From 474893f771f27062bceb177a7569e3f8a8ebabc2 Mon Sep 17 00:00:00 2001 From: Sultan Nasir Uddin Date: Wed, 25 Oct 2023 14:59:14 +0600 Subject: [PATCH] Optimize and improve code for better performance & security --- bin/build-zip.sh | 2 +- composer.lock | 40 ++--- languages/wc-serial-numbers.pot | 184 +++++++++++----------- package.json | 2 +- readme.txt | 5 +- src/API.php | 29 +++- src/Admin/ListTables/ActivationsTable.php | 20 +-- src/Admin/ListTables/KeysTable.php | 20 +-- src/Admin/ListTables/ListTable.php | 13 +- src/Admin/ListTables/StockTable.php | 9 +- src/Admin/Menus.php | 10 +- src/Frontend/Shortcodes.php | 3 +- src/Plugin.php | 6 - wc-serial-numbers.php | 4 +- 14 files changed, 179 insertions(+), 168 deletions(-) diff --git a/bin/build-zip.sh b/bin/build-zip.sh index 7f7dac3d..e379adb5 100755 --- a/bin/build-zip.sh +++ b/bin/build-zip.sh @@ -12,9 +12,9 @@ fi echo "➤ Preparing zip for $VERSION of $SLUG..." echo "➤ Building plugin..." -npm install && npm run build composer install composer update --no-dev --no-scripts +npm install && npm run build echo "✓ Plugin built!" # if directory already exists, delete it diff --git a/composer.lock b/composer.lock index 8ec3024e..d6e78bdf 100644 --- a/composer.lock +++ b/composer.lock @@ -180,12 +180,12 @@ "source": { "type": "git", "url": "https://github.com/byteever/byteever-sniffs.git", - "reference": "edea620f99832e84079dfdcda634d805a9573c62" + "reference": "8c20a95245a883bcbaea42e46653f7f788bf8290" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/byteever/byteever-sniffs/zipball/edea620f99832e84079dfdcda634d805a9573c62", - "reference": "edea620f99832e84079dfdcda634d805a9573c62", + "url": "https://api.github.com/repos/byteever/byteever-sniffs/zipball/8c20a95245a883bcbaea42e46653f7f788bf8290", + "reference": "8c20a95245a883bcbaea42e46653f7f788bf8290", "shasum": "" }, "require": { @@ -230,10 +230,10 @@ "standards" ], "support": { - "source": "https://github.com/byteever/byteever-sniffs/tree/master", + "source": "https://github.com/byteever/byteever-sniffs/tree/v1.0.1", "issues": "https://github.com/byteever/byteever-sniffs/issues" }, - "time": "2023-10-12T09:08:28+00:00" + "time": "2023-10-25T04:55:22+00:00" }, { "name": "codeception/codeception", @@ -3539,12 +3539,12 @@ "source": { "type": "git", "url": "git@github.com:pluginever/framework-model.git", - "reference": "b1ab33c420c06012ba7dd1ddb873d082d5e272cc" + "reference": "5a5de16e378f2a7a3b8ba95d1eb3569f7a3a6574" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pluginever/framework-model/zipball/b1ab33c420c06012ba7dd1ddb873d082d5e272cc", - "reference": "b1ab33c420c06012ba7dd1ddb873d082d5e272cc", + "url": "https://api.github.com/repos/pluginever/framework-model/zipball/5a5de16e378f2a7a3b8ba95d1eb3569f7a3a6574", + "reference": "5a5de16e378f2a7a3b8ba95d1eb3569f7a3a6574", "shasum": "" }, "require": { @@ -3579,10 +3579,10 @@ ], "description": "Model for the framework", "support": { - "source": "https://github.com/pluginever/framework-model/tree/master", + "source": "https://github.com/pluginever/framework-model/tree/v1.0.8", "issues": "https://github.com/pluginever/framework-model/issues" }, - "time": "2023-08-10T07:52:03+00:00" + "time": "2023-10-25T08:49:24+00:00" }, { "name": "pluginever/framework-plugin", @@ -3590,12 +3590,12 @@ "source": { "type": "git", "url": "git@github.com:pluginever/framework-plugin.git", - "reference": "d24ae94397a74d334b450f02bfffb1c52d8cebc6" + "reference": "dd76127abd4a0c6dd8253fe6b885a807dfe8e4e0" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pluginever/framework-plugin/zipball/d24ae94397a74d334b450f02bfffb1c52d8cebc6", - "reference": "d24ae94397a74d334b450f02bfffb1c52d8cebc6", + "url": "https://api.github.com/repos/pluginever/framework-plugin/zipball/dd76127abd4a0c6dd8253fe6b885a807dfe8e4e0", + "reference": "dd76127abd4a0c6dd8253fe6b885a807dfe8e4e0", "shasum": "" }, "require": { @@ -3630,10 +3630,10 @@ ], "description": "A set of related classes to kick start WordPress plugin development.", "support": { - "source": "https://github.com/pluginever/framework-plugin/tree/master", + "source": "https://github.com/pluginever/framework-plugin/tree/v1.0.8", "issues": "https://github.com/pluginever/framework-plugin/issues" }, - "time": "2023-09-24T10:21:09+00:00" + "time": "2023-10-25T08:44:40+00:00" }, { "name": "pluginever/framework-settings", @@ -3641,12 +3641,12 @@ "source": { "type": "git", "url": "git@github.com:pluginever/framework-settings.git", - "reference": "17aa1bebb38da0f4d8a9cbd791c2a2c4e282e493" + "reference": "f80a91b9a3aef06c56d85a5f3e097da7b9386a80" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/pluginever/framework-settings/zipball/17aa1bebb38da0f4d8a9cbd791c2a2c4e282e493", - "reference": "17aa1bebb38da0f4d8a9cbd791c2a2c4e282e493", + "url": "https://api.github.com/repos/pluginever/framework-settings/zipball/f80a91b9a3aef06c56d85a5f3e097da7b9386a80", + "reference": "f80a91b9a3aef06c56d85a5f3e097da7b9386a80", "shasum": "" }, "require": { @@ -3681,10 +3681,10 @@ ], "description": "A set of related classes to kick start WordPress plugin development.", "support": { - "source": "https://github.com/pluginever/framework-settings/tree/master", + "source": "https://github.com/pluginever/framework-settings/tree/v1.0.4", "issues": "https://github.com/pluginever/framework-settings/issues" }, - "time": "2023-09-27T10:14:00+00:00" + "time": "2023-10-25T08:44:07+00:00" }, { "name": "psr/clock", diff --git a/languages/wc-serial-numbers.pot b/languages/wc-serial-numbers.pot index 0ab17146..c8ce3029 100644 --- a/languages/wc-serial-numbers.pot +++ b/languages/wc-serial-numbers.pot @@ -4,7 +4,7 @@ msgid "" msgstr "" "Project-Id-Version: Serial Numbers for WooCommerce 1.6.3\n" "Report-Msgid-Bugs-To: https://pluginever.com/plugins/wc-serial-numbers/\n" -"POT-Creation-Date: 2023-10-25 06:00:24+00:00\n" +"POT-Creation-Date: 2023-10-25 08:52:01+00:00\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" @@ -61,109 +61,113 @@ msgstr "" msgid "Settings saved." msgstr "" -#: lib/Lib/Settings.php:310 lib/Lib/Settings.php:401 lib/Lib/Settings.php:410 -#: lib/Lib/Settings.php:419 +#: lib/Lib/Settings.php:310 lib/Lib/Settings.php:398 lib/Lib/Settings.php:406 +#: lib/Lib/Settings.php:414 msgid "Recommended" msgstr "" -#: lib/Lib/Settings.php:311 lib/Lib/Settings.php:402 lib/Lib/Settings.php:411 -#: lib/Lib/Settings.php:420 +#: lib/Lib/Settings.php:311 lib/Lib/Settings.php:399 lib/Lib/Settings.php:407 +#: lib/Lib/Settings.php:415 msgid "Install Now" msgstr "" -#: lib/Lib/Settings.php:372 +#: lib/Lib/Settings.php:370 msgid "Need Help?" msgstr "" -#: lib/Lib/Settings.php:434 +#: lib/Lib/Settings.php:429 msgid "Join our Community" msgstr "" -#: lib/Lib/Settings.php:438 +#: lib/Lib/Settings.php:433 msgid "Request a Feature" msgstr "" -#: lib/Lib/Settings.php:442 +#: lib/Lib/Settings.php:437 msgid "Report a Bug" msgstr "" -#: src/API.php:60 +#: src/API.php:54 +msgid "Invalid request method." +msgstr "" + +#: src/API.php:81 msgid "Invalid action." msgstr "" -#: src/API.php:71 +#: src/API.php:92 msgid "Invalid product ID." msgstr "" -#: src/API.php:81 src/Models/Key.php:494 +#: src/API.php:102 src/Models/Key.php:494 msgid "Serial key is required." msgstr "" -#: src/API.php:97 +#: src/API.php:118 msgid "Serial key is invalid." msgstr "" -#: src/API.php:107 +#: src/API.php:128 msgid "Serial key is not authorized to use." msgstr "" -#: src/API.php:118 +#: src/API.php:139 msgid "Please complete your order to activate the serial key." msgstr "" -#: src/API.php:128 +#: src/API.php:149 msgid "Serial key is not valid for this product." msgstr "" -#: src/API.php:138 +#: src/API.php:159 msgid "Invalid email address." msgstr "" -#: src/API.php:148 +#: src/API.php:169 msgid "Serial key is expired." msgstr "" -#: src/API.php:155 +#: src/API.php:176 msgid "Serial key is cancelled." msgstr "" -#: src/API.php:162 +#: src/API.php:183 msgid "Invalid serial key." msgstr "" -#: src/API.php:181 +#: src/API.php:202 msgid "Serial key is valid." msgstr "" -#: src/API.php:220 src/API.php:321 +#: src/API.php:241 src/API.php:342 msgid "Instance is missing, You must provide an instance to deactivate license" msgstr "" -#: src/API.php:236 +#: src/API.php:257 msgid "Instance is already activated." msgstr "" -#: src/API.php:246 +#: src/API.php:267 msgid "Activation limit reached" msgstr "" -#: src/API.php:273 +#: src/API.php:294 msgid "Activation failed." msgstr "" -#: src/API.php:282 +#: src/API.php:303 msgid "Serial key is activated." msgstr "" -#: src/API.php:337 +#: src/API.php:358 msgid "Instance is not activated." msgstr "" -#: src/API.php:347 +#: src/API.php:368 msgid "Deactivation failed." msgstr "" -#: src/API.php:356 +#: src/API.php:377 msgid "Serial key is deactivated." msgstr "" @@ -216,13 +220,13 @@ msgid "Version %s" msgstr "" #: src/Admin/Admin.php:141 src/Admin/Menus.php:52 src/Admin/Menus.php:87 -#: src/Admin/Menus.php:88 src/Admin/Menus.php:429 src/Admin/Metaboxes.php:35 -#: src/Admin/Metaboxes.php:247 src/Functions/Template.php:226 +#: src/Admin/Menus.php:88 src/Admin/Menus.php:429 src/Admin/Metaboxes.php:36 +#: src/Admin/Metaboxes.php:248 src/Functions/Template.php:226 msgid "Serial Numbers" msgstr "" #: src/Admin/ListTables/ActivationsTable.php:39 -#: src/Admin/ListTables/KeysTable.php:319 +#: src/Admin/ListTables/KeysTable.php:355 msgid "Activation" msgstr "" @@ -236,35 +240,35 @@ msgid "No activations found. Once a serial key is activated, it will appear here msgstr "" #: src/Admin/ListTables/ActivationsTable.php:113 -#: src/Admin/ListTables/KeysTable.php:243 +#: src/Admin/ListTables/KeysTable.php:279 #: src/Admin/ListTables/StockTable.php:82 msgid "Filter" msgstr "" #: src/Admin/ListTables/ActivationsTable.php:165 #: src/Admin/ListTables/ActivationsTable.php:240 -#: src/Admin/ListTables/KeysTable.php:299 -#: src/Admin/ListTables/KeysTable.php:391 src/Admin/views/html-edit-key.php:130 +#: src/Admin/ListTables/KeysTable.php:335 +#: src/Admin/ListTables/KeysTable.php:427 src/Admin/views/html-edit-key.php:130 msgid "Delete" msgstr "" #: src/Admin/ListTables/ActivationsTable.php:177 -#: src/Admin/views/html-api-actions.php:141 src/Frontend/Shortcodes.php:141 +#: src/Admin/views/html-api-actions.php:141 src/Frontend/Shortcodes.php:142 msgid "Instance" msgstr "" #: src/Admin/ListTables/ActivationsTable.php:178 -#: src/Admin/ListTables/KeysTable.php:313 +#: src/Admin/ListTables/KeysTable.php:349 #: src/Admin/ListTables/StockTable.php:95 src/Admin/views/html-add-key.php:33 #: src/Admin/views/html-api-actions.php:118 #: src/Admin/views/html-api-validation.php:121 #: src/Admin/views/html-edit-key.php:37 src/Deprecated/Functions.php:358 -#: src/Frontend/Shortcodes.php:40 src/Frontend/Shortcodes.php:136 +#: src/Frontend/Shortcodes.php:40 src/Frontend/Shortcodes.php:137 msgid "Product" msgstr "" #: src/Admin/ListTables/ActivationsTable.php:179 -#: src/Admin/ListTables/KeysTable.php:312 src/Admin/Orders.php:192 +#: src/Admin/ListTables/KeysTable.php:348 src/Admin/Orders.php:192 #: src/Admin/views/html-api-actions.php:131 #: src/Admin/views/html-api-validation.php:134 src/Functions/Template.php:42 #: src/functions.php:1009 @@ -272,7 +276,7 @@ msgid "Key" msgstr "" #: src/Admin/ListTables/ActivationsTable.php:180 -#: src/Admin/views/html-api-actions.php:152 src/Frontend/Shortcodes.php:143 +#: src/Admin/views/html-api-actions.php:152 src/Frontend/Shortcodes.php:144 msgid "Platform" msgstr "" @@ -301,7 +305,7 @@ msgid "Keys can have one of the following statuses:" msgstr "" #: src/Admin/ListTables/KeysTable.php:177 -#: src/Admin/ListTables/KeysTable.php:222 src/functions.php:46 +#: src/Admin/ListTables/KeysTable.php:233 src/functions.php:46 msgid "Available" msgstr "" @@ -310,7 +314,7 @@ msgid "This means the key is available for purchase." msgstr "" #: src/Admin/ListTables/KeysTable.php:182 -#: src/Admin/ListTables/KeysTable.php:223 src/functions.php:47 +#: src/Admin/ListTables/KeysTable.php:240 src/functions.php:47 msgid "Pending" msgstr "" @@ -319,7 +323,7 @@ msgid "This means the key has been sold, but the order has not been completed ye msgstr "" #: src/Admin/ListTables/KeysTable.php:187 -#: src/Admin/ListTables/KeysTable.php:224 +#: src/Admin/ListTables/KeysTable.php:247 #: src/Admin/ListTables/StockTable.php:97 src/functions.php:48 msgid "Sold" msgstr "" @@ -329,7 +333,7 @@ msgid "This means the key has been sold, and the order has been completed." msgstr "" #: src/Admin/ListTables/KeysTable.php:192 -#: src/Admin/ListTables/KeysTable.php:225 src/Functions/Template.php:72 +#: src/Admin/ListTables/KeysTable.php:254 src/Functions/Template.php:72 #: src/functions.php:49 msgid "Expired" msgstr "" @@ -339,7 +343,7 @@ msgid "This means the key has expired and is no longer valid." msgstr "" #: src/Admin/ListTables/KeysTable.php:197 -#: src/Admin/ListTables/KeysTable.php:226 src/functions.php:50 +#: src/Admin/ListTables/KeysTable.php:261 src/functions.php:50 msgid "Cancelled" msgstr "" @@ -349,75 +353,75 @@ msgid "" "purchase or use." msgstr "" -#: src/Admin/ListTables/KeysTable.php:221 +#: src/Admin/ListTables/KeysTable.php:224 msgid "All keys." msgstr "" -#: src/Admin/ListTables/KeysTable.php:221 +#: src/Admin/ListTables/KeysTable.php:226 msgid "All" msgstr "" -#: src/Admin/ListTables/KeysTable.php:222 +#: src/Admin/ListTables/KeysTable.php:231 msgid "Available for sell." msgstr "" -#: src/Admin/ListTables/KeysTable.php:223 +#: src/Admin/ListTables/KeysTable.php:238 msgid "Pending payment." msgstr "" -#: src/Admin/ListTables/KeysTable.php:224 +#: src/Admin/ListTables/KeysTable.php:245 msgid "Sold keys." msgstr "" -#: src/Admin/ListTables/KeysTable.php:225 +#: src/Admin/ListTables/KeysTable.php:252 msgid "Expired keys." msgstr "" -#: src/Admin/ListTables/KeysTable.php:226 +#: src/Admin/ListTables/KeysTable.php:259 msgid "Cancelled keys." msgstr "" -#: src/Admin/ListTables/KeysTable.php:300 +#: src/Admin/ListTables/KeysTable.php:336 msgid "Reset Activations" msgstr "" -#: src/Admin/ListTables/KeysTable.php:314 src/Admin/views/html-add-key.php:120 +#: src/Admin/ListTables/KeysTable.php:350 src/Admin/views/html-add-key.php:120 msgid "Order" msgstr "" -#: src/Admin/ListTables/KeysTable.php:315 +#: src/Admin/ListTables/KeysTable.php:351 msgid "Validity" msgstr "" -#: src/Admin/ListTables/KeysTable.php:322 +#: src/Admin/ListTables/KeysTable.php:358 msgid "Order Date" msgstr "" -#: src/Admin/ListTables/KeysTable.php:323 src/Admin/Menus.php:316 +#: src/Admin/ListTables/KeysTable.php:359 src/Admin/Menus.php:316 #: src/Admin/Orders.php:204 src/Admin/views/html-add-key.php:91 #: src/Admin/views/html-edit-key.php:92 src/Functions/Template.php:78 #: src/functions.php:1034 msgid "Status" msgstr "" -#: src/Admin/ListTables/KeysTable.php:389 +#: src/Admin/ListTables/KeysTable.php:425 #. translators: %d: key id. msgid "ID: %d" msgstr "" -#: src/Admin/ListTables/KeysTable.php:390 +#: src/Admin/ListTables/KeysTable.php:426 #: src/Admin/ListTables/StockTable.php:143 msgid "Edit" msgstr "" -#: src/Admin/ListTables/KeysTable.php:485 +#: src/Admin/ListTables/KeysTable.php:521 #. translators: %1$s: validity, %2$s: validity. msgid "%s Day
After purchase" msgid_plural "%s Days
After purchase" msgstr[0] "" msgstr[1] "" -#: src/Admin/ListTables/KeysTable.php:495 src/Admin/Orders.php:197 +#: src/Admin/ListTables/KeysTable.php:531 src/Admin/Orders.php:197 #: src/Functions/Template.php:63 src/functions.php:1030 msgid "Lifetime" msgstr "" @@ -484,8 +488,8 @@ msgstr "" msgid "Reports" msgstr "" -#: src/Admin/Menus.php:189 src/Admin/Metaboxes.php:135 -#: src/Admin/Metaboxes.php:156 +#: src/Admin/Menus.php:189 src/Admin/Metaboxes.php:136 +#: src/Admin/Metaboxes.php:157 msgid "Upgrade to Pro" msgstr "" @@ -548,55 +552,55 @@ msgstr "" msgid "Not scheduled" msgstr "" -#: src/Admin/Metaboxes.php:56 +#: src/Admin/Metaboxes.php:57 msgid "Sell keys" msgstr "" -#: src/Admin/Metaboxes.php:57 +#: src/Admin/Metaboxes.php:58 msgid "Enable this if you are selling keys or licensing this product." msgstr "" -#: src/Admin/Metaboxes.php:70 +#: src/Admin/Metaboxes.php:71 msgid "Delivery quantity" msgstr "" -#: src/Admin/Metaboxes.php:71 +#: src/Admin/Metaboxes.php:72 msgid "Number of key(s) will be delivered per item. Available in PRO." msgstr "" -#: src/Admin/Metaboxes.php:91 src/Admin/Metaboxes.php:123 +#: src/Admin/Metaboxes.php:92 src/Admin/Metaboxes.php:124 msgid "Key source" msgstr "" -#: src/Admin/Metaboxes.php:109 +#: src/Admin/Metaboxes.php:110 msgid "Software version" msgstr "" -#: src/Admin/Metaboxes.php:110 +#: src/Admin/Metaboxes.php:111 msgid "Version number for the software. Ignore if it's not a software." msgstr "" -#: src/Admin/Metaboxes.php:111 +#: src/Admin/Metaboxes.php:112 msgid "e.g. 1.0" msgstr "" -#: src/Admin/Metaboxes.php:125 +#: src/Admin/Metaboxes.php:126 msgid "key available." msgid_plural "keys available." msgstr[0] "" msgstr[1] "" -#: src/Admin/Metaboxes.php:133 +#: src/Admin/Metaboxes.php:134 msgid "Want to sell keys for variable products?" msgstr "" -#: src/Admin/Metaboxes.php:154 +#: src/Admin/Metaboxes.php:155 msgid "" "The free version of Serial Numbers for WooCommerce does not support product " "variation." msgstr "" -#: src/Admin/Metaboxes.php:229 +#: src/Admin/Metaboxes.php:230 msgid "Order missing serial numbers for this item." msgstr "" @@ -1135,7 +1139,7 @@ msgstr "" #: src/Admin/views/html-api-actions.php:162 #: src/Admin/views/html-api-validation.php:144 #: src/Admin/views/html-edit-key.php:154 src/Deprecated/Functions.php:360 -#: src/Frontend/Shortcodes.php:43 src/Frontend/Shortcodes.php:139 +#: src/Frontend/Shortcodes.php:43 src/Frontend/Shortcodes.php:140 msgid "Email" msgstr "" @@ -1151,15 +1155,15 @@ msgid "" "ignored." msgstr "" -#: src/Admin/views/html-api-actions.php:172 src/Frontend/Shortcodes.php:145 +#: src/Admin/views/html-api-actions.php:172 src/Frontend/Shortcodes.php:146 msgid "Action" msgstr "" -#: src/Admin/views/html-api-actions.php:175 src/Frontend/Shortcodes.php:152 +#: src/Admin/views/html-api-actions.php:175 src/Frontend/Shortcodes.php:153 msgid "Activate" msgstr "" -#: src/Admin/views/html-api-actions.php:176 src/Frontend/Shortcodes.php:153 +#: src/Admin/views/html-api-actions.php:176 src/Frontend/Shortcodes.php:154 msgid "Deactivate" msgstr "" @@ -1172,7 +1176,7 @@ msgstr "" msgid "API response" msgstr "" -#: src/Admin/views/html-api-actions.php:195 src/Frontend/Shortcodes.php:146 +#: src/Admin/views/html-api-actions.php:195 src/Frontend/Shortcodes.php:147 #: vendor/lucatume/wp-browser/src/data/plugins/wordpress-importer/wordpress-importer.php:284 msgid "Submit" msgstr "" @@ -1373,16 +1377,16 @@ msgstr "" msgid "Serial Key Validation" msgstr "" -#: src/Frontend/Shortcodes.php:41 src/Frontend/Shortcodes.php:137 +#: src/Frontend/Shortcodes.php:41 src/Frontend/Shortcodes.php:138 msgid "Serial Key" msgstr "" -#: src/Frontend/Shortcodes.php:42 src/Frontend/Shortcodes.php:138 +#: src/Frontend/Shortcodes.php:42 src/Frontend/Shortcodes.php:139 msgid "Enter your serial key" msgstr "" #: src/Frontend/Shortcodes.php:44 src/Frontend/Shortcodes.php:105 -#: src/Frontend/Shortcodes.php:140 src/Frontend/Shortcodes.php:216 +#: src/Frontend/Shortcodes.php:141 src/Frontend/Shortcodes.php:217 msgid "Enter your email" msgstr "" @@ -1390,23 +1394,23 @@ msgstr "" msgid "No products found." msgstr "" -#: src/Frontend/Shortcodes.php:90 src/Frontend/Shortcodes.php:200 +#: src/Frontend/Shortcodes.php:90 src/Frontend/Shortcodes.php:201 msgid "Select a product" msgstr "" -#: src/Frontend/Shortcodes.php:135 +#: src/Frontend/Shortcodes.php:136 msgid "Activate/Deactivate Serial Key" msgstr "" -#: src/Frontend/Shortcodes.php:142 +#: src/Frontend/Shortcodes.php:143 msgid "Enter your instance" msgstr "" -#: src/Frontend/Shortcodes.php:144 +#: src/Frontend/Shortcodes.php:145 msgid "Enter platform" msgstr "" -#: src/Frontend/Shortcodes.php:186 +#: src/Frontend/Shortcodes.php:187 msgid "Could not find any products with serial numbers enabled." msgstr "" @@ -1479,12 +1483,12 @@ msgstr "" msgid "Order automatically completed by the Serial Numbers for WooCommerce." msgstr "" -#: src/Plugin.php:69 +#: src/Plugin.php:63 #. translators: 1: plugin name 2: WooCommerce msgid "%1$s requires %2$s to be installed and active." msgstr "" -#: src/Plugin.php:71 +#: src/Plugin.php:65 msgid "WooCommerce" msgstr "" diff --git a/package.json b/package.json index e1f8c560..2d2a9c4d 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "wc-serial-numbers", "title": "Serial Numbers for WooCommerce", - "version": "1.6.3", + "version": "1.6.4", "description": "The best WooCommerce extension to sell license & serial keys, gift cards and other secret numbers!", "homepage": "https://pluginever.com/plugins/wc-serial-numbers/", "license": "GPL-3.0+", diff --git a/readme.txt b/readme.txt index 8b3442e7..5434bb38 100644 --- a/readme.txt +++ b/readme.txt @@ -4,7 +4,7 @@ Tags: license manager, license, license number, serial number, activation number Requires at least: 5.0 Tested up to: 6.3 Requires PHP: 5.6 -Stable tag: 1.6.3 +Stable tag: 1.6.4 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html @@ -252,6 +252,9 @@ Yes, you are always welcome to [provide suggestions](https://github.com/pluginev == Changelog == += 1.6.4 (25 Oct 2023) = +* Enhance: Optimize and improve code for better performance & security. + = 1.6.3 (8 Oct 2023) = * Fix: Dropdown active color is not working. * Enhance: Allow keys to be sold without checking key source. diff --git a/src/API.php b/src/API.php index 6f4270f3..987e8105 100644 --- a/src/API.php +++ b/src/API.php @@ -35,11 +35,32 @@ public function __construct() { * @since 1.0.0 */ public static function process_request() { - $product_id = isset( $_REQUEST['product_id'] ) ? absint( $_REQUEST['product_id'] ) : 0; - $key = isset( $_REQUEST['serial_key'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['serial_key'] ) ) : ''; - $action = isset( $_REQUEST['request'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['request'] ) ) : ''; - $email = isset( $_REQUEST['email'] ) ? strtolower( sanitize_text_field( wp_unslash( $_REQUEST['email'] ) ) ) : ''; + $method = filter_input( INPUT_SERVER, 'REQUEST_METHOD', FILTER_SANITIZE_SPECIAL_CHARS ); + if ( 'POST' === strtoupper( $method ) ) { + $product_id = filter_input( INPUT_POST, 'product_id', FILTER_SANITIZE_NUMBER_INT ); + $key = filter_input( INPUT_POST, 'serial_key', FILTER_SANITIZE_SPECIAL_CHARS ); + $action = filter_input( INPUT_POST, 'request', FILTER_SANITIZE_SPECIAL_CHARS ); + $email = filter_input( INPUT_POST, 'email', FILTER_SANITIZE_SPECIAL_CHARS ); + } elseif ( 'GET' === strtoupper( $method ) ) { + $product_id = filter_input( INPUT_GET, 'product_id', FILTER_SANITIZE_NUMBER_INT ); + $key = filter_input( INPUT_GET, 'serial_key', FILTER_SANITIZE_SPECIAL_CHARS ); + $action = filter_input( INPUT_GET, 'request', FILTER_SANITIZE_SPECIAL_CHARS ); + $email = filter_input( INPUT_GET, 'email', FILTER_SANITIZE_SPECIAL_CHARS ); + } else { + // its unknown request method. + wp_send_json_error( + array( + 'code' => 'invalid_request_method', + 'message' => __( 'Invalid request method.', 'wc-serial-numbers' ), + ) + ); + } + // Clean up properties. + $product_id = absint( $product_id ); + $key = sanitize_text_field( wp_unslash( $key ) ); + $action = sanitize_key( wp_unslash( $action ) ); + $email = strtolower( sanitize_email( wp_unslash( $email ) ) ); WCSN()->log( 'API request', 'debug', diff --git a/src/Admin/ListTables/ActivationsTable.php b/src/Admin/ListTables/ActivationsTable.php index c90d2fdf..b7bb8755 100644 --- a/src/Admin/ListTables/ActivationsTable.php +++ b/src/Admin/ListTables/ActivationsTable.php @@ -55,14 +55,14 @@ public function prepare_items() { $sortable = $this->get_sortable_columns(); $this->_column_headers = array( $columns, $hidden, $sortable ); $current_page = $this->get_pagenum(); - $orderby = isset( $_GET['orderby'] ) ? sanitize_key( $_GET['orderby'] ) : 'order_date'; - $order = isset( $_GET['order'] ) ? sanitize_key( $_GET['order'] ) : 'desc'; - $search = isset( $_GET['s'] ) ? sanitize_text_field( wp_unslash( $_GET['s'] ) ) : null; - $product_id = isset( $_GET['product_id'] ) ? absint( $_GET['product_id'] ) : ''; - $order_id = isset( $_GET['order_id'] ) ? absint( $_GET['order_id'] ) : ''; - $customer_id = isset( $_GET['customer_id'] ) ? absint( $_GET['customer_id'] ) : ''; - $id = isset( $_GET['id'] ) ? absint( $_GET['id'] ) : ''; - $serial_id = isset( $_GET['serial_id'] ) ? absint( $_GET['serial_id'] ) : ''; + $orderby = filter_input( INPUT_GET, 'orderby', FILTER_SANITIZE_SPECIAL_CHARS ); + $order = filter_input( INPUT_GET, 'order', FILTER_SANITIZE_SPECIAL_CHARS ); + $search = filter_input( INPUT_GET, 's', FILTER_SANITIZE_SPECIAL_CHARS ); + $product_id = filter_input( INPUT_GET, 'product_id', FILTER_SANITIZE_NUMBER_INT ); + $order_id = filter_input( INPUT_GET, 'order_id', FILTER_SANITIZE_NUMBER_INT ); + $customer_id = filter_input( INPUT_GET, 'customer_id', FILTER_SANITIZE_NUMBER_INT ); + $id = filter_input( INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT ); + $serial_id = filter_input( INPUT_GET, 'serial_id', FILTER_SANITIZE_NUMBER_INT ); if ( array_key_exists( $orderby, $this->get_sortable_columns() ) && 'order_date' !== $orderby ) { $args['orderby'] = $orderby; @@ -123,7 +123,7 @@ protected function extra_tablenav( $which ) { * @since 1.4.6 */ public function process_bulk_actions( $doaction ) { - if ( $doaction ) { + if ( $doaction && check_ajax_referer( 'bulk-activations' ) ) { if ( isset( $_REQUEST['id'] ) ) { $ids = wp_parse_id_list( wp_unslash( $_REQUEST['id'] ) ); $doaction = ( - 1 !== $_REQUEST['action'] ) ? $_REQUEST['action'] : $_REQUEST['action2']; // phpcs:ignore @@ -237,7 +237,7 @@ protected function column_instance( $activation ) { ), admin_url( 'admin.php?page=wc-serial-numbers-activations' ) ); - $actions['delete'] = sprintf( '%2$s', esc_url( $delete_url ), __( 'Delete', 'wc-serial-numbers' ) ); + $actions['delete'] = sprintf( '%2$s', wp_nonce_url( $delete_url, 'bulk-activations' ), __( 'Delete', 'wc-serial-numbers' ) ); return sprintf( '%1$s %2$s', esc_html( $activation->get_instance() ), $this->row_actions( $actions ) ); } diff --git a/src/Admin/ListTables/KeysTable.php b/src/Admin/ListTables/KeysTable.php index 0f914244..4a6c5ae6 100644 --- a/src/Admin/ListTables/KeysTable.php +++ b/src/Admin/ListTables/KeysTable.php @@ -94,14 +94,14 @@ public function prepare_items() { $sortable = $this->get_sortable_columns(); $this->_column_headers = array( $columns, $hidden, $sortable ); $current_page = $this->get_pagenum(); - $status = isset( $_GET['status'] ) ? sanitize_text_field( wp_unslash( $_GET['status'] ) ) : ''; - $orderby = isset( $_GET['orderby'] ) ? sanitize_key( $_GET['orderby'] ) : 'order_date'; - $order = isset( $_GET['order'] ) ? sanitize_key( $_GET['order'] ) : 'desc'; - $search = isset( $_GET['s'] ) ? sanitize_text_field( wp_unslash( $_GET['s'] ) ) : null; - $product_id = isset( $_GET['product_id'] ) ? absint( $_GET['product_id'] ) : ''; - $order_id = isset( $_GET['order_id'] ) ? absint( $_GET['order_id'] ) : ''; - $customer_id = isset( $_GET['customer_id'] ) ? absint( $_GET['customer_id'] ) : ''; - $id = isset( $_GET['id'] ) ? absint( $_GET['id'] ) : ''; + $status = filter_input( INPUT_GET, 'status', FILTER_SANITIZE_SPECIAL_CHARS ); + $orderby = filter_input( INPUT_GET, 'orderby', FILTER_SANITIZE_SPECIAL_CHARS ); + $order = filter_input( INPUT_GET, 'order', FILTER_SANITIZE_SPECIAL_CHARS ); + $search = filter_input( INPUT_GET, 's', FILTER_SANITIZE_SPECIAL_CHARS ); + $product_id = filter_input( INPUT_GET, 'product_id', FILTER_SANITIZE_NUMBER_INT ); + $order_id = filter_input( INPUT_GET, 'order_id', FILTER_SANITIZE_NUMBER_INT ); + $customer_id = filter_input( INPUT_GET, 'customer_id', FILTER_SANITIZE_NUMBER_INT ); + $id = filter_input( INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT ); if ( ! empty( $status ) && ! array_key_exists( $status, wcsn_get_key_statuses() ) ) { $status = 'available'; } @@ -290,7 +290,7 @@ protected function extra_tablenav( $which ) { * @since 1.4.6 */ public function process_bulk_actions( $doaction ) { - if ( $doaction ) { + if ( $doaction && check_ajax_referer( 'bulk-' . $this->_args['plural'] ) ) { if ( wp_unslash( isset( $_REQUEST['id'] ) ) ) { $ids = wp_parse_id_list( wp_unslash( $_REQUEST['id'] ) ); $doaction = ( - 1 !== $_REQUEST['action'] ) ? $_REQUEST['action'] : $_REQUEST['action2']; // phpcs:ignore @@ -424,7 +424,7 @@ protected function column_key( $item ) { // translators: %d: key id. $actions['id'] = sprintf( __( 'ID: %d', 'wc-serial-numbers' ), esc_html( $item->id ) ); $actions['edit'] = sprintf( '%2$s', $edit_url, __( 'Edit', 'wc-serial-numbers' ) ); - $actions['delete'] = sprintf( '%2$s', $delete_url, __( 'Delete', 'wc-serial-numbers' ) ); + $actions['delete'] = sprintf( '%2$s', wp_nonce_url( $delete_url, 'bulk-keys' ), __( 'Delete', 'wc-serial-numbers' ) ); return sprintf( '%1$s %2$s', $item->print_key( $is_hidden ), $this->row_actions( $actions ) ); } diff --git a/src/Admin/ListTables/ListTable.php b/src/Admin/ListTables/ListTable.php index 56895364..3539c210 100644 --- a/src/Admin/ListTables/ListTable.php +++ b/src/Admin/ListTables/ListTable.php @@ -202,17 +202,6 @@ public function customer_dropdown() { * @since 1.4.6 */ public function process_bulk_actions( $doaction ) { - if ( isset( $_GET['_wp_http_referer'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification - wp_safe_redirect( - remove_query_arg( - array( - '_wp_http_referer', - '_wpnonce', - ), - wp_get_referer() - ) - ); - exit; - } + $referer = wp_get_referer(); } } diff --git a/src/Admin/ListTables/StockTable.php b/src/Admin/ListTables/StockTable.php index 4fc2b87b..6e08b512 100644 --- a/src/Admin/ListTables/StockTable.php +++ b/src/Admin/ListTables/StockTable.php @@ -30,17 +30,16 @@ public function __construct() { * @since 1.4.6 */ public function prepare_items() { - check_admin_referer( 'wc-serial-numbers-stock' ); $per_page = 20; $columns = $this->get_columns(); $hidden = array(); $sortable = $this->get_sortable_columns(); $this->_column_headers = array( $columns, $hidden, $sortable ); $current_page = $this->get_pagenum(); - $orderby = isset( $_GET['orderby'] ) ? sanitize_key( $_GET['orderby'] ) : 'order_date'; - $order = isset( $_GET['order'] ) ? sanitize_key( $_GET['order'] ) : 'desc'; - $search = isset( $_GET['s'] ) ? sanitize_text_field( wp_unslash( $_GET['s'] ) ) : null; - $product_id = isset( $_GET['product_id'] ) ? absint( $_GET['product_id'] ) : ''; + $orderby = filter_input( INPUT_GET, 'orderby', FILTER_SANITIZE_SPECIAL_CHARS ); + $order = filter_input( INPUT_GET, 'order', FILTER_SANITIZE_SPECIAL_CHARS ); + $search = filter_input( INPUT_GET, 's', FILTER_SANITIZE_SPECIAL_CHARS ); + $product_id = filter_input( INPUT_GET, 'product_id', FILTER_SANITIZE_NUMBER_INT ); $query_args = array( 'posts_per_page' => $per_page, diff --git a/src/Admin/Menus.php b/src/Admin/Menus.php index 9c790cb9..5399f067 100644 --- a/src/Admin/Menus.php +++ b/src/Admin/Menus.php @@ -44,7 +44,7 @@ public function __construct() { * @since 1.4.6 */ public function setup_screen() { - if ( isset( $_GET['edit'] ) || isset( $_GET['delete'] ) || isset( $_GET['add'] ) || isset( $_GET['generate'] ) ) { + if ( isset( $_GET['edit'] ) || isset( $_GET['delete'] ) || isset( $_GET['add'] ) || isset( $_GET['generate'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended return; } @@ -253,8 +253,8 @@ public function output_tools_page() { $tabs = apply_filters( 'wc_serial_numbers_tools_tabs', $tabs ); $tab_ids = array_keys( $tabs ); - $current_tab = isset( $_GET['tab'] ) ? sanitize_key( wp_unslash( $_GET['tab'] ) ) : reset( $tab_ids ); - $page = isset( $_GET['page'] ) ? sanitize_key( wp_unslash( $_GET['page'] ) ) : ''; + $current_tab = isset( $_GET['tab'] ) ? sanitize_key( wp_unslash( $_GET['tab'] ) ) : reset( $tab_ids ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended + $page = isset( $_GET['page'] ) ? sanitize_key( wp_unslash( $_GET['page'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification.Recommended Admin::view( 'html-tools.php', @@ -279,8 +279,8 @@ public function output_reports_page() { $tabs = apply_filters( 'wc_serial_numbers_reports_tabs', $tabs ); $tab_ids = array_keys( $tabs ); - $current_tab = isset( $_GET['tab'] ) ? sanitize_key( wp_unslash( $_GET['tab'] ) ) : reset( $tab_ids ); - $page = isset( $_GET['page'] ) ? sanitize_key( wp_unslash( $_GET['page'] ) ) : ''; + $current_tab = isset( $_GET['tab'] ) ? sanitize_key( wp_unslash( $_GET['tab'] ) ) : reset( $tab_ids ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended + $page = isset( $_GET['page'] ) ? sanitize_key( wp_unslash( $_GET['page'] ) ) : ''; // phpcs:ignore WordPress.Security.NonceVerification.Recommended Admin::view( 'html-reports.php', diff --git a/src/Frontend/Shortcodes.php b/src/Frontend/Shortcodes.php index 05ab957f..3ecac7b3 100644 --- a/src/Frontend/Shortcodes.php +++ b/src/Frontend/Shortcodes.php @@ -110,6 +110,7 @@ public function validation_form( $atts ) {

+

+