v2.12.14

wpcodefactory · Sep 26, 2024 · 99a6e61 · 99a6e61
1 parent 39d2f27
commit 99a6e61
Show file tree

Hide file tree

Showing 6 changed files with 83 additions and 37 deletions.
diff --git a/eu-vat-for-woocommerce.php b/eu-vat-for-woocommerce.php
@@ -3,7 +3,7 @@
 Plugin Name: EU/UK VAT for WooCommerce
 Plugin URI: https://wpfactory.com/item/eu-vat-for-woocommerce/
 Description: Manage EU VAT in WooCommerce. Beautifully.
-Version: 2.12.13
+Version: 2.12.14
 Author: WPFactory
 Author URI: https://wpfactory.com/
 Text Domain: eu-vat-for-woocommerce
@@ -22,7 +22,7 @@
  * Main Alg_WC_EU_VAT Class
  *
  * @class   Alg_WC_EU_VAT
- * @version 2.12.13
+ * @version 2.12.14
  * @since   1.0.0
  */
 final class Alg_WC_EU_VAT {
@@ -33,7 +33,7 @@ final class Alg_WC_EU_VAT {
 	 * @var   string
 	 * @since 1.0.0
 	 */
-	public $version = '2.12.13';
+	public $version = '2.12.14';
 
 	/**
 	 * core object.

diff --git a/includes/admin/class-alg-wc-eu-vat-admin.php b/includes/admin/class-alg-wc-eu-vat-admin.php
@@ -2,7 +2,7 @@
 /**
  * EU VAT for WooCommerce - Admin Class
  *
- * @version 2.12.12
+ * @version 2.12.14
  * @since   1.0.0
  * @author  WPFactory
  */
@@ -398,7 +398,7 @@ function add_meta_box() {
 	/**
 	 * create_meta_box.
 	 *
-	 * @version 2.12.12
+	 * @version 2.12.14
 	 * @since   1.0.0
 	 * @todo    [dev] save actual EU VAT number used on checkout (instead of `get_post_meta( $order_id, '_' . alg_wc_eu_vat_get_field_id(), true )`)
 	 * @todo    [dev] (maybe) add country flag
@@ -458,7 +458,7 @@ function create_meta_box( $object ) {
 		// Output
 		$order_id = $_order->get_id();
 		echo alg_wc_eu_vat_get_table_html( $table_data, array( 'table_class' => 'widefat striped', 'table_heading_type' => 'vertical' ) );
-		echo '<p>' . '<a href="' . add_query_arg( 'validate_vat_and_maybe_remove_taxes', $order_id ) . '">' .
+		echo '<p>' . '<a href="' . esc_url ( add_query_arg( 'validate_vat_and_maybe_remove_taxes', $order_id ) ) . '">' .
 			__( 'Validate VAT and remove taxes', 'eu-vat-for-woocommerce' ) . '</a>' . '</p>';
 	}
 

diff --git a/includes/class-alg-wc-eu-vat-ajax.php b/includes/class-alg-wc-eu-vat-ajax.php
@@ -2,7 +2,7 @@
 /**
  * EU VAT for WooCommerce - AJAX Class
  *
- * @version 2.12.13
+ * @version 2.12.14
  * @since   1.0.0
  * @author  WPFactory
  */
@@ -35,13 +35,13 @@ function __construct() {
 	/**
 	 * enqueue_scripts.
 	 *
-	 * @version 2.11.11
+	 * @version 2.12.14
 	 * @since   1.0.0
 	 * @todo    [dev] (important) `... && function_exists( 'is_checkout' ) && is_checkout()`
 	 */
 	function enqueue_scripts() {
 		if ( 'yes' === get_option( 'alg_wc_eu_vat_validate', 'yes' ) ) {
-			if ( ( function_exists( 'is_checkout' ) && is_checkout() ) || is_account_page() ) {
+			if ( ( function_exists( 'is_checkout' ) && is_checkout() ) || ( is_account_page() && ! is_wc_endpoint_url( 'edit-address' ) ) ) {
 				wp_enqueue_script( 'alg-wc-eu-vat', alg_wc_eu_vat()->plugin_url() . '/includes/js/alg-wc-eu-vat.js', array('jquery'), alg_wc_eu_vat()->version, true );
 				wp_localize_script( 'alg-wc-eu-vat', 'alg_wc_eu_vat_ajax_object', array(
 					'ajax_url'                        => admin_url( 'admin-ajax.php' ),
@@ -279,10 +279,15 @@ function alg_wc_eu_vat_validate_action( $param ) {
 	/**
 	 * alg_wc_eu_vat_exempt_vat_from_admin.
 	 *
-	 * @version 2.12.13
+	 * @version 2.12.14
 	 * @since   2.12.13
 	 */
 	function alg_wc_eu_vat_exempt_vat_from_admin( $param ){
+
+		if ( ! current_user_can('manage_options') || ! wp_verify_nonce( $_POST['nonce'], 'alg-wc-eu-vat-ajax-nonce' ) ) {
+			exit;
+		}
+
 		if ( isset( $_POST['order_id'] ) && '' != $_POST['order_id'] ) {
 			$orderid = esc_attr($_POST['order_id']);
 			if(isset( $_POST['status'] ) && 'yes' == $_POST['status'] ){

diff --git a/includes/class-alg-wc-eu-vat-core.php b/includes/class-alg-wc-eu-vat-core.php
@@ -2,7 +2,7 @@
 /**
  * EU VAT for WooCommerce - Core Class
  *
- * @version 2.12.13
+ * @version 2.12.14
  * @since   1.0.0
  * @author  WPFactory
  */
@@ -28,7 +28,7 @@ class Alg_WC_EU_VAT_Core {
 	/**
 	 * Constructor.
 	 *
-	 * @version 2.12.5
+	 * @version 2.12.14
 	 * @since   1.0.0
 	 * @todo    [dev] (maybe) "eu vat number" to "eu vat"
 	 * @todo    [feature] `add_eu_vat_verify_button` (`woocommerce_form_field_text`) (`return ( alg_wc_eu_vat_get_field_id() === $key ) ? $field . '<span style="font-size:smaller !important;">' . '[<a name="billing_eu_vat_number_verify" href="">' . __( 'Verify', 'eu-vat-for-woocommerce' ) . '</a>]' . '</span>' : $field;`)
@@ -144,6 +144,8 @@ function __construct() {
 
 			add_action( 'wpo_wcpdf_after_order_details', 			 array( $this, 'add_vat_exempt_text_pdf_footer'), 10, 2 );
 
+			add_filter('woocommerce_billing_fields', 				 array( $this, 'add_frontend_edit_billing_fields' ), 10 );
+
 		}
 
 		add_filter('woocommerce_rest_prepare_shop_order_object', array( $this, 'alg_wc_eu_vat_filter_order_response' ), PHP_INT_MAX, 3 );
@@ -176,6 +178,28 @@ function __construct() {
 	}
 
 
+	/* add_frontend_edit_billing_fields.
+	 *
+	 * @version 2.12.14
+	 * @since   2.12.14
+	 */
+	function add_frontend_edit_billing_fields( $fields ) {
+
+		$field_id = alg_wc_eu_vat_get_field_id();
+
+		$fields[$field_id] = array(
+			'label' 		=> do_shortcode( get_option( 'alg_wc_eu_vat_field_label', __( 'EU VAT Number', 'eu-vat-for-woocommerce' ) ) ), 
+			'placeholder' 	=> do_shortcode( get_option( 'alg_wc_eu_vat_field_placeholder', __( 'EU VAT Number', 'eu-vat-for-woocommerce' ) ) ),
+			'required' 		=> false, 
+			'clear' 		=> false, 
+			'type' 			=> 'text', 
+			'class' 		=> array('alg-wc-frontend-billing-edit'),
+			'priority' 		=> get_option( 'alg_wc_eu_vat_field_priority', 200 ),
+		);
+
+		return $fields;
+	}
+
 	/* alg_wc_eu_vat_support_yith_invoice.
 	 *
 	 * @version 2.12.4
@@ -799,6 +823,14 @@ function eu_vat_wp_footer() {
 	</style>
 	<?php 
 		}
+
+		?>
+		<style>
+		div.woocommerce-MyAccount-content .alg-wc-frontend-billing-edit {
+			display: block !important;
+		}
+		</style>
+		<?php
 	}
 
 	/**
@@ -809,6 +841,8 @@ function eu_vat_wp_footer() {
 	 */
 
 	function eu_vat_admin_footer() {
+
+		$nonce = wp_create_nonce('alg-wc-eu-vat-ajax-nonce');
     ?>
 		<script type="text/javascript">
 		jQuery('body').on('click', '.exempt_vat_from_admin', function() {
@@ -826,6 +860,7 @@ function eu_vat_admin_footer() {
 						action:   'exempt_vat_from_admin',
 						order_id: order_id,
 						status: status,
+						'nonce': '<?php echo $nonce; ?>'
 					};
 			jQuery.ajax({
 				url:  woocommerce_admin_meta_boxes.ajax_url,

diff --git a/langs/eu-vat-for-woocommerce.pot b/langs/eu-vat-for-woocommerce.pot
@@ -2,14 +2,14 @@
 # This file is distributed under the GNU General Public License v3.0.
 msgid ""
 msgstr ""
-"Project-Id-Version: eu-vat-for-woocommerce 2.12.13\n"
+"Project-Id-Version: eu-vat-for-woocommerce 2.12.14\n"
 "Report-Msgid-Bugs-To: https://wordpress.org/support/plugin/eu-vat-for-woocommerce\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"POT-Creation-Date: 2024-09-23T15:20:59+02:00\n"
+"POT-Creation-Date: 2024-09-26T16:38:20+02:00\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "X-Generator: WP-CLI 2.9.0\n"
 "X-Domain: eu-vat-for-woocommerce\n"
@@ -37,11 +37,13 @@ msgstr ""
 
 #: eu-vat-for-woocommerce-blocks-initialize.php:55
 #: includes/admin/class-alg-wc-eu-vat-admin.php:356
-#: includes/class-alg-wc-eu-vat-core.php:1219
-#: includes/class-alg-wc-eu-vat-core.php:1221
-#: includes/class-alg-wc-eu-vat-core.php:1338
-#: includes/class-alg-wc-eu-vat-core.php:1418
-#: includes/class-alg-wc-eu-vat-core.php:1450
+#: includes/class-alg-wc-eu-vat-core.php:191
+#: includes/class-alg-wc-eu-vat-core.php:192
+#: includes/class-alg-wc-eu-vat-core.php:1254
+#: includes/class-alg-wc-eu-vat-core.php:1256
+#: includes/class-alg-wc-eu-vat-core.php:1373
+#: includes/class-alg-wc-eu-vat-core.php:1453
+#: includes/class-alg-wc-eu-vat-core.php:1485
 #: includes/settings/class-alg-wc-eu-vat-settings-general.php:86
 #: includes/settings/class-alg-wc-eu-vat-settings-general.php:94
 #: build/eu-vat-for-woocommerce-checkout-eu-vat-field-block.js:1
@@ -169,7 +171,7 @@ msgid "VAT is valid."
 msgstr ""
 
 #: includes/class-alg-wc-eu-vat-ajax.php:55
-#: includes/class-alg-wc-eu-vat-core.php:1887
+#: includes/class-alg-wc-eu-vat-core.php:1922
 #: includes/settings/class-alg-wc-eu-vat-settings-validation.php:272
 msgid "VAT is not valid."
 msgstr ""
@@ -201,38 +203,38 @@ msgid "(optional)"
 msgstr ""
 
 #: includes/class-alg-wc-eu-vat-ajax.php:138
-#: includes/class-alg-wc-eu-vat-core.php:1593
+#: includes/class-alg-wc-eu-vat-core.php:1628
 msgid "Error: Country by IP does not match (%s)"
 msgstr ""
 
-#: includes/class-alg-wc-eu-vat-core.php:216
-#: includes/class-alg-wc-eu-vat-core.php:380
-#: includes/class-alg-wc-eu-vat-core.php:1768
-#: includes/class-alg-wc-eu-vat-core.php:1838
+#: includes/class-alg-wc-eu-vat-core.php:240
+#: includes/class-alg-wc-eu-vat-core.php:404
+#: includes/class-alg-wc-eu-vat-core.php:1803
+#: includes/class-alg-wc-eu-vat-core.php:1873
 #: includes/settings/class-alg-wc-eu-vat-settings-validation.php:70
 msgid "<strong>EU VAT Number</strong> is not valid."
 msgstr ""
 
-#: includes/class-alg-wc-eu-vat-core.php:349
-#: includes/class-alg-wc-eu-vat-core.php:1815
+#: includes/class-alg-wc-eu-vat-core.php:373
+#: includes/class-alg-wc-eu-vat-core.php:1850
 msgid "Success (checkout): VAT ID valid. Matched with prevalidated VAT numbers."
 msgstr ""
 
-#: includes/class-alg-wc-eu-vat-core.php:375
-#: includes/class-alg-wc-eu-vat-core.php:1846
+#: includes/class-alg-wc-eu-vat-core.php:399
+#: includes/class-alg-wc-eu-vat-core.php:1881
 msgid "Error: VAT is not valid (checkout)"
 msgstr ""
 
-#: includes/class-alg-wc-eu-vat-core.php:442
+#: includes/class-alg-wc-eu-vat-core.php:466
 msgid "VAT SHIFTED"
 msgstr ""
 
-#: includes/class-alg-wc-eu-vat-core.php:1025
+#: includes/class-alg-wc-eu-vat-core.php:1060
 #: includes/settings/class-alg-wc-eu-vat-settings-general.php:163
 msgid "You didn't set your VAT ID. Are you sure you want to continue?"
 msgstr ""
 
-#: includes/class-alg-wc-eu-vat-core.php:1025
+#: includes/class-alg-wc-eu-vat-core.php:1060
 #: includes/settings/class-alg-wc-eu-vat-settings-general.php:171
 #: includes/settings/class-alg-wc-eu-vat-settings-general.php:180
 #: includes/settings/class-alg-wc-eu-vat-settings-general.php:202
@@ -254,21 +256,21 @@ msgstr ""
 msgid "Yes"
 msgstr ""
 
-#: includes/class-alg-wc-eu-vat-core.php:1025
+#: includes/class-alg-wc-eu-vat-core.php:1060
 msgid "No"
 msgstr ""
 
-#: includes/class-alg-wc-eu-vat-core.php:1137
+#: includes/class-alg-wc-eu-vat-core.php:1172
 #: includes/settings/class-alg-wc-eu-vat-settings-general.php:244
 msgid "I don't have a VAT ID"
 msgstr ""
 
-#: includes/class-alg-wc-eu-vat-core.php:1156
+#: includes/class-alg-wc-eu-vat-core.php:1191
 #: includes/settings/class-alg-wc-eu-vat-settings-general.php:260
 msgid "I have a valid VAT but not exempted"
 msgstr ""
 
-#: includes/class-alg-wc-eu-vat-core.php:1414
+#: includes/class-alg-wc-eu-vat-core.php:1449
 msgid "Customer Decide"
 msgstr ""
 

diff --git a/readme.txt b/readme.txt
@@ -3,7 +3,7 @@ Contributors: wpcodefactory, omardabbas, karzin, anbinder, algoritmika, kousikmu
 Tags: EU VAT, UK VAT, tax, vat validation, VAT
 Requires at least: 6.1
 Tested up to: 6.6
-Stable tag: 2.12.13
+Stable tag: 2.12.14
 License: GNU General Public License v3.0
 License URI: http://www.gnu.org/licenses/gpl-3.0.html
 
@@ -290,6 +290,10 @@ Once activated, access the plugin's settings by navigating to “WooCommerce > S
 
 == Changelog ==
 
+= 2.12.14 - 26/09/2024 =
+* Fix - Cross-Site Scripting vulnerability.
+* Add - EU VAT filed to "My Account" - "Edit Address".
+
 = 2.12.13 - 23/09/2024 =
 * Fix - Cross-Site Scripting vulnerability.