Skip to content

Commit

Permalink
Wip
Browse files Browse the repository at this point in the history
  • Loading branch information
@alexmigf
alexmigf committed Oct 29, 2024
1 parent 91ba102 commit d74d02d
Show file tree
Hide file tree
Showing 17 changed files with 231 additions and 130 deletions.
7 changes: 7 additions & 0 deletions assets/css/jquery-ui.min.css
View file

Large diffs are not rendered by default.

68 changes: 54 additions & 14 deletions includes/Admin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@ public function install_wizard_notice() {

public function setup_wizard() {
// Setup/welcome
if ( ! empty( $_GET['page'] ) && 'wpo-wcpdf-setup' === $_GET['page'] && wp_verify_nonce( $_GET['_wpnonce'], 'wpo_wcpdf_setup' ) ) {
if ( ! empty( $_GET['page'] ) && 'wpo-wcpdf-setup' === $_GET['page'] && isset( $_GET['_wpnonce'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ) ), 'wpo_wcpdf_setup' ) ) {
delete_transient( 'wpo_wcpdf_new_install' );
SetupWizard::instance();
}
Expand Down Expand Up @@ -331,7 +331,9 @@ public function add_listing_actions( $order ) {
* @param array $columns shop order columns
*/
public function add_invoice_columns( $columns ) {
if ( WPO_WCPDF()->order_util->custom_orders_table_usage_is_enabled() && isset( $_REQUEST['page'] ) && $_REQUEST['page'] == 'wc-orders' && isset( $_REQUEST['action'] ) && $_REQUEST['action'] == 'edit' ) {
$current_screen = get_current_screen();

if ( WPO_WCPDF()->order_util->custom_orders_table_usage_is_enabled() && 'woocommerce_page_wc-orders' !== $current_screen->id ) {
return $columns;
}

Expand Down Expand Up @@ -635,15 +637,35 @@ public function pdf_actions_meta_box( $post_or_order_object ) {
$unmark_printed = isset( $data['unmark_printed_url'] ) && $data['unmark_printed_url'] ? '<a class="unmark_printed" href="'.$data['unmark_printed_url'].'">'.__( 'Unmark', 'woocommerce-pdf-invoices-packing-slips' ).'</a>' : '';
$printed_data = isset( $data['printed'] ) && $data['printed'] && ! empty( $data['printed_data']['date'] ) ? '<p class="printed-data">&#x21b3; '.$printed.''.date_i18n( 'Y/m/d g:i:s a', strtotime( $data['printed_data']['date'] ) ).''.$unmark_printed.'</p>' : '';

$allowed_tags = array(
'svg' => array(
'class' => true,
'xmlns' => true,
'viewbox' => true, // Lowercase 'viewbox' because wp_kses() converts attribute names to lowercase
),
'path' => array(
'fill-rule' => true,
'clip-rule' => true,
'd' => true,
),
'p' => array(
'class' => true,
),
'a' => array(
'href' => true,
'class' => true,
),
);

printf(
'<li><a href="%1$s" class="button %2$s" target="_blank" alt="%3$s">%4$s%5$s</a>%6$s%7$s</li>',
esc_url( $url ),
esc_attr( $class ),
esc_attr( $alt ),
esc_html( $title ),
esc_html( $exists ),
esc_html( $manually_mark_printed ),
esc_html( $printed_data )
str_replace( 'viewbox=', 'viewBox=', wp_kses( $exists, $allowed_tags ) ),
wp_kses( $manually_mark_printed, $allowed_tags ),
str_replace( 'viewbox=', 'viewBox=', wp_kses( $printed_data, $allowed_tags ) )
);
}
?>
Expand Down Expand Up @@ -994,9 +1016,9 @@ public function save_invoice_number_date( $order_id, $order ) {

$order_type = $order->get_type();

if ( $order_type == 'shop_order' ) {
// bail if this is not an actual 'Save order' action
if ( ! isset( $_POST['action'] ) || $_POST['action'] != 'editpost' ) {
if ( 'shop_order' === $order_type ) {
// Check the nonce.
if ( empty( $_POST['woocommerce_meta_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['woocommerce_meta_nonce'] ) ), 'woocommerce_save_data' ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
return;
}

Expand Down Expand Up @@ -1058,9 +1080,14 @@ public function return_false() {
*/
public function send_emails( $post_or_order_object_id, $post_or_order_object ) {
$order = ( $post_or_order_object instanceof \WP_Post ) ? wc_get_order( $post_or_order_object->ID ) : $post_or_order_object;

// Check the nonce.
if ( empty( $_POST['woocommerce_meta_nonce'] ) || ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['woocommerce_meta_nonce'] ) ), 'woocommerce_save_data' ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
return;
}

if ( ! empty( $_POST['wpo_wcpdf_send_emails'] ) ) {
$action = wc_clean( $_POST['wpo_wcpdf_send_emails'] );
$action = sanitize_text_field( wp_unslash( $_POST['wpo_wcpdf_send_emails'] ) );
if ( ! empty( $action ) && strstr( $action, 'send_email_' ) ) {
$email_to_send = str_replace( 'send_email_', '', $action );
// Switch back to the site locale.
Expand Down Expand Up @@ -1143,27 +1170,30 @@ public function ajax_crud_document() {
) );
}

if ( ! $this->user_can_manage_document( sanitize_text_field( $_POST['document_type'] ) ) ) {
if ( ! $this->user_can_manage_document( sanitize_text_field( wp_unslash( $_POST['document_type'] ) ) ) ) {
wp_send_json_error( array(
'message' => esc_html__( 'No permissions!', 'woocommerce-pdf-invoices-packing-slips' ),
) );
}

$order_id = absint( $_POST['order_id'] );
$order = wc_get_order( $order_id );
$document_type = sanitize_text_field( $_POST['document_type'] );
$action_type = sanitize_text_field( $_POST['action_type'] );
$notice = sanitize_text_field( $_POST['wpcdf_document_data_notice'] );
$document_type = sanitize_text_field( wp_unslash( $_POST['document_type'] ) );
$action_type = sanitize_text_field( wp_unslash( $_POST['action_type'] ) );
$notice = isset( $_POST['wpcdf_document_data_notice'] ) ? sanitize_text_field( wp_unslash( $_POST['wpcdf_document_data_notice'] ) ) : 'saved';
$request_data = isset( $_POST['form_data'] ) ? sanitize_text_field( wp_unslash( $_POST['form_data'] ) ) : '';

// parse form data
parse_str( $_POST['form_data'], $form_data );
parse_str( $request_data, $form_data );

if ( is_array( $form_data ) ) {
foreach ( $form_data as $key => &$value ) {
if ( is_array( $value ) && !empty( $value[$order_id] ) ) {
$value = $value[$order_id];
}
}
}

$form_data = stripslashes_deep( $form_data );

// notice messages
Expand Down Expand Up @@ -1291,6 +1321,16 @@ public function debug_enabled_warning( $wp_admin_bar ) {
public function process_order_document_form_data( $form_data, $document_slug )
{
$data = array();

if (
check_ajax_referer( 'wpo_wcpdf_regenerate_document', 'security', false ) === false &&
check_ajax_referer( 'wpo_wcpdf_save_document', 'security', false ) === false &&
check_ajax_referer( 'wpo_wcpdf_delete_document', 'security', false ) === false &&
( empty( $_POST['woocommerce_meta_nonce'] ) ||
! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST['woocommerce_meta_nonce'] ) ), 'woocommerce_save_data' ) ) // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
) {
return $data;
}

if( isset( $form_data['_wcpdf_'.$document_slug.'_number'] ) ) {
$data['number'] = sanitize_text_field( $form_data['_wcpdf_'.$document_slug.'_number'] );
Expand Down
3 changes: 2 additions & 1 deletion includes/Assets.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,7 +213,8 @@ public function backend_scripts_styles ( $hook ) {
if ( 'debug' === $tab ) {
wp_enqueue_style(
'wpo-wcpdf-jquery-ui-styles',
'https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.2/themes/smoothness/jquery-ui.css'
WPO_WCPDF()->plugin_url() . '/assets/css/jquery-ui' . $suffix . '.css',
'1.14.0'
);

wp_enqueue_script( 'jquery-ui-datepicker' );
Expand Down
41 changes: 23 additions & 18 deletions includes/Documents/OrderDocument.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ public function init_settings() {

public function init_settings_data() {
// don't override/save settings on Preview requests
if ( isset( $_REQUEST['action'] ) && 'wpo_wcpdf_preview' === $_REQUEST['action'] && wp_verify_nonce( $_REQUEST['security'], 'wpo_wcpdf_preview' ) ) {
if ( isset( $_REQUEST['action'] ) && 'wpo_wcpdf_preview' === $_REQUEST['action'] && isset( $_REQUEST['security'] ) && wp_verify_nonce( sanitize_text_field( wp_unslash( $_REQUEST['security'] ) ), 'wpo_wcpdf_preview' ) ) {
return;
}

Expand Down Expand Up @@ -1547,7 +1547,12 @@ public function render_template( $file, $args = array() ) {
public function get_wc_emails() {
// only run this in the context of the settings page or setup wizard
// prevents WPML language mixups
if ( empty( $_GET['page'] ) || !in_array( $_GET['page'], array('wpo-wcpdf-setup','wpo_wcpdf_options_page') ) ) {

if ( ! empty( $_GET['page'] ) && 'wpo-wcpdf-setup' === $_GET['page'] && ( isset( $_GET['_wpnonce'] ) && ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_GET['_wpnonce'] ) ), 'wpo_wcpdf_setup' ) ) ) {
return array();
}

if ( ! in_array( $_GET['page'], array( 'wpo-wcpdf-setup', 'wpo_wcpdf_options_page' ) ) ) {
return array();
}

Expand Down Expand Up @@ -1728,9 +1733,9 @@ public function maybe_retire_number_store( $date, $store_base_name, $method ) {
$current_year_table_name = "{$default_table_name}_{$current_year}";

// first, remove last year if it already exists
$retired_exists = $wpdb->get_var( "SHOW TABLES LIKE '{$retired_table_name}'" ) == $retired_table_name;
if( $retired_exists ) {
$table_removed = $wpdb->query( "DROP TABLE IF EXISTS {$retired_table_name}" );
$retired_exists = $wpdb->get_var( "SHOW TABLES LIKE '" . esc_sql( $retired_table_name ) . "'" ) == $retired_table_name;
if ( $retired_exists ) {
$table_removed = $wpdb->query( "DROP TABLE IF EXISTS `" . esc_sql( $retired_table_name ) . "`" );

if( ! $table_removed ) {
wcpdf_log_error( sprintf( 'An error occurred while trying to remove the duplicate number store %s: %s', $retired_table_name, $wpdb->last_error ) );
Expand All @@ -1739,9 +1744,9 @@ public function maybe_retire_number_store( $date, $store_base_name, $method ) {
}

// rename current to last year
$default_exists = $wpdb->get_var( "SHOW TABLES LIKE '{$default_table_name}'" ) == $default_table_name;
if( $default_exists ) {
$table_renamed = $wpdb->query( "ALTER TABLE {$default_table_name} RENAME {$retired_table_name}" );
$default_exists = $wpdb->get_var( "SHOW TABLES LIKE '" . esc_sql( $default_table_name ) . "'" ) == $default_table_name;
if ( $default_exists ) {
$table_renamed = $wpdb->query( "ALTER TABLE `" . esc_sql( $default_table_name ) . "` RENAME `" . esc_sql( $retired_table_name ) . "`" );

if( ! $table_renamed ) {
wcpdf_log_error( sprintf( 'An error occurred while trying to rename the number store from %s to %s: %s', $default_table_name, $retired_table_name, $wpdb->last_error ) );
Expand All @@ -1750,17 +1755,17 @@ public function maybe_retire_number_store( $date, $store_base_name, $method ) {
}

// if the current year table name already exists (created earlier as a 'future' year), rename that to default
$current_year_exists = $wpdb->get_var( "SHOW TABLES LIKE '{$current_year_table_name}'" ) == $current_year_table_name;
if( $current_year_exists ) {
$table_renamed = $wpdb->query( "ALTER TABLE {$current_year_table_name} RENAME {$default_table_name}" );
$current_year_exists = $wpdb->get_var( "SHOW TABLES LIKE '" . esc_sql( $current_year_table_name ) . "'" ) == $current_year_table_name;
if ( $current_year_exists ) {
$table_renamed = $wpdb->query( "ALTER TABLE `" . esc_sql( $current_year_table_name ) . "` RENAME `" . esc_sql( $default_table_name ) . "`" );

if( ! $table_renamed ) {
wcpdf_log_error( sprintf( 'An error occurred while trying to rename the number store from %s to %s: %s', $current_year_table_name, $default_table_name, $wpdb->last_error ) );
return $requested_year;
}
}

if( $was_showing_errors ) {
if ( $was_showing_errors ) {
$wpdb->show_errors();
}

Expand All @@ -1786,25 +1791,25 @@ public function get_number_store_year( $table_name ) {
$current_year = intval( $next_year->date_i18n( 'Y' ) );
}

$table_exists = $wpdb->get_var( "SHOW TABLES LIKE '{$table_name}'") == $table_name;
if( $table_exists ) {
$table_exists = $wpdb->get_var( "SHOW TABLES LIKE '" . esc_sql( $table_name ) . "'" ) == $table_name;
if ( $table_exists ) {
// get year for the last row
$year = $wpdb->get_var( "SELECT YEAR(date) FROM {$table_name} ORDER BY id DESC LIMIT 1" );
$year = $wpdb->get_var( "SELECT YEAR(date) FROM `" . esc_sql( $table_name ) . "` ORDER BY id DESC LIMIT 1" );
// default to current year if no results
if( ! $year ) {
if ( ! $year ) {
$year = $current_year;
// if we don't get a result, this could either mean there's an error,
// OR that the first number simply has not been created yet (=no rows)
// we only log when there's an actual error
if( ! empty( $wpdb->last_error ) ) {
if ( ! empty( $wpdb->last_error ) ) {
wcpdf_log_error( sprintf( 'An error occurred while trying to get the current year from the %s table: %s', $table_name, $wpdb->last_error ) );
}
}
} else {
$year = $current_year;
}

if( $was_showing_errors ) {
if ( $was_showing_errors ) {
$wpdb->show_errors();
}

Expand Down
23 changes: 10 additions & 13 deletions includes/Documents/SequentialNumberStore.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ public function init() {
if ( $this->method == 'calculate' ) {
$column_exists = $this->wpdb->get_var( "SHOW COLUMNS FROM `" . esc_sql( $this->table_name ) . "` LIKE 'calculated_number'" );
if ( empty( $column_exists ) ) {
$this->wpdb->query("ALTER TABLE {$this->table_name} ADD calculated_number int (16)");
$this->wpdb->query( "ALTER TABLE `" . esc_sql( $this->table_name ) . "` ADD `calculated_number` INT(16)" );
}
}
return; // no further business
Expand Down Expand Up @@ -128,10 +128,11 @@ public function get_next() {
$this->wpdb->query( "SET SESSION information_schema_stats_expiry = 0" );
}
// get next auto_increment value
$table_status = $this->wpdb->get_row("SHOW TABLE STATUS LIKE '{$this->table_name}'");
$table_status = $this->wpdb->get_row( "SHOW TABLE STATUS LIKE '" . esc_sql( $this->table_name ) . "'" );
$next = $table_status->Auto_increment;
} elseif ( $this->method == 'calculate' ) {
$last_row = $this->wpdb->get_row( "SELECT * FROM {$this->table_name} WHERE id = ( SELECT MAX(id) from {$this->table_name} )" );
$last_row = $this->wpdb->get_row( "SELECT * FROM `" . esc_sql( $this->table_name ) . "` WHERE id = ( SELECT MAX(id) FROM `" . esc_sql( $this->table_name ) . "` )" );

if ( empty( $last_row ) ) {
$next = 1;
} elseif ( ! empty( $last_row->calculated_number ) ) {
Expand All @@ -151,14 +152,14 @@ public function set_next( $number = 1 ) {
$wpdb = $this->wpdb;

// delete all rows
$delete = $wpdb->query( "TRUNCATE TABLE {$table_name}" );
$delete = $wpdb->query( "TRUNCATE TABLE `" . esc_sql( $table_name ) . "`" );

// set auto_increment
if ( $number > 1 ) {
// if AUTO_INCREMENT is not 1, we need to make sure we have a 'highest value' in case of server restarts
// https://serverfault.com/questions/228690/mysql-auto-increment-fields-resets-by-itself
$highest_number = (int) $number - 1;
$wpdb->query( $wpdb->prepare( "ALTER TABLE {$table_name} AUTO_INCREMENT=%d;", $highest_number ) );
$wpdb->query( $wpdb->prepare( "ALTER TABLE `" . esc_sql( $table_name ) . "` AUTO_INCREMENT=%d;", $highest_number ) );
$data = array(
'order_id' => 0,
'date' => get_date_from_gmt( gmdate( 'Y-m-d H:i:s' ) ),
Expand All @@ -172,27 +173,23 @@ public function set_next( $number = 1 ) {
$wpdb->insert( $table_name, $data );
} else {
// simple scenario, no need to insert any rows
$wpdb->query( $wpdb->prepare( "ALTER TABLE {$table_name} AUTO_INCREMENT=%d;", $number ) );
$wpdb->query( $wpdb->prepare( "ALTER TABLE `" . esc_sql( $table_name ) . "` AUTO_INCREMENT=%d;", $number ) );
}
}

public function get_last_date( $format = 'Y-m-d H:i:s' ) {
$row = $this->wpdb->get_row( "SELECT * FROM {$this->table_name} WHERE id = ( SELECT MAX(id) from {$this->table_name} )" );
$row = $this->wpdb->get_row( "SELECT * FROM `" . esc_sql( $this->table_name ) . "` WHERE id = ( SELECT MAX(id) FROM `" . esc_sql( $this->table_name ) . "` )" );
$date = isset( $row->date ) ? $row->date : 'now';

return gmdate( $format, strtotime( $date ) );
}

/**
* Check if the number store table exists
* @return bool
*/
public function store_name_exists() {
// check if table exists
if ( $this->wpdb->get_var("SHOW TABLES LIKE '{$this->table_name}'") == $this->table_name ) {
return true;
} else {
return false;
}
return $this->wpdb->get_var( "SHOW TABLES LIKE '" . esc_sql( $this->table_name ) . "'" ) === $this->table_name;
}

}
Expand Down
Loading

0 comments on commit d74d02d

Please sign in to comment.