Little Validation

codersaiful · Jun 2, 2021 · b811a79 · b811a79
1 parent a378eac
commit b811a79
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 8 deletions.
diff --git a/includes/helper-functions.php b/includes/helper-functions.php
@@ -337,7 +337,7 @@ function wpt_ajax_add_to_cart() {
         $data = array_filter( $data );
 
         $product_id     = ( isset($data['product_id']) && !empty( $data['product_id']) ? absint( $data['product_id'] ) : false );
-        $quantity       = ( isset($data['quantity']) && !empty( $data['quantity']) && is_numeric($data['quantity']) ? $data['quantity'] : 1 );
+        $quantity       = ( isset($data['quantity']) && !empty( $data['quantity']) && is_numeric($data['quantity']) ? sanitize_text_field( $data['quantity'] ) : 1 );
         $variation_id   = ( isset($data['variation_id']) && !empty( $data['variation_id']) ? absint( $data['variation_id'] ) : false );
         $variation      = ( isset($data['variation']) && !empty( $data['variation']) ? sanitize_text_field( $data['variation'] ) : false );
         $custom_message = ( isset($data['custom_message']) && !empty( $data['custom_message']) ? sanitize_text_field( $data['custom_message'] ) : false );
@@ -479,7 +479,7 @@ function wpt_adding_to_cart_multiple_items( $products = false ){
             $serial = 0;
             foreach ( $products as $product ) {
                 $product_id = ( isset($product['product_id']) && !empty( $product['product_id'] ) ? absint( $product['product_id'] ) : false );
-                $quantity = ( isset($product['quantity']) && !empty( $product['quantity'] ) && is_numeric( $product['quantity'] ) ? $product['quantity'] : 1 );
+                $quantity = ( isset($product['quantity']) && !empty( $product['quantity'] ) && is_numeric( $product['quantity'] ) ? sanitize_text_field( $product['quantity'] ) : 1 );
                 $variation_id = ( isset($product['variation_id']) && !empty( $product['variation_id'] ) ? absint( $product['variation_id'] ) : false );
                 $variation = ( isset($product['variation']) && !empty( $product['variation'] ) ? $product['variation'] : false );
 

diff --git a/includes/items/stock.php b/includes/items/stock.php
@@ -1,5 +1,5 @@
 <?php
-echo wc_get_stock_html($product);
+echo wc_get_stock_html( $product );
 /*
 $stock_status_message = $stock_status_message = $config_value['table_out_of_stock'];
 if( $data['stock_status'] == 'instock' ){

diff --git a/includes/items/total.php b/includes/items/total.php
@@ -42,8 +42,8 @@
 echo "<div data-number_of_decimal='" . esc_attr( $number_of_decimal ) . "' "
         . "data-thousand_separator='" . esc_attr( $thousand_separator ) . "' "
         . "data-price_decimal_separator='" . esc_attr( $price_decimal_separator ) . "' "
-        . "data-price='" . $total_price . "' "
+        . "data-price='" . esc_attr( $total_price ) . "' "
         . "data-currency='" . esc_attr( get_woocommerce_currency_symbol() ) . "' "
         . "data-price_format='". esc_attr( $priceFormat ) ."' "
         . "class='wpt_total_item wpt_total " . ( $variable_for_total || !$total_price ? 'total_variaion' : 'total_general' ) . "'>"
-        . "<strong>" . ( !$variable_for_total ? $newPrice : '' ) . "</strong></div>";
+        . "<strong>" . ( !$variable_for_total ? wp_kses_post( $newPrice ) : '' ) . "</strong></div>"; //$newPrice - Even Already XSS ok, we have used woocommece function
diff --git a/includes/items/variations.php b/includes/items/variations.php
@@ -1,7 +1,4 @@
 <?php
-//echo "<div data-temp_number='{$temp_number}' class='{$row_class} wpt_variations wpt_variation_" . $data['id'] . "' data-quantity='1' data-product_id='" . $data['id'] . "' data-product_variations = '" . esc_attr( $data_product_variations ) . "'> ";
-//echo $variation_html;
-//echo "</div>";
 
 /**
  * Variation HTML is handled by new file