_code'] ) ) : ''; - $product_type = isset( $_POST['product_type'] ) ? wc_clean( wp_unslash( $_POST['product_type'] ) ) : ''; - $sell_in_person = isset( $_POST['sell_in_person'] ) && ( 'on' === wc_clean( wp_unslash( $_POST['sell_in_person'] ) ) ); + $address = isset( $_POST['store_address'] ) ? sanitize_text_field( wp_unslash( $_POST['store_address'] ) ) : ''; + $address_2 = isset( $_POST['store_address_2'] ) ? sanitize_text_field( wp_unslash( $_POST['store_address_2'] ) ) : ''; + $city = isset( $_POST['store_city'] ) ? sanitize_text_field( wp_unslash( $_POST['store_city'] ) ) : ''; + $country = isset( $_POST['store_country'] ) ? sanitize_text_field( wp_unslash( $_POST['store_country'] ) ) : ''; + $state = isset( $_POST['store_state'] ) ? sanitize_text_field( wp_unslash( $_POST['store_state'] ) ) : '*'; + $postcode = isset( $_POST['store_postcode'] ) ? sanitize_text_field( wp_unslash( $_POST['store_postcode'] ) ) : ''; + $currency_code = isset( $_POST['currency_code'] ) ? sanitize_text_field( wp_unslash( $_POST['currency_code'] ) ) : ''; + $product_type = isset( $_POST['product_type'] ) ? sanitize_text_field( wp_unslash( $_POST['product_type'] ) ) : ''; + $sell_in_person = isset( $_POST['sell_in_person'] ) && ( 'on' === sanitize_text_field( wp_unslash( $_POST['sell_in_person'] ) ) ); update_option( 'woocommerce_store_address', $address ); update_option( 'woocommerce_store_address_2', $address_2 ); From 906d4399423e9609ac9ff85f2206e40a077a35f8 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Mon, 13 May 2024 13:52:08 +0600 Subject: [PATCH 41/53] refactor: fix wp data sanitization errors for SetupWizard.php --- includes/Admin/SetupWizard.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/Admin/SetupWizard.php b/includes/Admin/SetupWizard.php index b20a47cdc8..74ed839d88 100644 --- a/includes/Admin/SetupWizard.php +++ b/includes/Admin/SetupWizard.php @@ -731,9 +731,9 @@ public function dokan_setup_withdraw_save() { check_admin_referer( 'dokan-setup' ); $options = get_option( 'dokan_withdraw', [] ); - $options['withdraw_methods'] = ! empty( $_POST['withdraw_methods'] ) ? array_map( 'sanitize_text_field', wp_unslash( $_POST['withdraw_methods'] ) ) : []; + $options['withdraw_methods'] = ! empty( $_POST['withdraw_methods'] ) ? wc_clean( wp_unslash( $_POST['withdraw_methods'] ) ) : []; + $options['withdraw_order_status'] = ! empty( $_POST['withdraw_order_status'] ) ? wc_clean( wp_unslash( $_POST['withdraw_order_status'] ) ) : []; $options['withdraw_limit'] = ! empty( $_POST['withdraw_limit'] ) ? (float) wc_format_decimal( sanitize_text_field( wp_unslash( $_POST['withdraw_limit'] ) ) ) < 0 ? 0 : wc_format_decimal( sanitize_text_field( wp_unslash( $_POST['withdraw_limit'] ) ) ) : 0; - $options['withdraw_order_status'] = ! empty( $_POST['withdraw_order_status'] ) ? sanitize_text_field( wp_unslash( $_POST['withdraw_order_status'] ) ) : []; /** * Filter dokan_withdraw options before saving in setup wizard From 3bc0227e1c62243592d2f15b2cfeb4c0029a7556 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Mon, 13 May 2024 13:52:31 +0600 Subject: [PATCH 42/53] added: rules for custom sanitizing functions --- phpcs.xml.dist | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/phpcs.xml.dist b/phpcs.xml.dist index ca6d2195f7..b7d4ae7715 100755 --- a/phpcs.xml.dist +++ b/phpcs.xml.dist @@ -130,14 +130,13 @@ - - + - 0 + 0 From f336658ae0cc04c91fe8130bdd8351594f4a4b16 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Thu, 23 May 2024 11:35:00 +0600 Subject: [PATCH 43/53] refactor: html markup escaping --- templates/products/dokan-category-header-ui.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/products/dokan-category-header-ui.php b/templates/products/dokan-category-header-ui.php index 2e31e3f446..092aa6031d 100644 --- a/templates/products/dokan-category-header-ui.php +++ b/templates/products/dokan-category-header-ui.php @@ -28,7 +28,7 @@
    - + From 9011e77ca50cb6633138bc9a39bfc542a8e4fb31 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 24 May 2024 11:54:41 +0600 Subject: [PATCH 44/53] fix: template load issue for Page view --- includes/PageViews.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/PageViews.php b/includes/PageViews.php index eb18e6082c..32e465294f 100755 --- a/includes/PageViews.php +++ b/includes/PageViews.php @@ -19,8 +19,8 @@ public function __construct() { } public function load_scripts() { - dokan_get_template( - 'page-views', array( + dokan_get_template_part( + 'page-views', false, array( 'nonce' => wp_create_nonce( 'dokan_pageview' ), 'post_id' => get_the_ID(), 'ajax_url' => admin_url( 'admin-ajax.php' ), From ca9c085d6ee4715cca46a3a62d069c7727124116 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Fri, 24 May 2024 11:56:15 +0600 Subject: [PATCH 45/53] refactor: docblock for return type `dokan_get_product_types` --- includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/functions.php b/includes/functions.php index 1636bd171d..e7beb618b9 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -838,7 +838,7 @@ function dokan_get_post_status_label_class( $status = '' ) { * * @param string $status * - * @return string + * @return array */ function dokan_get_product_types( $status = '' ) { $types = apply_filters( From b6415cb8398cc350763a8882e5c10345fb57b904 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Mon, 27 May 2024 08:38:47 +0600 Subject: [PATCH 46/53] Update includes/Ajax.php Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- includes/Ajax.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/Ajax.php b/includes/Ajax.php index be8591c592..b7f93a7c52 100755 --- a/includes/Ajax.php +++ b/includes/Ajax.php @@ -265,8 +265,8 @@ public function grant_access_to_download() { include dirname( __DIR__ ) . '/templates/orders/order-download-permission-html.php'; - $loop++; - $file_count++; + ++$loop; + ++$file_count; } } } From 941271aedaaf1d2c830d49e0b418d82999626b70 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Mon, 27 May 2024 08:40:11 +0600 Subject: [PATCH 47/53] Update templates/settings/store-form.php Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --- templates/settings/store-form.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/settings/store-form.php b/templates/settings/store-form.php index 5d52baa7f0..7c4cf3e7af 100644 --- a/templates/settings/store-form.php +++ b/templates/settings/store-form.php @@ -325,7 +325,7 @@ lang : dokan_helper.timepicker_locale, minTime : '12:00 am', maxTime : '11:30 pm', - timeFormat : '', + timeFormat : '', scrollDefault : 'now', }); From 1a3496b4db7debe151a4c13947c75e0a1f2fd268 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Wed, 29 May 2024 14:58:47 +0600 Subject: [PATCH 48/53] refactor: WordPress coding standards and security issues --- includes/Admin/SetupWizard.php | 8 ++++++- includes/Order/Admin/Hooks.php | 6 ++--- includes/REST/ProductController.php | 25 +++++++++++---------- includes/Widgets/BestSellingProducts.php | 6 ++--- includes/Widgets/FilterByAttributes.php | 6 ++--- includes/Widgets/ProductCategoryMenu.php | 8 +++---- includes/Widgets/StoreCategoryMenu.php | 6 ++--- includes/Widgets/StoreContactForm.php | 7 +++--- includes/Widgets/StoreLocation.php | 6 ++--- includes/Widgets/StoreOpenClose.php | 6 ++--- includes/Widgets/TopratedProducts.php | 6 ++--- includes/functions.php | 28 ++++++++++-------------- includes/template-tags.php | 10 ++++----- phpcs.xml.dist | 1 + 14 files changed, 66 insertions(+), 63 deletions(-) diff --git a/includes/Admin/SetupWizard.php b/includes/Admin/SetupWizard.php index 74ed839d88..835ab9b2df 100644 --- a/includes/Admin/SetupWizard.php +++ b/includes/Admin/SetupWizard.php @@ -733,7 +733,13 @@ public function dokan_setup_withdraw_save() { $options = get_option( 'dokan_withdraw', [] ); $options['withdraw_methods'] = ! empty( $_POST['withdraw_methods'] ) ? wc_clean( wp_unslash( $_POST['withdraw_methods'] ) ) : []; $options['withdraw_order_status'] = ! empty( $_POST['withdraw_order_status'] ) ? wc_clean( wp_unslash( $_POST['withdraw_order_status'] ) ) : []; - $options['withdraw_limit'] = ! empty( $_POST['withdraw_limit'] ) ? (float) wc_format_decimal( sanitize_text_field( wp_unslash( $_POST['withdraw_limit'] ) ) ) < 0 ? 0 : wc_format_decimal( sanitize_text_field( wp_unslash( $_POST['withdraw_limit'] ) ) ) : 0; + + if ( ! empty( $_POST['withdraw_limit'] ) ) { + $input_limit = sanitize_text_field( wp_unslash( $_POST['withdraw_limit'] ) ); + $options['withdraw_limit'] = is_numeric( $input_limit ) && $input_limit >= 0 ? wc_format_decimal( $input_limit ) : 0; + } else { + $options['withdraw_limit'] = 0; + } /** * Filter dokan_withdraw options before saving in setup wizard diff --git a/includes/Order/Admin/Hooks.php b/includes/Order/Admin/Hooks.php index 6dc65283ed..1e8631127c 100644 --- a/includes/Order/Admin/Hooks.php +++ b/includes/Order/Admin/Hooks.php @@ -168,15 +168,15 @@ public function shop_order_custom_columns( $col, $post_id ) { * @since 3.8.0 Moved from includes/Admin/Hooks.php file * @since 3.8.0 Rewritten for HPOS * - * @param string[] $classes An array of post class names. - * @param string[] $class An array of additional class names added to the post. + * @param string[] $classes An array of post class names. + * @param string[] $css_class An array of additional class names added to the post. * @param int $post_id The post ID. * * @global WP_Post $post * * @return array */ - public function admin_shop_order_row_classes( $classes, $class, $post_id ) { + public function admin_shop_order_row_classes( $classes, $css_class, $post_id ) { if ( ! OrderUtil::is_order( $post_id ) ) { return $classes; } diff --git a/includes/REST/ProductController.php b/includes/REST/ProductController.php index bf8f9a696e..ee78d383e0 100644 --- a/includes/REST/ProductController.php +++ b/includes/REST/ProductController.php @@ -1197,24 +1197,24 @@ protected function prepare_object_for_database( $request, $creating = false ) { /** * Prepare links for the request. * - * @param WC_Data $object Object data. - * @param WP_REST_Request $request Request object. + * @param WC_Data $data_object Object data. + * @param WP_REST_Request $request Request object. * - * @return array Links for the given post. + * @return array Links for the given post. */ - protected function prepare_links( $object, $request ) { + protected function prepare_links( $data_object, $request ) { $links = [ 'self' => [ - 'href' => rest_url( sprintf( '/%s/%s/%d', $this->namespace, $this->base, $object->get_id() ) ), + 'href' => rest_url( sprintf( '/%s/%s/%d', $this->namespace, $this->base, $data_object->get_id() ) ), ], 'collection' => [ 'href' => rest_url( sprintf( '/%s/%s', $this->namespace, $this->base ) ), ], ]; - if ( $object->get_parent_id() ) { + if ( $data_object->get_parent_id() ) { $links['up'] = [ - 'href' => rest_url( sprintf( '/%s/products/%d', $this->namespace, $object->get_parent_id() ) ), + 'href' => rest_url( sprintf( '/%s/products/%d', $this->namespace, $data_object->get_parent_id() ) ), ]; } @@ -1343,9 +1343,7 @@ protected function get_attribute_taxonomy_name( $slug, $product ) { // Taxonomy attribute name. if ( $attribute->is_taxonomy() ) { - $taxonomy = $attribute->get_taxonomy_object(); - - return $taxonomy->attribute_label; + return $attribute->get_taxonomy_object()->attribute_label; } // Custom product attribute name. @@ -1398,7 +1396,9 @@ protected function get_attribute_options( $product_id, $attribute ) { 'fields' => 'names', ] ); - } elseif ( isset( $attribute['value'] ) ) { + } + + if ( isset( $attribute['value'] ) ) { return array_map( 'trim', explode( '|', $attribute['value'] ) ); } @@ -1505,6 +1505,7 @@ protected function set_product_images( $product, $images ) { if ( is_wp_error( $upload ) ) { if ( ! apply_filters( 'woocommerce_rest_suppress_image_upload_error', false, $upload, $product->get_id(), $images ) ) { + dokan_log( 'Error uploading image: ' . $upload->get_error_message() ); throw new WC_REST_Exception( 'woocommerce_product_image_upload_error', esc_html( $upload->get_error_message() ), 400 ); } else { continue; @@ -1514,7 +1515,7 @@ protected function set_product_images( $product, $images ) { $attachment_id = wc_rest_set_uploaded_image_as_attachment( $upload, $product->get_id() ); } - if ( ! wp_attachment_is_image( $attachment_id ) ) { + if ( $attachment_id && ! wp_attachment_is_image( $attachment_id ) ) { /* translators: %s: attachment id */ throw new WC_REST_Exception( 'woocommerce_product_invalid_image_id', sprintf( esc_html__( '#%s is an invalid image ID.', 'dokan-lite' ), esc_html( $attachment_id ) ), 400 ); } diff --git a/includes/Widgets/BestSellingProducts.php b/includes/Widgets/BestSellingProducts.php index 32f7c15bbd..b519d6b515 100755 --- a/includes/Widgets/BestSellingProducts.php +++ b/includes/Widgets/BestSellingProducts.php @@ -37,10 +37,10 @@ public function widget( $args, $instance ) { $r = dokan_get_best_selling_products( $no_of_product, $vendor_id, $paged, $hide_outofstock ); - echo $args['before_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_widget'] ); if ( ! empty( $title ) ) { - echo $args['before_title'] . $title . $args['after_title']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_title'] . $title . $args['after_title'] ); } dokan_get_template_part( @@ -50,7 +50,7 @@ public function widget( $args, $instance ) { ) ); - echo $args['after_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['after_widget'] ); wp_reset_postdata(); } diff --git a/includes/Widgets/FilterByAttributes.php b/includes/Widgets/FilterByAttributes.php index a7fd37357c..1045290d1b 100755 --- a/includes/Widgets/FilterByAttributes.php +++ b/includes/Widgets/FilterByAttributes.php @@ -54,17 +54,17 @@ public function widget( $args, $instance ) { $title = isset( $instance['title'] ) ? apply_filters( 'widget_title', $instance['title'] ) : ''; $query_type = isset( $instance['query_type'] ) ? apply_filters( 'widget_query_type', $instance['query_type'] ) : ''; - echo $args['before_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_widget'] ); if ( ! empty( $title ) ) { - echo $args['before_title'] . $title . $args['after_title']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_title'] . $title . $args['after_title'] ); } $seller_id = empty( $seller_id ) ? get_query_var( 'author' ) : $seller_id; dokan_store_term_menu_list( $seller_id, $taxonomy, $query_type ); - echo $args['after_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['after_widget'] ); wp_reset_postdata(); } diff --git a/includes/Widgets/ProductCategoryMenu.php b/includes/Widgets/ProductCategoryMenu.php index 55e44808f9..e5c2a0dcd1 100755 --- a/includes/Widgets/ProductCategoryMenu.php +++ b/includes/Widgets/ProductCategoryMenu.php @@ -33,10 +33,10 @@ public function widget( $args, $instance ) { $title = isset( $instance['title'] ) ? apply_filters( 'widget_title', $instance['title'] ) : ''; - echo $args['before_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_widget'] ); if ( ! empty( $title ) ) { - echo $args['before_title'] . $title . $args['after_title']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_title'] . $title . $args['after_title'] ); } ?>
    @@ -54,13 +54,13 @@ public function widget( $args, $instance ) { $walker = new CategoryWalker(); echo '
      '; - echo call_user_func_array( array( &$walker, 'walk' ), array( $categories, 0, array() ) ); // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( call_user_func_array( array( &$walker, 'walk' ), array( $categories, 0, array() ) ) ); echo '
    '; ?>
    __( 'Store Product Category', 'dokan-lite' ), @@ -43,12 +43,12 @@ public function widget( $args, $instance ) { $seller_id = (int) get_query_var( 'author' ); if ( ! empty( $title ) ) { - echo $args['before_title'] . $title . $args['after_title']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_title'] . $title . $args['after_title'] ); } dokan_store_category_menu( $seller_id, $title ); - echo $args['after_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['after_widget'] ); } do_action( 'dokan_widget_store_categories_render', $args, $instance, $this ); diff --git a/includes/Widgets/StoreContactForm.php b/includes/Widgets/StoreContactForm.php index 67bdf16fde..f9d3d1e77d 100755 --- a/includes/Widgets/StoreContactForm.php +++ b/includes/Widgets/StoreContactForm.php @@ -59,10 +59,10 @@ public function widget( $args, $instance ) { $store_info = dokan_get_store_info( $seller_id ); - echo $args['before_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_widget'] ); if ( ! empty( $title ) ) { - echo $args['before_title'] . $title . $args['after_title']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_title'] . $title . $args['after_title'] ); } $username = ''; @@ -83,7 +83,7 @@ public function widget( $args, $instance ) { ) ); - echo $args['after_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['after_widget'] ); } do_action( 'dokan_widget_store_contact_form_render', $args, $instance, $this ); @@ -99,7 +99,6 @@ public function widget( $args, $instance ) { * @return array The validated and (if necessary) amended settings */ public function update( $new_instance, $old_instance ) { - // update logic goes here $updated_instance = $new_instance; return $updated_instance; diff --git a/includes/Widgets/StoreLocation.php b/includes/Widgets/StoreLocation.php index 01d53269af..d54ab21730 100755 --- a/includes/Widgets/StoreLocation.php +++ b/includes/Widgets/StoreLocation.php @@ -50,10 +50,10 @@ public function widget( $args, $instance ) { return; } - echo $args['before_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_widget'] ); if ( ! empty( $title ) ) { - echo $args['before_title'] . $title . $args['after_title']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_title'] . $title . $args['after_title'] ); } do_action( 'dokan_store_widget_before_map', $store_info ); @@ -66,7 +66,7 @@ public function widget( $args, $instance ) { do_action( 'dokan_store_widget_after_map', $store_info ); - echo $args['after_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['after_widget'] ); } do_action( 'dokan_widget_store_location_render', $args, $instance, $this ); diff --git a/includes/Widgets/StoreOpenClose.php b/includes/Widgets/StoreOpenClose.php index f1e456dfad..ffdf3a2f48 100644 --- a/includes/Widgets/StoreOpenClose.php +++ b/includes/Widgets/StoreOpenClose.php @@ -61,10 +61,10 @@ public function widget( $args, $instance ) { return; } - echo $args['before_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_widget'] ); if ( ! empty( $title ) ) { - echo $args['before_title'] . $title . $args['after_title']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_title'] . $title . $args['after_title'] ); } dokan_get_template_part( @@ -75,7 +75,7 @@ public function widget( $args, $instance ) { ] ); - echo $args['after_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['after_widget'] ); } do_action( 'dokan_widget_store_open_close_render', $args, $instance, $this ); diff --git a/includes/Widgets/TopratedProducts.php b/includes/Widgets/TopratedProducts.php index ad8b3e4b1e..693f0c95af 100755 --- a/includes/Widgets/TopratedProducts.php +++ b/includes/Widgets/TopratedProducts.php @@ -34,10 +34,10 @@ public function widget( $args, $instance ) { $r = dokan_get_top_rated_products( $no_of_product ); - echo $args['before_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_widget'] ); if ( ! empty( $title ) ) { - echo $args['before_title'] . $title . $args['after_title']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['before_title'] . $title . $args['after_title'] ); } dokan_get_template_part( @@ -47,7 +47,7 @@ public function widget( $args, $instance ) { ) ); - echo $args['after_widget']; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( $args['after_widget'] ); wp_reset_postdata(); } diff --git a/includes/functions.php b/includes/functions.php index e7beb618b9..2e24e17b24 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -838,7 +838,7 @@ function dokan_get_post_status_label_class( $status = '' ) { * * @param string $status * - * @return array + * @return string */ function dokan_get_product_types( $status = '' ) { $types = apply_filters( @@ -1095,11 +1095,11 @@ function dokan_admin_product_columns( $columns ) { * * @param string $option settings field name * @param string $section the section name this field belongs to - * @param string $default default text if it's not found + * @param string $default_value default text if it's not found * * @return mixed */ -function dokan_get_option( $option, $section, $default = '' ) { +function dokan_get_option( $option, $section, $default_value = '' ) { [ $option, $section ] = dokan_admin_settings_rearrange_map( $option, $section ); $options = get_option( $section ); @@ -1108,7 +1108,7 @@ function dokan_get_option( $option, $section, $default = '' ) { return $options[ $option ]; } - return $default; + return $default_value; } /** @@ -1154,11 +1154,7 @@ function dokan_is_seller_enabled( $user_id ): bool { function dokan_is_seller_trusted( $user_id ) { $publishing = get_user_meta( $user_id, 'dokan_publishing', true ); - if ( $publishing === 'yes' ) { - return true; - } - - return false; + return $publishing === 'yes'; } /** @@ -1199,7 +1195,11 @@ function dokan_get_store_url( $user_id ) { function dokan_get_current_page_url() { global $wp; - return add_query_arg( $_SERVER['QUERY_STRING'], '', home_url( $wp->request ) ); + if ( ! empty( $_SERVER['QUERY_STRING'] ) ) { + return add_query_arg( wc_clean( wp_unslash( $_SERVER['QUERY_STRING'] ) ), '', home_url( $wp->request ) ); + } + + return home_url( $wp->request ); } /** @@ -1210,11 +1210,7 @@ function dokan_get_current_page_url() { * @return bool */ function dokan_is_store_review_page() { - if ( get_query_var( 'store_review' ) === 'true' ) { - return true; - } - - return false; + return get_query_var( 'store_review' ) === 'true'; } /** @@ -1481,7 +1477,7 @@ function dokan_get_percentage_of( $this_period = 0, $last_period = 0 ) { $this_period = intval( $this_period ); $last_period = intval( $last_period ); - if ( 0 === $this_period && 0 === $last_period || $this_period === $last_period ) { + if ( ( 0 === $this_period && 0 === $last_period ) || $this_period === $last_period ) { $class = 'up'; } elseif ( 0 === $this_period ) { $parcent = $last_period * 100; diff --git a/includes/template-tags.php b/includes/template-tags.php index 17a36287d6..9a5e08fbec 100755 --- a/includes/template-tags.php +++ b/includes/template-tags.php @@ -271,10 +271,10 @@ function dokan_order_listing_status_filter() { {$status_key} ?? 0; - $formatted_order_count = $status_key === 'all' ? number_format_i18n( $total_orders ) : number_format_i18n( $status_order_count ); + $formatted_order_count = $status_key === 'all' ? $total_orders : $status_order_count; /* translators: 1: Order status label 2: Order count */ - printf( esc_html__( '%1$s (%2$s)', 'dokan-lite' ), esc_html( $status_label ), esc_html( $formatted_order_count ) ); + printf( esc_html__( '%1$s (%2$s)', 'dokan-lite' ), esc_html( $status_label ), number_format_i18n( $formatted_order_count ) ); ?> @@ -296,7 +296,7 @@ function dokan_order_listing_status_filter() { * * @return void */ - function dokan_store_category_menu( $seller_id, $title = '' ) { + function dokan_store_category_menu( $seller_id ) { ?>
    get_store_categories(); $walker = new \WeDevs\Dokan\Walkers\StoreCategory( $seller_id ); echo '
      '; - echo call_user_func_array( array( &$walker, 'walk' ), array( $categories, 0, array() ) ); //phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped,WordPress.Security.EscapeOutput.OutputNotEscaped + echo wp_kses_post( call_user_func_array( array( &$walker, 'walk' ), array( $categories, 0, array() ) ) ); echo '
    '; } ?> @@ -384,7 +384,7 @@ function dokan_store_term_menu_list( $seller_id, $taxonomy, $query_type ) { echo '
  • -  ' . esc_html( $term->name ) . ' (' . esc_html( $term->count ) . ') +  ' . esc_html( $term->name ) . ' (' . esc_html( $term->count ) . ')
    • '; } echo ''; diff --git a/phpcs.xml.dist b/phpcs.xml.dist index 4049d3de59..d69d409516 100755 --- a/phpcs.xml.dist +++ b/phpcs.xml.dist @@ -202,6 +202,7 @@ + From 703679da5593c8304fd14556ea0cf1d8f3bea416 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Wed, 29 May 2024 15:19:15 +0600 Subject: [PATCH 49/53] refactor: WordPress coding standards and security issues --- includes/Admin/Hooks.php | 4 ++-- includes/Admin/SetupWizardNoWC.php | 18 +++++++++--------- includes/Admin/SetupWizardWCAdmin.php | 4 ++-- includes/functions.php | 16 ++++------------ 4 files changed, 17 insertions(+), 25 deletions(-) diff --git a/includes/Admin/Hooks.php b/includes/Admin/Hooks.php index 1719795714..6c17da500c 100644 --- a/includes/Admin/Hooks.php +++ b/includes/Admin/Hooks.php @@ -165,9 +165,9 @@ public function search_vendors() { * * @return void */ - public function override_product_author_by_admin( $product_id, $post ) { + public function override_product_author_by_admin( $product_id ) { $product = wc_get_product( $product_id ); - $posted_vendor_id = ! empty( $_POST['dokan_product_author_override'] ) ? intval( wp_unslash( $_POST['dokan_product_author_override'] ) ) : 0; // phpcs:ignore + $posted_vendor_id = ! empty( $_POST['dokan_product_author_override'] ) ? (int) sanitize_key( wp_unslash( $_POST['dokan_product_author_override'] ) ) : 0; // phpcs:ignore WordPress.Security.NonceVerification.Missing if ( ! $posted_vendor_id ) { return; diff --git a/includes/Admin/SetupWizardNoWC.php b/includes/Admin/SetupWizardNoWC.php index e4ba97be59..3c15210fe9 100644 --- a/includes/Admin/SetupWizardNoWC.php +++ b/includes/Admin/SetupWizardNoWC.php @@ -228,15 +228,15 @@ public static function add_wc_html_step_start() { public static function save_wc_store_setup_data() { check_admin_referer( 'dokan-setup' ); - $address = isset( $_POST['store_address'] ) ? sanitize_text_field( wp_unslash( $_POST['store_address'] ) ) : ''; - $address_2 = isset( $_POST['store_address_2'] ) ? sanitize_text_field( wp_unslash( $_POST['store_address_2'] ) ) : ''; - $city = isset( $_POST['store_city'] ) ? sanitize_text_field( wp_unslash( $_POST['store_city'] ) ) : ''; - $country = isset( $_POST['store_country'] ) ? sanitize_text_field( wp_unslash( $_POST['store_country'] ) ) : ''; - $state = isset( $_POST['store_state'] ) ? sanitize_text_field( wp_unslash( $_POST['store_state'] ) ) : '*'; - $postcode = isset( $_POST['store_postcode'] ) ? sanitize_text_field( wp_unslash( $_POST['store_postcode'] ) ) : ''; - $currency_code = isset( $_POST['currency_code'] ) ? sanitize_text_field( wp_unslash( $_POST['currency_code'] ) ) : ''; - $product_type = isset( $_POST['product_type'] ) ? sanitize_text_field( wp_unslash( $_POST['product_type'] ) ) : ''; - $sell_in_person = isset( $_POST['sell_in_person'] ) && ( 'on' === sanitize_text_field( wp_unslash( $_POST['sell_in_person'] ) ) ); + $address = isset( $_POST['store_address'] ) ? wc_clean( wp_unslash( $_POST['store_address'] ) ) : ''; + $address_2 = isset( $_POST['store_address_2'] ) ? wc_clean( wp_unslash( $_POST['store_address_2'] ) ) : ''; + $city = isset( $_POST['store_city'] ) ? wc_clean( wp_unslash( $_POST['store_city'] ) ) : ''; + $country = isset( $_POST['store_country'] ) ? wc_clean( wp_unslash( $_POST['store_country'] ) ) : ''; + $state = isset( $_POST['store_state'] ) ? wc_clean( wp_unslash( $_POST['store_state'] ) ) : '*'; + $postcode = isset( $_POST['store_postcode'] ) ? wc_clean( wp_unslash( $_POST['store_postcode'] ) ) : ''; + $currency_code = isset( $_POST['currency_code'] ) ? wc_clean( wp_unslash( $_POST['currency_code'] ) ) : ''; + $product_type = isset( $_POST['product_type'] ) ? wc_clean( wp_unslash( $_POST['product_type'] ) ) : ''; + $sell_in_person = isset( $_POST['sell_in_person'] ) && ( 'on' === wc_clean( wp_unslash( $_POST['sell_in_person'] ) ) ); update_option( 'woocommerce_store_address', $address ); update_option( 'woocommerce_store_address_2', $address_2 ); diff --git a/includes/Admin/SetupWizardWCAdmin.php b/includes/Admin/SetupWizardWCAdmin.php index b158dc0a15..1a6cd2b49d 100644 --- a/includes/Admin/SetupWizardWCAdmin.php +++ b/includes/Admin/SetupWizardWCAdmin.php @@ -287,7 +287,7 @@ class="switch-input" type="checkbox" name="wc-wizard-service--enabled" value="yes" - data-plugins="" + data-plugins="" > @@ -331,7 +331,7 @@ class="" placeholder="" - data-plugins="" + data-plugins="" /> diff --git a/includes/functions.php b/includes/functions.php index 2e24e17b24..7d59a12cd8 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -106,11 +106,7 @@ function dokan_is_product_author( $product_id = 0 ) { $author = get_post_field( 'post_author', $product_id ); } - if ( absint( $author ) === apply_filters( 'dokan_is_product_author', dokan_get_current_user_id(), $product_id ) ) { - return true; - } - - return false; + return absint( $author ) === apply_filters( 'dokan_is_product_author', dokan_get_current_user_id(), $product_id ); } /** @@ -136,11 +132,7 @@ function dokan_is_store_page() { * @return bool */ function dokan_is_product_edit_page() { - if ( get_query_var( 'edit' ) && is_singular( 'product' ) ) { - return true; - } - - return false; + return get_query_var( 'edit' ) && is_singular( 'product' ); } /** @@ -2390,7 +2382,8 @@ function dokan_get_social_profile_fields() { * * @since 2.3 * - * @param bool verified + * @param bool $verified verified + * @param bool $required required * * @return void */ @@ -2468,7 +2461,6 @@ function dokan_get_seller_address( $seller_id = 0, $get_array = false ) { $zip = isset( $address['zip'] ) ? $address['zip'] : ''; $country_code = isset( $address['country'] ) ? $address['country'] : ''; - $state_code = isset( $address['state'] ) ? $address['state'] : ''; $state_code = isset( $address['state'] ) ? ( $address['state'] === 'N/A' ) ? '' : $address['state'] : ''; $country_name = isset( $countries[ $country_code ] ) ? $countries[ $country_code ] : ''; From 4c3f4b6fdc6df2d9de3d7557690be1a7d5bac5dc Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Wed, 29 May 2024 15:20:26 +0600 Subject: [PATCH 50/53] refactor: WordPress coding standards and security issues skip for non required code --- includes/functions.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/includes/functions.php b/includes/functions.php index 7d59a12cd8..6d0045f935 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -280,6 +280,7 @@ function dokan_count_stock_posts( $post_type, $user_id, $stock_type, $exclude_pr $exclude_product_types_text = "'" . implode( "', '", esc_sql( $exclude_product_types ) ) . "'"; if ( ! $results ) { + // @codingStandardsIgnoreStart $results = $wpdb->get_results( $wpdb->prepare( "SELECT p.post_status, COUNT( * ) AS num_posts @@ -301,6 +302,7 @@ function dokan_count_stock_posts( $post_type, $user_id, $stock_type, $exclude_pr ), ARRAY_A ); + // @codingStandardsIgnoreEnd } $post_status = array_keys( dokan_get_post_status() ); From b0480e7aa77bf0c7b26e6acd79e50ae579f52249 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Thu, 27 Jun 2024 09:36:08 +0600 Subject: [PATCH 51/53] update: enqueue script instead of template `templates/page-views.php` --- assets/js/page-views.js | 32 +++++ assets/src/js/page-views.js | 33 ++++++ includes/PageViews.php | 112 +++++++++++------- includes/functions.php | 2 +- .../products/dokan-category-header-ui.php | 2 +- webpack.config.js | 1 + 6 files changed, 134 insertions(+), 48 deletions(-) create mode 100644 assets/js/page-views.js create mode 100644 assets/src/js/page-views.js diff --git a/assets/js/page-views.js b/assets/js/page-views.js new file mode 100644 index 0000000000..fa6aafebd4 --- /dev/null +++ b/assets/js/page-views.js @@ -0,0 +1,32 @@ +/* + * ATTENTION: The "eval" devtool has been used (maybe by default in mode: "development"). + * This devtool is neither made for production nor for readable output files. + * It uses "eval()" calls to create a separate source file in the browser devtools. + * If you are trying to read the output file, select a different devtool (https://webpack.js.org/configuration/devtool/) + * or disable the default devtool with "devtool: false". + * If you are looking for production-ready output files, see mode: "production" (https://webpack.js.org/configuration/mode/). + */ +/******/ (() => { // webpackBootstrap +/******/ var __webpack_modules__ = ({ + +/***/ "./assets/src/js/page-views.js": +/*!*************************************!*\ + !*** ./assets/src/js/page-views.js ***! + \*************************************/ +/***/ (() => { + +eval("/* global dokanPageViewsParams */\n\njQuery(document).ready(function ($) {\n if (!localStorage) {\n return;\n }\n if (!window.dokanPageViewsParams) {\n return;\n }\n\n // Get today's date in the format of YYYY-MM-DD\n let newDate = new Date().toISOString().slice(0, 10);\n let dokanPageViewCount = JSON.parse(localStorage.getItem(\"dokan_pageview_count\"));\n\n // If there is no data in local storage or today's date is not same as the date in local storage.\n if (dokanPageViewCount === null || dokanPageViewCount.today && dokanPageViewCount.today !== newDate) {\n dokanPageViewCount = {\n \"today\": newDate,\n \"post_ids\": []\n };\n }\n\n // If the post id is not in the local storage, then send the ajax request.\n if (!dokanPageViewCount.post_ids.includes(window.dokanPageViewsParams.post_id)) {\n $.post(window.dokanPageViewsParams.ajax_url, {\n action: \"dokan_pageview\",\n _ajax_nonce: window.dokanPageViewsParams.nonce,\n post_id: window.dokanPageViewsParams.post_id\n });\n\n // Add the post id to the local storage.\n dokanPageViewCount.post_ids.push(window.dokanPageViewsParams.post_id);\n localStorage.setItem(\"dokan_pageview_count\", JSON.stringify(dokanPageViewCount));\n }\n});\n\n//# sourceURL=webpack://dokan/./assets/src/js/page-views.js?"); + +/***/ }) + +/******/ }); +/************************************************************************/ +/******/ +/******/ // startup +/******/ // Load entry module and return exports +/******/ // This entry module can't be inlined because the eval devtool is used. +/******/ var __webpack_exports__ = {}; +/******/ __webpack_modules__["./assets/src/js/page-views.js"](); +/******/ +/******/ })() +; \ No newline at end of file diff --git a/assets/src/js/page-views.js b/assets/src/js/page-views.js new file mode 100644 index 0000000000..9cba7aa6cd --- /dev/null +++ b/assets/src/js/page-views.js @@ -0,0 +1,33 @@ +/* global dokanPageViewsParams */ + +jQuery( document ).ready( function( $ ) { + if( ! localStorage ) { + return; + } + + if ( ! window.dokanPageViewsParams ) { + return; + } + + // Get today's date in the format of YYYY-MM-DD + let newDate = new Date().toISOString().slice(0, 10); + let dokanPageViewCount = JSON.parse(localStorage.getItem("dokan_pageview_count")); + + // If there is no data in local storage or today's date is not same as the date in local storage. + if ( dokanPageViewCount === null || ( dokanPageViewCount.today && dokanPageViewCount.today !== newDate ) ) { + dokanPageViewCount = { "today": newDate, "post_ids": [] }; + } + + // If the post id is not in the local storage, then send the ajax request. + if ( ! dokanPageViewCount.post_ids.includes( window.dokanPageViewsParams.post_id ) ) { + $.post( window.dokanPageViewsParams.ajax_url, { + action: "dokan_pageview", + _ajax_nonce: window.dokanPageViewsParams.nonce, + post_id: window.dokanPageViewsParams.post_id, + } ); + + // Add the post id to the local storage. + dokanPageViewCount.post_ids.push( window.dokanPageViewsParams.post_id ); + localStorage.setItem( "dokan_pageview_count", JSON.stringify( dokanPageViewCount ) ); + } +} ); diff --git a/includes/PageViews.php b/includes/PageViews.php index 32e465294f..b20390887d 100755 --- a/includes/PageViews.php +++ b/includes/PageViews.php @@ -3,64 +3,84 @@ namespace WeDevs\Dokan; /** - * Pageviews - for counting product post views. + * Page views - for counting product post views. */ class PageViews { - private $meta_key = 'pageview'; + private $meta_key = 'pageview'; - public function __construct() { - /* Registers the entry views extension scripts if we're on the correct page. */ - add_action( 'template_redirect', array( $this, 'load_views' ), 25 ); + public function __construct() { + /* Registers the entry views extension scripts if we're on the correct page. */ + add_action( 'template_redirect', array( $this, 'load_views' ), 25 ); - /* Add the entry views AJAX actions to the appropriate hooks. */ - add_action( 'wp_ajax_dokan_pageview', array( $this, 'update_ajax' ) ); - add_action( 'wp_ajax_nopriv_dokan_pageview', array( $this, 'update_ajax' ) ); - } + /* Add the entry views AJAX actions to the appropriate hooks. */ + add_action( 'wp_ajax_dokan_pageview', array( $this, 'update_ajax' ) ); + add_action( 'wp_ajax_nopriv_dokan_pageview', array( $this, 'update_ajax' ) ); + } - public function load_scripts() { - dokan_get_template_part( - 'page-views', false, array( - 'nonce' => wp_create_nonce( 'dokan_pageview' ), - 'post_id' => get_the_ID(), - 'ajax_url' => admin_url( 'admin-ajax.php' ), - ) - ); - } + /** + * Load the scripts + * + * @return void + */ + public function load_scripts() { + wp_enqueue_script( 'dokan-page-views', DOKAN_PLUGIN_ASSEST . '/js/page-views.js', array( 'jquery' ), DOKAN_PLUGIN_VERSION, true ); + wp_localize_script( + 'dokan-page-views', + 'dokanPageViewsParams', + array( + 'nonce' => wp_create_nonce( 'dokan_pageview' ), + 'post_id' => get_the_ID(), + 'ajax_url' => admin_url( 'admin-ajax.php' ), + ) + ); + } - public function load_views() { - if ( is_singular( 'product' ) ) { - global $post; + public function load_views() { + if ( is_singular( 'product' ) ) { + global $post; - if ( $post->post_author !== dokan_get_current_user_id() ) { - wp_enqueue_script( 'jquery' ); - add_action( 'wp_footer', array( $this, 'load_scripts' ) ); - } - } - } + if ( dokan_get_current_user_id() !== $post->post_author ) { + wp_enqueue_script( 'jquery' ); + add_action( 'wp_footer', array( $this, 'load_scripts' ) ); + } + } + } - public function update_view( $post_id = '' ) { - if ( ! empty( $post_id ) ) { - $old_views = get_post_meta( $post_id, $this->meta_key, true ); - $new_views = absint( $old_views ) + 1; + /** + * Update the view count + * + * @param int $post_id The post ID + * + * @return void + */ + public function update_view( $post_id = '' ) { + if ( ! empty( $post_id ) ) { + $old_views = get_post_meta( $post_id, $this->meta_key, true ); + $new_views = absint( $old_views ) + 1; - update_post_meta( $post_id, $this->meta_key, $new_views, $old_views ); - $seller_id = get_post_field( 'post_author', $post_id ); - Cache::delete( "pageview_{$seller_id}" ); - } - } + update_post_meta( $post_id, $this->meta_key, $new_views, $old_views ); + $seller_id = get_post_field( 'post_author', $post_id ); + Cache::delete( "pageview_{$seller_id}" ); + } + } - public function update_ajax() { - check_ajax_referer( 'dokan_pageview' ); + /** + * Update the view count via AJAX + * + * @return void + */ + public function update_ajax() { + check_ajax_referer( 'dokan_pageview' ); - if ( isset( $_POST['post_id'] ) ) { - $post_id = absint( $_POST['post_id'] ); - } + if ( isset( $_POST['post_id'] ) ) { + $post_id = absint( $_POST['post_id'] ); + } - if ( ! empty( $post_id ) ) { - $this->update_view( $post_id ); - } + if ( ! empty( $post_id ) ) { + $this->update_view( $post_id ); + } - wp_die(); - } + wp_die(); + } } diff --git a/includes/functions.php b/includes/functions.php index 6d0045f935..ff96872e08 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -832,7 +832,7 @@ function dokan_get_post_status_label_class( $status = '' ) { * * @param string $status * - * @return string + * @return array */ function dokan_get_product_types( $status = '' ) { $types = apply_filters( diff --git a/templates/products/dokan-category-header-ui.php b/templates/products/dokan-category-header-ui.php index 092aa6031d..0b9156ca01 100644 --- a/templates/products/dokan-category-header-ui.php +++ b/templates/products/dokan-category-header-ui.php @@ -20,7 +20,7 @@
    - +
    diff --git a/webpack.config.js b/webpack.config.js index 74478d8e88..b4fcf9cd85 100644 --- a/webpack.config.js +++ b/webpack.config.js @@ -53,6 +53,7 @@ const entryPoint = { 'reverse-withdrawal-style': '/assets/src/less/reverse-withdrawal.less', 'dokan-product-category-ui': '/assets/src/less/dokan-product-category-ui.less', 'dokan-admin-product-style': '/assets/src/less/dokan-admin-product.less', + 'page-views': './assets/src/js/page-views.js', }; const updatedConfig = { From f8296a5c03a255ec6657268067ad5e3671ffeb71 Mon Sep 17 00:00:00 2001 From: Al Amin Ahamed <34349365+mralaminahamed@users.noreply.github.com> Date: Thu, 27 Jun 2024 09:43:25 +0600 Subject: [PATCH 52/53] update: using escaping `wp_kses_post($this->description);` instead of `wp_kses( $this->description, wp_kses_allowed_html( 'user_description' ) );` --- includes/Customizer/HeadingControl.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/Customizer/HeadingControl.php b/includes/Customizer/HeadingControl.php index 5887b3f60c..8d03622e32 100644 --- a/includes/Customizer/HeadingControl.php +++ b/includes/Customizer/HeadingControl.php @@ -29,7 +29,7 @@ protected function render_content() { description ) ) { ?> - description, wp_kses_allowed_html( 'user_description' ) ); ?> + description ); ?> Date: Thu, 27 Jun 2024 09:45:16 +0600 Subject: [PATCH 53/53] delete: old tempalte for `page-views.php` --- templates/page-views.php | 47 ---------------------------------------- 1 file changed, 47 deletions(-) delete mode 100644 templates/page-views.php diff --git a/templates/page-views.php b/templates/page-views.php deleted file mode 100644 index 6bd86520ef..0000000000 --- a/templates/page-views.php +++ /dev/null @@ -1,47 +0,0 @@ - - -