Skip to content

Commit

Permalink
Merge branch 'zencart:master' into Multiple-taxes-support-in-ot-_modules
Browse files Browse the repository at this point in the history
  • Loading branch information
@piloujp
piloujp committed May 19, 2024
2 parents 96d70d5 + 3f2c407 commit 39a7bf3
Show file tree
Hide file tree
Showing 8 changed files with 368 additions and 91 deletions.
94 changes: 60 additions & 34 deletions admin/index_dashboard.php
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,53 @@
<?php
/**
* @copyright Copyright 2003-2022 Zen Cart Development Team
* @copyright Copyright 2003-2024 Zen Cart Development Team
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: DrByte 2020 Jul 10 Modified in v1.5.8-alpha $
* @version $Id: DrByte Modified in v2.0.1 $
*
* @var notifier $zco_notifier
*/

if (empty($currencies)) {
require_once DIR_WS_CLASSES . 'currencies.php';
$currencies = new currencies();
}

$widgets = [];
$widgets[] = ['column' => 1, 'sort' => 10, 'visible' => true, 'path' => DIR_WS_MODULES . 'dashboard_widgets/BaseStatisticsDashboardWidget.php'];
$widgets[] = ['column' => 1, 'sort' => 15, 'visible' => true, 'path' => DIR_WS_MODULES . 'dashboard_widgets/SpecialsDashboardWidget.php'];
$widgets[] = ['column' => 1, 'sort' => 20, 'visible' => true, 'path' => DIR_WS_MODULES . 'dashboard_widgets/OrderStatusDashboardWidget.php'];
$widgets[] = ['column' => 2, 'sort' => 10, 'visible' => true, 'path' => DIR_WS_MODULES . 'dashboard_widgets/RecentCustomersDashboardWidget.php'];
$widgets[] = ['column' => 2, 'sort' => 15, 'visible' => true, 'path' => DIR_WS_MODULES . 'dashboard_widgets/WhosOnlineDashboardWidget.php'];
$widgets[] = ['column' => 2, 'sort' => 20, 'visible' => true, 'path' => DIR_WS_MODULES . 'dashboard_widgets/TrafficDashboardWidget.php'];
$widgets[] = ['column' => 3, 'sort' => 10, 'visible' => true, 'path' => DIR_WS_MODULES . 'dashboard_widgets/RecentOrdersDashboardWidget.php'];
$widgets[] = ['column' => 3, 'sort' => 15, 'visible' => true, 'path' => DIR_WS_MODULES . 'dashboard_widgets/SalesReportDashboardWidget.php'];

$zco_notifier->notify('NOTIFY_ADMIN_DASHBOARD_WIDGETS', null, $widgets);

// Prepare for sorting: ensure each has its dependent columns, so multisort doesn't complain about inconsistent array sizes
foreach ($widgets as $key => $widget) {
if (!isset($widget['sort'])) {
$widgets[$key]['sort'] = 999;
}
if (!isset($widget['column'])) {
$widgets[$key]['column'] = 0; // 0-unspecified, will be ignored
}
}

// Sort in advance so the template can simply loop over each column without re-sorting.
array_multisort(array_column($widgets, 'column'), SORT_ASC, array_column($widgets, 'sort'), SORT_ASC, $widgets);

// Path validation (catch invalid path errors) and security LFI check (prevent loading files from outside)
$acceptedPath = realPath(DIR_FS_CATALOG);
foreach ($widgets as $key => $widget) {
$realPath = realpath($widget['path']);
if ($realPath === false || !str_starts_with($realPath, $acceptedPath) || !file_exists($widget['path'])) {
unset($widgets[$key]); // Skip if it's not under the intended directory or doesn't exist
}
}


?>
<!doctype html>
<html <?php echo HTML_PARAMS; ?>>
Expand Down Expand Up @@ -39,41 +76,30 @@
?>

<div id="colone" class="col-xs-12 col-sm-6 col-md-4 col-lg-4">

<?php
include DIR_WS_MODULES . 'dashboard_widgets/BaseStatisticsDashboardWidget.php';
?>

<?php
include DIR_WS_MODULES . 'dashboard_widgets/SpecialsDashboardWidget.php';
?>

<?php
include DIR_WS_MODULES . 'dashboard_widgets/OrderStatusDashboardWidget.php';
?>

<?php
foreach ($widgets as $widget) {
if ($widget['column'] === 1 && !empty($widget['visible'])) {
include $widget['path'];
}
}
?>
</div>
<div id="coltwo" class="col-xs-12 col-sm-6 col-md-4 col-lg-4">

<?php
include DIR_WS_MODULES . 'dashboard_widgets/RecentCustomersDashboardWidget.php';
?>
<?php
include DIR_WS_MODULES . 'dashboard_widgets/WhosOnlineDashboardWidget.php';
?>
<?php
include DIR_WS_MODULES . 'dashboard_widgets/TrafficDashboardWidget.php';
?>

<?php
foreach ($widgets as $widget) {
if ($widget['column'] === 2 && !empty($widget['visible'])) {
include $widget['path'];
}
}
?>
</div>
<div id="colthree" class="col-xs-12 col-sm-6 col-md-4 col-lg-4">

<?php
include DIR_WS_MODULES . 'dashboard_widgets/RecentOrdersDashboardWidget.php';
?>
<?php
include DIR_WS_MODULES . 'dashboard_widgets/SalesReportDashboardWidget.php';
?>

<?php
foreach ($widgets as $widget) {
if ($widget['column'] === 3 && !empty($widget['visible'])) {
include $widget['path'];
}
}
?>
</div>

20 changes: 15 additions & 5 deletions admin/orders.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@
unset($module);
}

$whois_provider_url = 'https://ipdata.co/%s?utm_source=zen_cart';
//$whois_provider_url = 'https://whois.domaintools.com/%s';

// Override instructions in:
// https://docs.zen-cart.com/user/admin/site_specific_overrides/
$quick_view_popover_enabled = $quick_view_popover_enabled ?? false;
Expand Down Expand Up @@ -620,12 +623,19 @@ function couponpopupWindow(url) {
<td><strong><?php echo TEXT_INFO_IP_ADDRESS; ?></strong></td>
<?php
if (!empty($order->info['ip_address'])) {
$lookup_ip = substr($order->info['ip_address'], 0, strpos($order->info['ip_address'], ' '));
$whois_url = 'https://ipdata.co/' . $lookup_ip . '?utm_source=zen_cart';
//$whois_url = 'https://whois.domaintools.com/' . $lookup_ip;
$zco_notifier->notify('ADMIN_ORDERS_IP_LINKS', $lookup_ip, $whois_url);
$ips = explode(' - ', $order->info['ip_address']);
$lookup_ip = $ips[0];
$whois_url = sprintf($whois_provider_url, $lookup_ip);
$lookup_ip2 = $ips[1] ?? '';
$whois_url2 = empty($lookup_ip2) ? '' : sprintf($whois_provider_url, $lookup_ip2);
$zco_notifier->notify('ADMIN_ORDERS_IP_LINKS', $lookup_ip, $whois_url, $whois_provider_url, $lookup_ip2, $whois_url2);
?>
<td class="noprint"><a href="<?php echo $whois_url; ?>" rel="noreferrer noopener" target="_blank"><?php echo $order->info['ip_address']; ?></a></td>
<td class="noprint">
<a href="<?= $whois_url ?>" rel="noreferrer noopener" target="_blank"><?= $lookup_ip ?></a>
<?php if (!empty($lookup_ip2) && $lookup_ip !== $lookup_ip2) { ?> -
<a href="<?= $whois_url2 ?>" rel="noreferrer noopener" target="_blank"><?= $lookup_ip2 ?></a>
<?php } ?>
</td>
<?php } else { ?>
<td><?php echo TEXT_UNKNOWN; ?></td>
<?php } ?>
Expand Down
18 changes: 10 additions & 8 deletions ajax.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,23 +44,25 @@ function ajaxAbort($status = 400, $msg = null)
}
// --- support functions ------------------



if (!isset($_GET['act']) || !isset($_GET['method'])) {
ajaxAbort();
}

$language_page_directory = DIR_WS_LANGUAGES . $_SESSION['language'] . '/';

$className = 'zc' . ucfirst($_GET['act']);
$classFile = $className . '.php';
$basePath = DIR_FS_CATALOG . DIR_WS_CLASSES;

if (!file_exists(realpath($basePath . 'ajax/' . basename($classFile)))) {
ajaxAbort();
$classFile = basename($className . '.php');
$classPath = DIR_WS_CLASSES . 'ajax/';
$basePath = DIR_FS_CATALOG;
if (file_exists(realpath($basePath . $classPath . $classFile))) {
require realpath($basePath . $classPath . $classFile);
} else {
$fs->loadFilesFromPluginsDirectory($installedPlugins, 'catalog/' . $classPath, '~^' . $classFile . '$~');
if (!class_exists($className)) {
ajaxAbort();
}
}

require realpath($basePath . 'ajax/' . basename($classFile));
$class = new $className();
if (!method_exists($class, $_GET['method'])) {
ajaxAbort(400, 'class method error');
Expand Down

0 comments on commit 39a7bf3

Please sign in to comment.