Skip to content

Commit

Permalink
[SOL-189] Added data sanitization functions.
Browse files Browse the repository at this point in the history
  • Loading branch information
@whereispolaris
whereispolaris committed Sep 11, 2024
1 parent 8c7bb17 commit a005b36
Show file tree
Hide file tree
Showing 6 changed files with 251 additions and 259 deletions.
100 changes: 50 additions & 50 deletions extend-protection/admin/class-helloextend-protection-admin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -578,45 +578,45 @@ public function helloextend_protection_for_woocommerce_settings_page_init()

// handle the scheduled jobs if the extend_product_sync settigns are being saved
if (isset($_REQUEST['page']) && isset($_REQUEST['tab']) && isset($_REQUEST['settings-updated'])) {
if ($_REQUEST['page'] == 'extend' && $_REQUEST['tab'] == 'catalog_sync' && $_REQUEST['settings-updated'] == 'true') {
if (sanitize_text_field($_REQUEST['page']) == 'extend' && sanitize_text_field($_REQUEST['tab']) == 'catalog_sync' && sanitize_text_field($_REQUEST['settings-updated']) == 'true') {

// check if extend_automated_product_sync = never : on save if schedule is set to never, reset the cron
$extend_automated_product_sync = $this->helloextend_protection_for_woocommerce_settings_catalog_sync_options['extend_automated_product_sync'];

switch ($extend_automated_product_sync) {
case 'never':
// Remove scheduled events.
wp_clear_scheduled_hook('sync_products_hourly');
wp_clear_scheduled_hook('sync_products_daily');
wp_clear_scheduled_hook('sync_products_weekly');
break;

case 'daily':
wp_clear_scheduled_hook('sync_products_hourly');
wp_clear_scheduled_hook('sync_products_weekly');
if (!wp_next_scheduled('sync_products_daily')) {
wp_schedule_event(time(), 'daily', 'sync_products_daily');
}
break;

case 'hourly':
wp_clear_scheduled_hook('sync_products_daily');
wp_clear_scheduled_hook('sync_products_weekly');
if (!wp_next_scheduled('sync_products_hourly')) {
wp_schedule_event(time(), 'hourly', 'sync_products_hourly');
}
break;

case 'weekly':
wp_clear_scheduled_hook('sync_products_hourly');
wp_clear_scheduled_hook('sync_products_daily');
if (!wp_next_scheduled('sync_products_weekly')) {
wp_schedule_event(time(), 'weekly', 'sync_products_weekly');
}
break;

default:
return;
case 'never':
// Remove scheduled events.
wp_clear_scheduled_hook('sync_products_hourly');
wp_clear_scheduled_hook('sync_products_daily');
wp_clear_scheduled_hook('sync_products_weekly');
break;

case 'daily':
wp_clear_scheduled_hook('sync_products_hourly');
wp_clear_scheduled_hook('sync_products_weekly');
if (!wp_next_scheduled('sync_products_daily')) {
wp_schedule_event(time(), 'daily', 'sync_products_daily');
}
break;

case 'hourly':
wp_clear_scheduled_hook('sync_products_daily');
wp_clear_scheduled_hook('sync_products_weekly');
if (!wp_next_scheduled('sync_products_hourly')) {
wp_schedule_event(time(), 'hourly', 'sync_products_hourly');
}
break;

case 'weekly':
wp_clear_scheduled_hook('sync_products_hourly');
wp_clear_scheduled_hook('sync_products_daily');
if (!wp_next_scheduled('sync_products_weekly')) {
wp_schedule_event(time(), 'weekly', 'sync_products_weekly');
}
break;

default:
return;
}
}
}
Expand Down Expand Up @@ -840,7 +840,7 @@ public function extend_automated_product_sync_callback()
{
$extend_automated_sync_dropdown_values = array('never', 'hourly', 'daily', 'weekly');
?>
<select name="helloextend_protection_for_woocommerce_catalog_sync_settings[extend_automated_product_sync]" id="extend_automated_product_sync">
<select name="helloextend_protection_for_woocommerce_catalog_sync_settings[extend_automated_product_sync]" id="extend_automated_product_sync">
<?php
// set default value if option is not set yet
if (!isset($this->helloextend_protection_for_woocommerce_settings_catalog_sync_options['extend_automated_product_sync'])) {
Expand All @@ -854,7 +854,7 @@ public function extend_automated_product_sync_callback()
echo '<option value="' . esc_attr($auto_sync) . '" ' . esc_attr($selected) . '>' . ucfirst(esc_attr($auto_sync)) . '</option>';
}
?>
</select>
</select>
<?php
}

Expand Down Expand Up @@ -892,7 +892,7 @@ public function extend_pdp_offer_location_callback()
);

?>
<select name="helloextend_protection_for_woocommerce_product_protection_settings[extend_pdp_offer_location]" id="extend_pdp_offer_location">
<select name="helloextend_protection_for_woocommerce_product_protection_settings[extend_pdp_offer_location]" id="extend_pdp_offer_location">
<?php
// set default value if option is not set yet
if (!isset($this->helloextend_protection_for_woocommerce_settings_product_protection_options['extend_pdp_offer_location'])) {
Expand All @@ -911,7 +911,7 @@ public function extend_pdp_offer_location_callback()
}
}
?>
</select>
</select>
<?php
// show information in a popup
echo '<label for="extend_pdp_offer_location"><a href="?page=extend-docs#offer_placement">What\'s this ?</a></label>';
Expand Down Expand Up @@ -949,7 +949,7 @@ public function extend_sp_offer_location_callback()
'other',
);
?>
<select name="helloextend_protection_for_woocommerce_shipping_protection_settings[extend_sp_offer_location]" id="extend_sp_offer_location">
<select name="helloextend_protection_for_woocommerce_shipping_protection_settings[extend_sp_offer_location]" id="extend_sp_offer_location">
<?php
// set default value if option is not set yet
if (!isset($this->helloextend_protection_for_woocommerce_settings_shipping_protection_options['extend_sp_offer_location'])) {
Expand All @@ -968,7 +968,7 @@ public function extend_sp_offer_location_callback()
}
}
?>
</select>
</select>

<?php
// show information in a popup
Expand Down Expand Up @@ -1008,36 +1008,36 @@ public function extend_product_protection_contract_create_callback()
public function extend_product_protection_contract_create_event_callback()
{
?>
<select name="helloextend_protection_for_woocommerce_product_protection_settings[extend_product_protection_contract_create_event]" id="extend_product_protection_contract_create_event">
<select name="helloextend_protection_for_woocommerce_product_protection_settings[extend_product_protection_contract_create_event]" id="extend_product_protection_contract_create_event">
<?php
$selected = (isset($this->helloextend_protection_for_woocommerce_settings_product_protection_options['extend_product_protection_contract_create_event'])
&& $this->helloextend_protection_for_woocommerce_settings_product_protection_options['extend_product_protection_contract_create_event'] === 'Order Create') ? 'selected' : '';
?>
<option value="Order Create" <?php echo esc_attr($selected); ?>>Order Create</option>
<option value="Order Create" <?php echo esc_attr($selected); ?>>Order Create</option>
<?php
$selected = (isset($this->helloextend_protection_for_woocommerce_settings_product_protection_options['extend_product_protection_contract_create_event'])
&& $this->helloextend_protection_for_woocommerce_settings_product_protection_options['extend_product_protection_contract_create_event'] === 'Fulfillment') ? 'selected' : '';
?>
<option value="Fulfillment" <?php echo esc_attr($selected); ?>>Fulfillment</option>
</select>
<option value="Fulfillment" <?php echo esc_attr($selected); ?>>Fulfillment</option>
</select>
<?php
}

public function extend_environment_callback()
{
?>
<select name="helloextend_protection_for_woocommerce_general_settings[extend_environment]" id="extend_environment">
<select name="helloextend_protection_for_woocommerce_general_settings[extend_environment]" id="extend_environment">
<?php
$selected = (isset($this->helloextend_protection_for_woocommerce_settings_general_options['extend_environment'])
&& $this->helloextend_protection_for_woocommerce_settings_general_options['extend_environment'] === 'sandbox') ? 'selected' : '';
?>
<option value="sandbox" <?php echo esc_attr($selected); ?>>Sandbox</option>
<option value="sandbox" <?php echo esc_attr($selected); ?>>Sandbox</option>
<?php
$selected = (isset($this->helloextend_protection_for_woocommerce_settings_general_options['extend_environment'])
&& $this->helloextend_protection_for_woocommerce_settings_general_options['extend_environment'] === 'live') ? 'selected' : '';
?>
<option value="live" <?php echo esc_attr($selected); ?>>Live</option>
</select>
<option value="live" <?php echo esc_attr($selected); ?>>Live</option>
</select>
<?php
}

Expand Down Expand Up @@ -1145,7 +1145,7 @@ function extend_sync_batch_callback()
{
$extend_sync_batch_dropdown_values = array('20', '50', '100', '200', '300', '400', '500');
?>
<select name="helloextend_protection_for_woocommerce_catalog_sync_settings[extend_sync_batch]" id="extend_sync_batch">
<select name="helloextend_protection_for_woocommerce_catalog_sync_settings[extend_sync_batch]" id="extend_sync_batch">
<?php
// set default value if option is not set yet
if (!isset($this->helloextend_protection_for_woocommerce_settings_catalog_sync_options['extend_sync_batch'])) {
Expand All @@ -1164,7 +1164,7 @@ function extend_sync_batch_callback()
}
}
?>
</select>
</select>
<?php
}

Expand Down
67 changes: 28 additions & 39 deletions extend-protection/helloextend-protection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,38 +119,38 @@ function extend_render_settings_page()
echo '</div>';

settings_errors(); ?>
<!-- begin tabs -->

<div class="wrap">
<h2>Extend Protection Settings</h2>
<h2 class="nav-tab-wrapper">
<a href="?page=extend-protection-settings&tab=general" class="nav-tab <?php echo (empty($_GET['tab']) || $_GET['tab'] === 'general') ? 'nav-tab-active' : ''; ?>">General Settings</a>
<a href="?page=extend-protection-settings&tab=product_protection" class="nav-tab <?php echo (isset($_GET['tab']) && $_GET['tab'] === 'product_protection') ? 'nav-tab-active' : ''; ?>">Product Protection</a>
<a href="?page=extend-protection-settings&tab=shipping_protection" class="nav-tab <?php echo (isset($_GET['tab']) && $_GET['tab'] === 'shipping_protection') ? 'nav-tab-active' : ''; ?>">Shipping Protection</a>
<a href="?page=extend-protection-settings&tab=catalog_sync" class="nav-tab <?php echo (isset($_GET['tab']) && $_GET['tab'] === 'catalog_sync') ? 'nav-tab-active' : ''; ?>">Catalog Sync</a>
</h2>
<div class="tab-content">
<!-- begin tabs -->

<div class="wrap">
<h2>Extend Protection Settings</h2>
<h2 class="nav-tab-wrapper">
<a href="?page=extend-protection-settings&tab=general" class="nav-tab <?php echo (empty($_GET['tab']) || sanitize_text_field($_GET['tab']) === 'general') ? 'nav-tab-active' : ''; ?>">General Settings</a>
<a href="?page=extend-protection-settings&tab=product_protection" class="nav-tab <?php echo (isset($_GET['tab']) && sanitize_text_field($_GET['tab']) === 'product_protection') ? 'nav-tab-active' : ''; ?>">Product Protection</a>
<a href="?page=extend-protection-settings&tab=shipping_protection" class="nav-tab <?php echo (isset($_GET['tab']) && sanitize_text_field($_GET['tab']) === 'shipping_protection') ? 'nav-tab-active' : ''; ?>">Shipping Protection</a>
<a href="?page=extend-protection-settings&tab=catalog_sync" class="nav-tab <?php echo (isset($_GET['tab']) && sanitize_text_field($_GET['tab']) === 'catalog_sync') ? 'nav-tab-active' : ''; ?>">Catalog Sync</a>
</h2>
<div class="tab-content">
<?php
$current_tab = isset($_GET['tab']) ? $_GET['tab'] : 'general';
$current_tab = isset($_GET['tab']) ? sanitize_text_field($_GET['tab']): 'general';

switch ($current_tab) {
case 'product_protection':
include_once 'tabs/product-protection.php';
break;
case 'shipping_protection':
include_once 'tabs/shipping-protection.php';
break;
case 'catalog_sync':
include_once 'tabs/catalog-sync.php';
break;
default:
include_once 'tabs/general-settings.php';
case 'product_protection':
include_once 'tabs/product-protection.php';
break;
case 'shipping_protection':
include_once 'tabs/shipping-protection.php';
break;
case 'catalog_sync':
include_once 'tabs/catalog-sync.php';
break;
default:
include_once 'tabs/general-settings.php';
}
?>
</div>
</div>
</div>
</div>

<!-- end tabs -->
<!-- end tabs -->
<?php

}
Expand All @@ -175,17 +175,6 @@ function extend_render_documentation_page()
<img src="' . esc_url(plugins_url() . '/extend-protection/images/woocommerce_hooks.jpg') . '" >
</div>
</div>';
//
// <div>
// <h3><a href="#" id="extend_2">2 - Second</a></h3>
// <div>Phasellus mattis tincidunt nibh.</div>
// </div>
// <div>
// <h3><a href="#" id="extend_3">3 - Third</a></h3>
// <div>Nam dui erat, auctor a, dignissim quis.</div>
// </div>
// </div>
// ';
}

function helloextend_protection_style()
Expand Down Expand Up @@ -341,13 +330,13 @@ function add_shipping_protection_fee()
}

if (isset($_POST['fee_amount']) && isset($_POST['fee_label'])) {
$fee_amount = floatval(number_format($_POST['fee_amount'] / 100, 2));
$fee_amount = floatval(number_format( sanitize_text_field($_POST['fee_amount']) / 100, 2));
$fee_label = sanitize_text_field($_POST['fee_label']);

if ($fee_amount && $fee_label) {
WC()->session->set('shipping_fee', true);
WC()->session->set('shipping_fee_value', $fee_amount);
WC()->session->set('shipping_quote_id', $_POST['shipping_quote_id']);
WC()->session->set('shipping_quote_id', sanitize_key($_POST['shipping_quote_id']));
} else {
echo ' No shipping protection fee added because of an error ';
}
Expand Down
20 changes: 10 additions & 10 deletions extend-protection/includes/class-helloextend-global.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -281,7 +281,7 @@ public static function get_extend_settings()
public static function add_to_cart_extend()
{
$warranty_product_id = wc_get_product_id_by_sku('extend-product-protection');
$quantity = $_REQUEST['quantity'];
$quantity = sanitize_key($_REQUEST['quantity']);
$extend_data = $_REQUEST['extendData'];

if (!isset($warranty_product_id) || !isset($quantity) || !isset($extend_data)) {
Expand All @@ -300,7 +300,7 @@ public function update_price($cart_object)
if (!empty($cart_items)) {

foreach ($cart_items as $key => $value) {
if (isset($value['extendData'])) {
if (isset($value['extendData']) && !empty($value['extendData'])) {
$value['data']->set_price(round($value['extendData']['price'] / 100, 2));
}
}
Expand All @@ -309,7 +309,7 @@ public function update_price($cart_object)

public function cart_item_price($price, $cart_item, $cart_item_key)
{
if (isset($cart_item['extendData'])) {
if (isset($cart_item['extendData']) && !empty($cart_item['extendData'])) {
$price = round($cart_item['extendData']['price'] / 100, 2);
return wc_price($price);
}
Expand All @@ -324,7 +324,7 @@ public function cart_item_price($price, $cart_item, $cart_item_key)
public function cart_item_name($name, $cart_item, $cart_item_key)
{

if (isset($cart_item['extendData'])) {
if (isset($cart_item['extendData']) && !empty($cart_item['extendData'])) {
$term = $cart_item['extendData']['term'];
return "Extend Protection Plan - {$term} Months";
}
Expand Down Expand Up @@ -355,7 +355,7 @@ public function order_item_name($name, $cart_item, $cart_item_key)
// This function transfers data from cart items, to order items
public function order_item_meta($item, $cart_item_key, $cart_item)
{
if (isset($cart_item['extendData'])) {
if (isset($cart_item['extendData']) && !empty($cart_item['extendData'])) {
$item->add_meta_data('_extend_data', $cart_item['extendData']);

$covered_id = $cart_item['extendData']['covered_product_id'];
Expand Down Expand Up @@ -384,7 +384,7 @@ public function checkout_details($data, $cart_item)
return $data;
}

if (isset($cart_item['extendData'])) {
if (isset($cart_item['extendData']) && !empty($cart_item['extendData'])) {
$covered_id = $cart_item['extendData']['covered_product_id'];
$term = $cart_item['extendData']['term'];
// $covered = self::extend_get_product($covered_id);
Expand Down Expand Up @@ -460,10 +460,10 @@ public static function get_extend_token()
$args = array(
'body' => json_encode(
array(
'grant_type' => 'client_credentials',
'client_id' => $client_id,
'client_secret' => $client_secret,
'client_assertion' => 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
'grant_type' => 'client_credentials',
'client_id' => $client_id,
'client_secret' => $client_secret,
'client_assertion' => 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
)
),
'headers' => array(
Expand Down
Loading

0 comments on commit a005b36

Please sign in to comment.