Changeset 1199120
- Timestamp:
- 07/15/2015 02:59:01 AM (10 years ago)
- Location:
- usc-e-shop/trunk
- Files:
-
- 13 edited
-
classes/dataList.class.php (modified) (4 diffs)
-
classes/itemList.class.php (modified) (5 diffs)
-
classes/orderList.class.php (modified) (11 diffs)
-
classes/usceshop.class.php (modified) (3 diffs)
-
includes/edit-form-advanced.php (modified) (1 diff)
-
includes/edit-form-advanced30.php (modified) (2 diffs)
-
includes/edit-form-advanced34.php (modified) (2 diffs)
-
includes/member_edit_form.php (modified) (1 diff)
-
includes/order_edit_form.php (modified) (2 diffs)
-
includes/order_list.php (modified) (1 diff)
-
includes/purchase_button.php (modified) (2 diffs)
-
includes/usces_item_master_list.php (modified) (3 diffs)
-
usc-e-shop.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
usc-e-shop/trunk/classes/dataList.class.php
r1155963 r1199120 218 218 219 219 $this->action = 'changePage'; 220 $this->currentPage = $_REQUEST['changePage'];220 $this->currentPage = (int)$_REQUEST['changePage']; 221 221 222 222 $this->sortColumn = $_SESSION[$this->table]['sortColumn']; … … 237 237 $this->action = 'changeSort'; 238 238 $this->sortOldColumn = $this->sortColumn; 239 $this->sortColumn = $_REQUEST['changeSort']; 239 $this->sortColumn = str_replace('(', '', $_REQUEST['changeSort']); 240 $this->sortColumn = str_replace(',', '', $this->sortColumn); 240 241 $this->sortSwitchs = $_SESSION[$this->table]['sortSwitchs']; 241 242 $this->sortSwitchs[$this->sortColumn] = $_REQUEST['switch']; … … 256 257 257 258 $this->action = 'searchIn'; 258 $this->arr_search['column'] = $_REQUEST['search']['column'];259 $this->arr_search['column'] = str_replace(',', '', $_REQUEST['search']['column']); 259 260 $this->arr_search['word'] = $_REQUEST['search']['word']; 260 261 $this->arr_search['period'] = isset($_REQUEST['search']['period']) ? intval($_REQUEST['search']['period']) : 0; 261 $this->searchSwitchStatus = $_REQUEST['searchSwitchStatus'];262 $this->searchSwitchStatus = str_replace(',', '', $_REQUEST['searchSwitchStatus']); 262 263 263 264 $this->currentPage = 1; … … 278 279 $this->arr_search['word'] = ''; 279 280 $this->arr_search['period'] = $_SESSION[$this->table]['arr_search']['period']; 280 $this->searchSwitchStatus = $_REQUEST['searchSwitchStatus'];281 $this->searchSwitchStatus = str_replace(',', '', $_REQUEST['searchSwitchStatus']); 281 282 282 283 $this->currentPage = 1; -
usc-e-shop/trunk/classes/itemList.class.php
r1155963 r1199120 161 161 162 162 $this->action = 'changePage'; 163 $this->currentPage = $_REQUEST['changePage'];163 $this->currentPage = (int)$_REQUEST['changePage']; 164 164 165 165 $this->sortColumn = $_SESSION[$this->table]['sortColumn']; … … 176 176 $this->action = 'changeSort'; 177 177 $this->sortOldColumn = $this->sortColumn; 178 $this->sortColumn = $_REQUEST['changeSort']; 178 $this->sortColumn = str_replace('(', '', $_REQUEST['changeSort']); 179 $this->sortColumn = str_replace(',', '', $this->sortColumn); 179 180 $this->sortSwitchs = $_SESSION[$this->table]['sortSwitchs']; 180 $this->sortSwitchs[$this->sortColumn] = $_REQUEST['switch']; 181 $this->sortSwitchs[$this->sortColumn] = str_replace('(', '', $_REQUEST['switch']); 182 $this->sortSwitchs[$this->sortColumn] = str_replace(',', '', $this->sortSwitchs[$this->sortColumn]); 181 183 182 184 $this->currentPage = $_SESSION[$this->table]['currentPage']; … … 191 193 192 194 $this->action = 'searchIn'; 193 $this->arr_search['column'] = isset($_REQUEST['search']['column']) ? $_REQUEST['search']['column']: '';195 $this->arr_search['column'] = isset($_REQUEST['search']['column']) ? str_replace(',', '', $_REQUEST['search']['column']) : ''; 194 196 $this->arr_search['word'] = isset($_REQUEST['search']['word']) ? $_REQUEST['search']['word'] : ''; 195 197 $this->arr_search['period'] = isset($_REQUEST['search']['period']) ? (int)$_REQUEST['search']['period'] : ''; … … 208 210 $this->arr_search['word'] = ''; 209 211 $this->arr_search['period'] = $_SESSION[$this->table]['arr_search']['period']; 210 $this->searchSwitchStatus = isset($_REQUEST['searchSwitchStatus']) ? $_REQUEST['searchSwitchStatus']: '';212 $this->searchSwitchStatus = isset($_REQUEST['searchSwitchStatus']) ? str_replace(',', '', $_REQUEST['searchSwitchStatus']) : ''; 211 213 212 214 $this->currentPage = 1; … … 233 235 }else if(isset($_REQUEST['collective'])){ 234 236 235 $this->action = 'collective_' . $_POST['allchange']['column'];237 $this->action = 'collective_' . str_replace(',', '', $_POST['allchange']['column']); 236 238 $this->currentPage = $_SESSION[$this->table]['currentPage']; 237 239 $this->sortColumn = $_SESSION[$this->table]['sortColumn']; -
usc-e-shop/trunk/classes/orderList.class.php
r1155963 r1199120 72 72 function SetSelects() 73 73 { 74 global $wpdb; 75 74 76 $status_sql = ''; 75 77 foreach( $this->management_status as $status_key => $status_name ) { 76 $status_sql .= " WHEN LOCATE('".$status_key."', order_status) > 0 THEN '".$status_name."'";78 $status_sql .= $wpdb->prepare(" WHEN LOCATE(%s, order_status) > 0 THEN %s", $status_key, $status_name ); 77 79 } 78 80 … … 214 216 215 217 $this->action = 'changePage'; 216 $this->currentPage = $_REQUEST['changePage'];218 $this->currentPage = (int)$_REQUEST['changePage']; 217 219 $this->sortColumn = $_SESSION[$this->table]['sortColumn']; 218 220 $this->sortSwitchs = $_SESSION[$this->table]['sortSwitchs']; … … 229 231 $this->action = 'changeSort'; 230 232 $this->sortOldColumn = $this->sortColumn; 231 $this->sortColumn = $_REQUEST['changeSort']; 233 $this->sortColumn = str_replace('(', '', $_REQUEST['changeSort']); 234 $this->sortColumn = str_replace(',', '', $this->sortColumn); 232 235 $this->sortSwitchs = $_SESSION[$this->table]['sortSwitchs']; 233 $this->sortSwitchs[$this->sortColumn] = $_REQUEST['switch']; 236 $this->sortSwitchs[$this->sortColumn] = str_replace('(', '', $_REQUEST['switch']); 237 $this->sortSwitchs[$this->sortColumn] = str_replace(',', '', $this->sortSwitchs[$this->sortColumn]); 234 238 $this->currentPage = $_SESSION[$this->table]['currentPage']; 235 239 $this->userHeaderNames = $_SESSION[$this->table]['userHeaderNames']; … … 244 248 245 249 $this->action = 'searchIn'; 246 $this->arr_search['column'] = isset($_REQUEST['search']['column']) ? $_REQUEST['search']['column']: '';250 $this->arr_search['column'] = isset($_REQUEST['search']['column']) ? str_replace(',', '', $_REQUEST['search']['column']) : ''; 247 251 $this->arr_search['sku'] = isset($_REQUEST['search']['sku']) ? $_REQUEST['search']['sku'] : ''; 248 252 $this->arr_search['word'] = isset($_REQUEST['search']['word']) ? $_REQUEST['search']['word'] : ''; … … 264 268 $this->arr_search['skuword'] = ''; 265 269 $this->arr_search['period'] = $_SESSION[$this->table]['arr_search']['period']; 266 $this->searchSwitchStatus = isset($_REQUEST['searchSwitchStatus']) ? $_REQUEST['searchSwitchStatus']: '';270 $this->searchSwitchStatus = isset($_REQUEST['searchSwitchStatus']) ? str_replace(',', '', $_REQUEST['searchSwitchStatus']) : ''; 267 271 $this->currentPage = 1; 268 272 $this->sortColumn = $_SESSION[$this->table]['sortColumn']; … … 287 291 }else if(isset($_REQUEST['collective'])){ 288 292 289 $this->action = 'collective_' . $_POST['allchange']['column'];293 $this->action = 'collective_' . str_replace(',', '', $_POST['allchange']['column']); 290 294 $this->currentPage = $_SESSION[$this->table]['currentPage']; 291 295 $this->sortColumn = $_SESSION[$this->table]['sortColumn']; … … 310 314 global $wpdb; 311 315 $where = $this->GetWhere(); 312 $order = ' ORDER BY `' . $this->sortColumn . '` ' . $this->sortSwitchs[$this->sortColumn];316 $order = ' ORDER BY `' . esc_sql($this->sortColumn) . '` ' . esc_sql($this->sortSwitchs[$this->sortColumn]); 313 317 $order = apply_filters( 'usces_filter_order_list_get_orderby', $order, $this ); 314 318 … … 351 355 function GetWhere() 352 356 { 357 global $wpdb; 353 358 $str = ''; 354 359 $where = ""; … … 360 365 switch ( $this->arr_search['period'] ) { 361 366 case 0: 362 $where = " WHERE order_date >= '{$thismonth}' ";367 $where = $wpdb->prepare(" WHERE order_date >= %s ", $thismonth ); 363 368 break; 364 369 case 1: 365 $where = " WHERE order_date >= '{$lastmonth}' AND order_date < '{$thismonth}' ";370 $where = $wpdb->prepare(" WHERE order_date >= %s AND order_date < %s ", $lastmonth, $thismonth ); 366 371 break; 367 372 case 2: 368 $where = " WHERE order_date >= '{$lastweek}' ";373 $where = $wpdb->prepare(" WHERE order_date >= %s ", $thismonth ); 369 374 break; 370 375 case 3: 371 $where = " WHERE order_date >= '{$last30}' ";376 $where = $wpdb->prepare(" WHERE order_date >= %s ", $thismonth ); 372 377 break; 373 378 case 4: 374 $where = " WHERE order_date >= '{$last90}' ";379 $where = $wpdb->prepare(" WHERE order_date >= %s ", $thismonth ); 375 380 break; 376 381 case 5: … … 409 414 case 'ID': 410 415 $column = 'ID'; 411 $this->searchSql = $column. ' = ' . (int)$this->arr_search['word']['ID'];416 $this->searchSql = esc_sql($column) . ' = ' . (int)$this->arr_search['word']['ID']; 412 417 break; 413 418 case 'deco_id': 414 419 $column = 'deco_id'; 415 $this->searchSql = $column. ' LIKE '."'%" . esc_sql($this->arr_search['word']['deco_id']) . "%'";420 $this->searchSql = esc_sql($column) . ' LIKE '."'%" . esc_sql($this->arr_search['word']['deco_id']) . "%'"; 416 421 break; 417 422 case 'date': 418 423 $column = 'date'; 419 $this->searchSql = $column. ' LIKE '."'%" . esc_sql($this->arr_search['word']['date']) . "%'";424 $this->searchSql = esc_sql($column) . ' LIKE '."'%" . esc_sql($this->arr_search['word']['date']) . "%'"; 420 425 break; 421 426 case 'mem_id': 422 427 $column = 'mem_id'; 423 $this->searchSql = $column. ' = ' . (int)$this->arr_search['word']['mem_id'];428 $this->searchSql = esc_sql($column) . ' = ' . (int)$this->arr_search['word']['mem_id']; 424 429 break; 425 430 case 'name': 426 431 $column = 'name'; 427 $this->searchSql = $column. ' LIKE '."'%" . esc_sql($this->arr_search['word']['name']) . "%'";432 $this->searchSql = esc_sql($column) . ' LIKE '."'%" . esc_sql($this->arr_search['word']['name']) . "%'"; 428 433 break; 429 434 case 'order_modified': 430 435 $column = 'order_modified'; 431 $this->searchSql = $column. ' LIKE '."'%" . esc_sql($this->arr_search['word']['order_modified']) . "%'";436 $this->searchSql = esc_sql($column) . ' LIKE '."'%" . esc_sql($this->arr_search['word']['order_modified']) . "%'"; 432 437 break; 433 438 case 'pref': 434 439 $column = 'pref'; 435 $this->searchSql = $column. " = '" . esc_sql($this->arr_search['word']['pref']) . "'";440 $this->searchSql = esc_sql($column) . " = '" . esc_sql($this->arr_search['word']['pref']) . "'"; 436 441 break; 437 442 case 'delivery_method': 438 443 $column = 'delivery_method'; 439 $this->searchSql = $column. " = '" . esc_sql($this->arr_search['word']['delivery_method']) . "'";444 $this->searchSql = esc_sql($column) . " = '" . esc_sql($this->arr_search['word']['delivery_method']) . "'"; 440 445 break; 441 446 case 'payment_name': 442 447 $column = 'payment_name'; 443 $this->searchSql = $column. " = '" . esc_sql($this->arr_search['word']['payment_name']) . "'";448 $this->searchSql = esc_sql($column) . " = '" . esc_sql($this->arr_search['word']['payment_name']) . "'"; 444 449 break; 445 450 case 'receipt_status': 446 451 $column = 'receipt_status'; 447 $this->searchSql = $column. " = '" . esc_sql($this->arr_search['word']['receipt_status']) . "'";452 $this->searchSql = esc_sql($column) . " = '" . esc_sql($this->arr_search['word']['receipt_status']) . "'"; 448 453 break; 449 454 case 'order_status': 450 455 $column = 'order_status'; 451 $this->searchSql = $column. " = '" . esc_sql($this->arr_search['word']['order_status']) . "'";456 $this->searchSql = esc_sql($column) . " = '" . esc_sql($this->arr_search['word']['order_status']) . "'"; 452 457 break; 453 458 } … … 455 460 case 'item_code': 456 461 $column = 'item_code'; 457 $this->searchSkuSql = $column. ' LIKE '."'%" . esc_sql($this->arr_search['skuword']['item_code']) . "%'";462 $this->searchSkuSql = esc_sql($column) . ' LIKE '."'%" . esc_sql($this->arr_search['skuword']['item_code']) . "%'"; 458 463 break; 459 464 case 'item_name': 460 465 $column = 'item_name'; 461 $this->searchSkuSql = $column. ' LIKE '."'%" . esc_sql($this->arr_search['skuword']['item_name']) . "%'";466 $this->searchSkuSql = esc_sql($column) . ' LIKE '."'%" . esc_sql($this->arr_search['skuword']['item_name']) . "%'"; 462 467 break; 463 468 } -
usc-e-shop/trunk/classes/usceshop.class.php
r1199108 r1199120 576 576 $res = usces_update_orderdata(); 577 577 if ( 1 === $res ) { 578 $this->set_action_status('success', __('order date is updated','usces').' <a href="'. stripslashes( $_POST['usces_referer']).'">'.__('back to the summary','usces').'</a>');578 $this->set_action_status('success', __('order date is updated','usces').' <a href="'.esc_url(stripslashes( $_POST['usces_referer'] )).'">'.__('back to the summary','usces').'</a>'); 579 579 } elseif ( 0 === $res ) { 580 580 $this->set_action_status('none', ''); … … 2728 2728 $post_id = (int)$_GET['post']; 2729 2729 $new_id = usces_item_dupricate($post_id); 2730 $ref = isset($_REQUEST['usces_referer']) ? urlencode( $_REQUEST['usces_referer']) : '';2730 $ref = isset($_REQUEST['usces_referer']) ? urlencode(esc_url($_REQUEST['usces_referer'])) : ''; 2731 2731 $url = USCES_ADMIN_URL . '?page=usces_itemedit&action=edit&post=' . $new_id . '&usces_referer=' . $ref; 2732 2732 wp_redirect($url); … … 4757 4757 if( false === strpos($_POST['usces_referer'], 'http') ){ 4758 4758 $parse_url = parse_url(get_home_url()); 4759 header('location: ' . $parse_url['scheme'] . '://' . $parse_url['host'] . $_POST['usces_referer']. '#cart_button');4759 header('location: ' . $parse_url['scheme'] . '://' . $parse_url['host'] . esc_url($_POST['usces_referer']) . '#cart_button'); 4760 4760 }else{ 4761 header('location: ' . $_POST['usces_referer']. '#cart_button');4761 header('location: ' . esc_url($_POST['usces_referer']) . '#cart_button'); 4762 4762 } 4763 4763 exit; -
usc-e-shop/trunk/includes/edit-form-advanced.php
r1080215 r1199120 662 662 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo $post->post_status; ?>" /> 663 663 <input name="referredby" type="hidden" id="referredby" value="<?php echo clean_url(stripslashes(wp_get_referer())); ?>" /> 664 <input name="usces_referer" type="hidden" id="usces_referer" value="<?php if(isset($_REQUEST['usces_referer'])) echo $_REQUEST['usces_referer']; ?>" />664 <input name="usces_referer" type="hidden" id="usces_referer" value="<?php if(isset($_REQUEST['usces_referer'])) echo esc_url($_REQUEST['usces_referer']); ?>" /> 665 665 <?php if ( 'draft' != $post->post_status ) wp_original_referer_field(true, 'previous'); ?> 666 666 667 667 <?php echo $form_extra ?> 668 <div id="refbutton"><a href="<?php echo USCES_ADMIN_URL . '?page=usces_itemedit&action=duplicate&post='.$post->ID.'&usces_referer='.urlencode( $_REQUEST['usces_referer']); ?>">[<?php _e('make a copy', 'usces'); ?>]</a> <a href="<?php if(isset($_REQUEST['usces_referer'])) echo $_REQUEST['usces_referer']; ?>">[<?php _e('back to item list', 'usces'); ?>]</a></div>668 <div id="refbutton"><a href="<?php echo USCES_ADMIN_URL . '?page=usces_itemedit&action=duplicate&post='.$post->ID.'&usces_referer='.urlencode(esc_url($_REQUEST['usces_referer'])); ?>">[<?php _e('make a copy', 'usces'); ?>]</a> <a href="<?php if(isset($_REQUEST['usces_referer'])) echo esc_url($_REQUEST['usces_referer']); ?>">[<?php _e('back to item list', 'usces'); ?>]</a></div> 669 669 <div id="poststuff" class="metabox-holder has-right-sidebar"> 670 670 -
usc-e-shop/trunk/includes/edit-form-advanced30.php
r866657 r1199120 311 311 <input type="hidden" name="post_mime_type" value="item" /> 312 312 <input type="hidden" name="page" value="usces_itemedit" /> 313 <input name="usces_referer" type="hidden" id="usces_referer" value="<?php if(isset($_REQUEST['usces_referer'])) echo $_REQUEST['usces_referer']; ?>" />313 <input name="usces_referer" type="hidden" id="usces_referer" value="<?php if(isset($_REQUEST['usces_referer'])) echo esc_url($_REQUEST['usces_referer']); ?>" /> 314 314 315 315 <?php … … 324 324 ?> 325 325 326 <div id="refbutton"><a href="<?php echo USCES_ADMIN_URL . '?page=usces_itemedit&action=duplicate&post='.$post->ID.'&usces_referer='.(isset($_REQUEST['usces_referer']) ? urlencode( $_REQUEST['usces_referer']) : ''); ?>">[<?php _e('make a copy', 'usces'); ?>]</a> <a href="<?php if(isset($_REQUEST['usces_referer'])) echo $_REQUEST['usces_referer']; ?>">[<?php _e('back to item list', 'usces'); ?>]</a></div>326 <div id="refbutton"><a href="<?php echo USCES_ADMIN_URL . '?page=usces_itemedit&action=duplicate&post='.$post->ID.'&usces_referer='.(isset($_REQUEST['usces_referer']) ? urlencode(esc_url($_REQUEST['usces_referer'])) : ''); ?>">[<?php _e('make a copy', 'usces'); ?>]</a> <a href="<?php if(isset($_REQUEST['usces_referer'])) echo esc_url($_REQUEST['usces_referer']); ?>">[<?php _e('back to item list', 'usces'); ?>]</a></div> 327 327 <div id="poststuff" class="metabox-holder has-right-sidebar"> 328 328 <div id="side-info-column" class="inner-sidebar"> -
usc-e-shop/trunk/includes/edit-form-advanced34.php
r866657 r1199120 257 257 <input type="hidden" name="post_mime_type" value="item" /> 258 258 <input type="hidden" name="page" value="usces_itemedit" /> 259 <input name="usces_referer" type="hidden" id="usces_referer" value="<?php if(isset($_REQUEST['usces_referer'])) echo $_REQUEST['usces_referer']; ?>" />259 <input name="usces_referer" type="hidden" id="usces_referer" value="<?php if(isset($_REQUEST['usces_referer'])) echo esc_url($_REQUEST['usces_referer']); ?>" /> 260 260 261 261 <?php … … 270 270 ?> 271 271 272 <div id="refbutton"><a href="<?php echo USCES_ADMIN_URL . '?page=usces_itemedit&action=duplicate&post='.$post->ID.'&usces_referer='.(isset($_REQUEST['usces_referer']) ? urlencode( $_REQUEST['usces_referer']) : ''); ?>">[<?php _e('make a copy', 'usces'); ?>]</a> <a href="<?php if(isset($_REQUEST['usces_referer'])) echo $_REQUEST['usces_referer']; ?>">[<?php _e('back to item list', 'usces'); ?>]</a></div>272 <div id="refbutton"><a href="<?php echo USCES_ADMIN_URL . '?page=usces_itemedit&action=duplicate&post='.$post->ID.'&usces_referer='.(isset($_REQUEST['usces_referer']) ? urlencode(esc_url($_REQUEST['usces_referer'])) : ''); ?>">[<?php _e('make a copy', 'usces'); ?>]</a> <a href="<?php if(isset($_REQUEST['usces_referer'])) echo esc_url($_REQUEST['usces_referer']); ?>">[<?php _e('back to item list', 'usces'); ?>]</a></div> 273 273 <!--<div id="poststuff" class="metabox-holder has-right-sidebar">--> 274 274 <div id="poststuff"> -
usc-e-shop/trunk/includes/member_edit_form.php
r1032350 r1199120 274 274 <tr> 275 275 <td><?php echo $umhs['date']; ?></td> 276 <td><a href="<?php echo USCES_ADMIN_URL; ?>?page=usces_orderlist&order_action=edit&order_id=<?php echo $order_id; ?>&usces_referer=<?php echo $curent_url; ?>"><?php echo usces_get_deco_order_id( $order_id ); ?></a></td>276 <td><a href="<?php echo USCES_ADMIN_URL; ?>?page=usces_orderlist&order_action=edit&order_id=<?php echo $order_id; ?>&usces_referer=<?php echo esc_url($curent_url); ?>"><?php echo usces_get_deco_order_id( $order_id ); ?></a></td> 277 277 <td class="rightnum"><?php usces_crform( $this->get_total_price($cart)-$umhs['usedpoint']+$umhs['discount']+$umhs['shipping_charge']+$umhs['cod_fee']+$umhs['tax'], true, false ); ?></td> 278 278 <td class="rightnum"><?php echo number_format($umhs['usedpoint']); ?></td> -
usc-e-shop/trunk/includes/order_edit_form.php
r1120284 r1199120 877 877 </div> 878 878 <div class="mailVisiLink"> 879 <a style="cursor:pointer;" id="mailVisiLink" onclick="toggleVisibility('mailBox');"><?php _e('show the mail/print field', 'usces'); ?></a><br /><a href="<?php if(isset($_REQUEST['usces_referer'])) echo $_REQUEST['usces_referer']; ?>"><?php _e('Back', 'usces'); ?></a>879 <a style="cursor:pointer;" id="mailVisiLink" onclick="toggleVisibility('mailBox');"><?php _e('show the mail/print field', 'usces'); ?></a><br /><a href="<?php if(isset($_REQUEST['usces_referer'])) echo esc_url($_REQUEST['usces_referer']); ?>"><?php _e('Back', 'usces'); ?></a> 880 880 </div> 881 881 <div class="ordernavi"><input name="upButton" class="upButton" type="submit" value="<?php _e('change decision', 'usces'); ?>" /><?php _e("When you change amount, please click 'Edit' before you finish your process.", 'usces'); ?></div> … … 1236 1236 </fieldset> 1237 1237 </div> 1238 <input name="usces_referer" type="hidden" id="usces_referer" value="<?php if(isset($_REQUEST['usces_referer'])) echo $_REQUEST['usces_referer']; ?>" />1238 <input name="usces_referer" type="hidden" id="usces_referer" value="<?php if(isset($_REQUEST['usces_referer'])) echo esc_url($_REQUEST['usces_referer']); ?>" /> 1239 1239 <?php wp_nonce_field( 'order_edit', 'wc_nonce' ); ?> 1240 1240 </form> -
usc-e-shop/trunk/includes/order_list.php
r1176613 r1199120 664 664 if( WCUtils::is_blank($value) ) $value = ' '; 665 665 if( $key === 'ID' || $key === 'deco_id' ) { 666 $list_detail .= '<td><a href="'.USCES_ADMIN_URL.'?page=usces_orderlist&order_action=edit&order_id='.$array['ID'].'&usces_referer='. $curent_url.'&wc_nonce='.wp_create_nonce( 'order_list' ).'">'.esc_html($value).'</a></td>';666 $list_detail .= '<td><a href="'.USCES_ADMIN_URL.'?page=usces_orderlist&order_action=edit&order_id='.$array['ID'].'&usces_referer='.esc_url($curent_url).'&wc_nonce='.wp_create_nonce( 'order_list' ).'">'.esc_html($value).'</a></td>'; 667 667 } elseif( $key === 'date' ) { 668 668 $list_detail .= '<td>'.esc_html($value).'</td>'; -
usc-e-shop/trunk/includes/purchase_button.php
r1186055 r1199120 368 368 $sf = ( !empty($usces_entries['order']['shipping_charge']) ) ? $usces_entries['order']['shipping_charge'] : 0; 369 369 $am = $usces_entries['order']['total_full_price'] - $tx - $sf; 370 $ html .= '<form id="purchase_form" name="purchase_form" action="'.$acting_opts['send_url'].'" method="post" onKeyDown="if(event.keyCode == 13) {return false;}" >370 $purchase_html = '<form id="purchase_form" name="purchase_form" action="'.$acting_opts['send_url'].'" method="post" onKeyDown="if(event.keyCode == 13) {return false;}" > 371 371 <input type="hidden" name="aid" value="'.$acting_opts['aid'].'" /> 372 372 <input type="hidden" name="cod" value="'.$rand.'" /> … … 384 384 <input type="hidden" name="uscesid" value="' . $usces->get_uscesid(false) . '"> 385 385 '; 386 $ html .= '<div class="send"><input name="purchase_jpayment" type="submit" id="purchase_button" class="checkout_button" value="'.__('Checkout', 'usces').'"'.apply_filters('usces_filter_confirm_nextbutton', NULL).$purchase_disabled.' /></div>';387 $html = apply_filters('usces_filter_confirm_inform', $html, $payments, $acting_flag, $rand, $purchase_disabled);388 $html .= '</form>'; 389 $ html .= '<form action="'.USCES_CART_URL.'" method="post" onKeyDown="if(event.keyCode == 13) {return false;}">390 <div class="send"><input name="backDelivery" type="submit" id="back_button" class="back_to_delivery_button" value="'.__('Back', 'usces').'"'.apply_filters('usces_filter_confirm_prebutton', NULL).' /></div>'; 391 $html = apply_filters('usces_filter_confirm_inform_back', $html);386 $purchase_html .= '<div class="send"><input name="purchase_jpayment" type="submit" id="purchase_button" class="checkout_button" value="'.__('Checkout', 'usces').'"'.apply_filters('usces_filter_confirm_nextbutton', NULL).$purchase_disabled.' /></div>'; 387 $html .= apply_filters('usces_filter_confirm_inform', $purchase_html, $payments, $acting_flag, $rand, $purchase_disabled); 388 $html .= '</form>'; 389 $purchase_html = '<form action="'.USCES_CART_URL.'" method="post" onKeyDown="if(event.keyCode == 13) {return false;}"> 390 <div class="send"><input name="backDelivery" type="submit" id="back_button" class="back_to_delivery_button" value="'.__('Back', 'usces').'"'.apply_filters('usces_filter_confirm_prebutton', NULL).' /></div>'; 391 $html .= apply_filters('usces_filter_confirm_inform_back', $purchase_html); 392 392 $html .= '</form>'."\n"; 393 393 break; -
usc-e-shop/trunk/includes/usces_item_master_list.php
r1080215 r1199120 405 405 <tr> 406 406 <td width="20px" align="center"><input name="listcheck[]" type="checkbox" value="<?php echo (int)$array['ID']; ?>" /></td> 407 <td width="50px"><a href="<?php echo USCES_ADMIN_URL.'?page=usces_itemedit&action=edit&post='.$array['ID'].'&usces_referer='. $curent_url; ?>" title="<?php echo esc_attr($array['item_name']); ?>"><?php echo wp_get_attachment_image( $pctid, array(50, 50), true ); ?></a></td>407 <td width="50px"><a href="<?php echo USCES_ADMIN_URL.'?page=usces_itemedit&action=edit&post='.$array['ID'].'&usces_referer='.esc_url($curent_url); ?>" title="<?php echo esc_attr($array['item_name']); ?>"><?php echo wp_get_attachment_image( $pctid, array(50, 50), true ); ?></a></td> 408 408 <?php foreach ( (array)$array as $key => $value ) : ?> 409 409 <?php if( $key == 'item_code') : ?> … … 423 423 <?php endif; ?> 424 424 <ul class="item_list_navi"> 425 <li><a href="<?php echo USCES_ADMIN_URL.'?page=usces_itemedit&action=edit&post='.$array['ID'].'&usces_referer='. $curent_url; ?>"><?php _e('edit', 'usces'); ?></a></li>425 <li><a href="<?php echo USCES_ADMIN_URL.'?page=usces_itemedit&action=edit&post='.$array['ID'].'&usces_referer='.esc_url($curent_url); ?>"><?php _e('edit', 'usces'); ?></a></li> 426 426 <li> | </li> 427 427 <!--<li><a href="<?php echo wp_nonce_url("post.php?action=delete&post=".$array['ID'], 'delete-post_' . $array['ID']); ?>" onclick="return deleteconfirm('<?php echo esc_attr($array['item_code']); ?>');"><?php _e('Delete', 'usces'); ?></a></li>--> … … 451 451 <?php endif; ?> 452 452 <ul class="item_list_navi"> 453 <li><a href="<?php echo USCES_ADMIN_URL.'?page=usces_itemedit&action=edit&post='.$array['ID'].'&usces_referer='. $curent_url; ?>"><?php _e('edit', 'usces'); ?></a></li>453 <li><a href="<?php echo USCES_ADMIN_URL.'?page=usces_itemedit&action=edit&post='.$array['ID'].'&usces_referer='.esc_url($curent_url); ?>"><?php _e('edit', 'usces'); ?></a></li> 454 454 <li> | </li> 455 455 <li><a href="<?php echo wp_nonce_url("post.php?action=delete&post=".$array['ID'], 'delete-post_' . $array['ID']); ?>" onclick="return deleteconfirm('<?php echo esc_attr($array['item_code']); ?>');"><?php _e('Delete', 'usces'); ?></a></li> -
usc-e-shop/trunk/usc-e-shop.php
r1199108 r1199120 8 8 Author URI: http://www.collne.com/ 9 9 */ 10 define('USCES_VERSION', '1.4.17.150715 1');10 define('USCES_VERSION', '1.4.17.1507152'); 11 11 define('USCES_DB_ACCESS', '1.5'); 12 12 define('USCES_DB_MEMBER', '1.1');
Note: See TracChangeset
for help on using the changeset viewer.