Merge pull request #36 from wuunder/development

sanitize function, remove curl functions, marketplace feedback
wuunder · Oct 30, 2019 · e20d508 · e20d508
2 parents cba4043 + 89527c3
commit e20d508
Show file tree

Hide file tree

Showing 7 changed files with 35 additions and 454 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,14 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/).
 
 ## Released 
 
+## [2.7.8](https://github.com/kabisa/wuunder-webshopplugin-woocommerce/tag/2.7.8) - 2019-10-30
+
+### Added
+-   Support sanitize functions
+
+### Fixed
+-   Removed curl functions and use WP functions for getting filesize of images 
+
 ## [2.7.7](https://github.com/kabisa/wuunder-webshopplugin-woocommerce/tag/2.7.7) - 2019-10-11
 
 ### Added

diff --git a/includes/checkout.php b/includes/checkout.php
@@ -189,12 +189,12 @@ function wcwp_update_parcelshop_id($order_id)
 add_action('woocommerce_checkout_process', 'wcwp_check_parcelshop_selection');
 function wcwp_check_parcelshop_selection()
 {
-    if ('wuunder_parcelshop' === $_POST['shipping_method'][0]) {
+    if ('wuunder_parcelshop' === sanitize_text_field($_POST['shipping_method'][0])) {
         if (!$_POST['parcelshop_id']) {
             wc_add_notice(__('Kies eerst een <strong>parcelshop</strong>'), 'error');
         }
 
-        if ($_POST['shipping_country'] != $_POST['parcelshop_country']) {
+        if (!isset($_POST['shipping_country']) || $_POST['shipping_country'] != $_POST['parcelshop_country']) {
             wc_add_notice(__('Het <strong>land van de verzendgegevens</strong> moet overeenkomen met het <strong>land van de parcelshop</strong> '), 'error');
         }
     }

diff --git a/includes/parcelshop.php b/includes/parcelshop.php
@@ -7,7 +7,7 @@ function wcwp_parcelShopLocator()
     $apiKey = ( 'productie' == $status ? get_option( 'wc_wuunder_api' ) : get_option( 'wc_wuunder_test_api' ) );
 
     if( ! empty( $_POST['address'] ) ) {
-        $shipping_address = $_POST['address'];
+        $shipping_address = sanitize_text_field($_POST['address']);
     } else {
         $shipping_address =  '';
         $shipping_address .= ( ! empty(WC()->customer->get_shipping_address() )  ? WC()->customer->get_shipping_address()  . ' ' : '' );
@@ -43,7 +43,7 @@ function wcwp_getAddress() {
     $shipping_address = null;
 
     if(!empty($_POST['address'])) {
-        $shipping_address = $_POST['address'];
+        $shipping_address = sanitize_text_field($_POST['address']);
     } else {
 
         $shipping_address .= (!empty(WC()->customer->get_shipping_address())  ? WC()->customer->get_shipping_address()  . " " : "");
@@ -58,7 +58,6 @@ function wcwp_getAddress() {
 
 function wcwp_getParcelshopAddress() {
     $shipping_address = null;
-
     if(empty($_POST['parcelshop_id'])) {
         echo null;
     } else {
@@ -70,7 +69,7 @@ function wcwp_getParcelshopAddress() {
         $parcelshopRequest = $connector->getParcelshopById();
         $parcelshopConfig = new \Wuunder\Api\Config\ParcelshopConfig();
 
-        $parcelshopConfig->setId($_POST['parcelshop_id']);
+        $parcelshopConfig->setId(sanitize_text_field($_POST['parcelshop_id']));
 
         if ($parcelshopConfig->validate()) {
             $parcelshopRequest->setConfig($parcelshopConfig);

diff --git a/includes/wcwuunder-create.php b/includes/wcwuunder-create.php
@@ -12,7 +12,7 @@ public function __construct() {
             $this->version_obj = array(
                 'product'   => 'Woocommerce extension',
                 'version'   => array(
-                    'build'     => '2.7.7 ',
+                    'build'     => '2.7.8 ',
                     'plugin'    => '2.0' ),
                 'platform'  => array(
                     'name'      => 'Woocommerce',
@@ -33,8 +33,8 @@ public function wcwp_sample_admin_notice__error() {
             if ( 'error' == isset( $_GET['notice'] ) && $_GET['notice'] ) {
 
                 $class = 'notice notice-error';
-                $message = __( '<b>Het aanmaken van het label voor #' . $_GET['id'] . ' is mislukt</b>', 'woocommerce-wuunder' );
-                $errors = $_GET['error_melding'];
+                $message = __( '<b>Het aanmaken van het label voor #' . sanitize_text_field($_GET['id']) . ' is mislukt</b>', 'woocommerce-wuunder' );
+                $errors = sanitize_text_field($_GET['error_melding']);
                 $message .= '<ul style="margin:0 0 0 20px; padding:0; list-style:inherit;">';
                 foreach ( $errors as $error ) {
                     $message .= '<li>' . $error . '</li>';
@@ -46,7 +46,7 @@ public function wcwp_sample_admin_notice__error() {
             } elseif ( 'success' == isset( $_GET['notice'] ) && $_GET['notice'] ) {
 
                 $class = 'notice notice-success';
-                $message = __( 'Het verzendlabel voor #' . $_GET['id'] . ' is aangemaakt', 'woocommerce-wuunder' );
+                $message = __( 'Het verzendlabel voor #' . sanitize_text_field($_GET['id']) . ' is aangemaakt', 'woocommerce-wuunder' );
                 printf( '<div class="%1$s"><p>%2$s</p></div>', $class, $message );
 
             }
@@ -153,9 +153,9 @@ private function wcwp_setBookingConfig($orderId ) {
          * Returns the user to the original order page with the redirect.
          */
         public function wcwp_generateBookingUrl() {
-            if (isset($_REQUEST['order']) && $_REQUEST['action'] === "bookorder") {
+            if (isset($_REQUEST['order']) && sanitize_text_field($_REQUEST['action']) === "bookorder") {
                 wcwp_log( 'info', 'Generating the booking url' );
-                $order_id = $_REQUEST['order'];
+                $order_id = sanitize_text_field($_REQUEST['order']);
 
                 $status = get_option( 'wc_wuunder_api_status' );
                 $apiKey = ( 'productie' == $status ? get_option( 'wc_wuunder_api' ) : get_option( 'wc_wuunder_test_api' ) );
@@ -379,31 +379,11 @@ function wcwp_curl_get_file_size($url ) {
             // Assume failure.
             $result = -1;
 
-            $curl = curl_init( $url );
-
-            // Issue a HEAD request and follow any redirects.
-            curl_setopt( $curl, CURLOPT_NOBODY, true );
-            curl_setopt( $curl, CURLOPT_HEADER, true );
-            curl_setopt( $curl, CURLOPT_RETURNTRANSFER, true );
-            curl_setopt( $curl, CURLOPT_FOLLOWLOCATION, true );
-//            curl_setopt( $curl, CURLOPT_USERAGENT, get_user_agent_string() );
-            curl_setopt( $curl, CURLOPT_TIMEOUT_MS, 1000 );
-
-            $data = curl_exec( $curl );
-            curl_close( $curl );
-
-            if ( $data ) {
-                $content_length = 'unknown';
-                $status = 'unknown';
-
-                if ( preg_match( '/^HTTP\/1\.[01] (\d\d\d)/', $data, $matches ) ) {
-                    $status = (int) $matches[1];
-                }
-
-                if ( preg_match( '/Content-Length: (\d+)/', $data, $matches ) ) {
-                    $content_length = (int) $matches[1];
-                }
+            $response = wp_remote_get( $url );
+            $content_length = intval(wp_remote_retrieve_header( $response, 'content-length' ));
+            $status = intval(wp_remote_retrieve_response_code( $response));
 
+            if ( $response ) {
                 // http://en.wikipedia.org/wiki/List_of_HTTP_status_codes
                 if ( 200 == $status || ( $status > 300 && $status <= 308 ) ) {
                     $result = $content_length;