Headline
CVE-2023-3200: mstore-api.php in mstore-api/trunk – WordPress Plugin Repository
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
1<?php2/**3 * Plugin Name: MStore API4 * Plugin URI: https://github.com/inspireui/mstore-api5 * Description: The MStore API Plugin which is used for the MStore and FluxStore Mobile App6 * Version: 3.9.77 * Author: InspireUI8 * Author URI: https://inspireui.com9 *10 * Text Domain: MStore-Api11 */1213defined(‘ABSPATH’) or wp_die(‘No script kiddies please!’);141516// use MStoreCheckout\Templates\MDetect;1718include plugin_dir_path(__FILE__) . "templates/class-mobile-detect.php";19include plugin_dir_path(__FILE__) . "templates/class-rename-generate.php";20include_once plugin_dir_path(__FILE__) . "controllers/flutter-user.php";21include_once plugin_dir_path(__FILE__) . "controllers/flutter-home.php";22include_once plugin_dir_path(__FILE__) . "controllers/flutter-booking.php";23include_once plugin_dir_path(__FILE__) . "controllers/flutter-vendor-admin.php";24include_once plugin_dir_path(__FILE__) . "controllers/flutter-woo.php";25include_once plugin_dir_path(__FILE__) . "controllers/flutter-delivery.php";26include_once plugin_dir_path(__FILE__) . "functions/index.php";27include_once plugin_dir_path(__FILE__) . "functions/utils.php";28include_once plugin_dir_path(__FILE__) . "controllers/flutter-tera-wallet.php";29include_once plugin_dir_path(__FILE__) . "controllers/flutter-paytm.php";30include_once plugin_dir_path(__FILE__) . "controllers/flutter-paystack.php";31include_once plugin_dir_path(__FILE__) . "controllers/flutter-flutterwave.php";32include_once plugin_dir_path(__FILE__) . "controllers/flutter-myfatoorah.php";33include_once plugin_dir_path(__FILE__) . "controllers/flutter-midtrans.php";34include_once plugin_dir_path(__FILE__) . "controllers/flutter-paid-memberships-pro.php";35include_once plugin_dir_path(__FILE__) . "controllers/listing-rest-api/class.api.fields.php";36include_once plugin_dir_path(__FILE__) . "controllers/flutter-blog.php";37include_once plugin_dir_path(__FILE__) . "controllers/flutter-wholesale.php";38include_once plugin_dir_path(__FILE__) . "controllers/flutter-stripe.php";39include_once plugin_dir_path(__FILE__) . "controllers/flutter-notification.php";4041class MstoreCheckOut42{43 public $version = '3.9.7’;4445 public function __construct()46 {47 define('MSTORE_CHECKOUT_VERSION’, $this->version);48 define('MSTORE_PLUGIN_FILE’, __FILE__);4950 /**51 * Prepare data before checkout by webview52 */53 add_action('template_redirect’, ‘flutter_prepare_checkout’);5455 include_once(ABSPATH . ‘wp-admin/includes/plugin.php’);56 include_once(ABSPATH . ‘wp-includes/pluggable.php’);5758 //migrate old versions to re-verify purchase code automatically59 verifyPurchaseCodeAuto();6061 if (is_plugin_active(‘woocommerce/woocommerce.php’) == false) {62 return 0;63 }64 add_action('woocommerce_init’, ‘woocommerce_mstore_init’);65 function woocommerce_mstore_init()66 {67 include_once plugin_dir_path(__FILE__) . "controllers/flutter-order.php";68 include_once plugin_dir_path(__FILE__) . "controllers/flutter-multi-vendor.php";69 include_once plugin_dir_path(__FILE__) . "controllers/flutter-vendor.php";70 include_once plugin_dir_path(__FILE__) . "controllers/helpers/delivery-wcfm-helper.php";71 include_once plugin_dir_path(__FILE__) . "controllers/helpers/delivery-wcfm-helper.php";72 include_once plugin_dir_path(__FILE__) . "controllers/helpers/vendor-admin-woo-helper.php";73 include_once plugin_dir_path(__FILE__) . "controllers/helpers/vendor-admin-wcfm-helper.php";74 include_once plugin_dir_path(__FILE__) . "controllers/helpers/vendor-admin-dokan-helper.php";75 include_once plugin_dir_path(__FILE__) . "controllers/flutter-customer.php";76 include_once plugin_dir_path(__FILE__) . "functions/video-setting-embed.php";77 }7879 $order = filter_has_var(INPUT_GET, ‘code’) && strlen(filter_input(INPUT_GET, ‘code’)) > 0 ? true : false;80 if ($order) {81 add_filter('woocommerce_is_checkout’, ‘__return_true’);82 }8384 /*85 add_filter( 'woocommerce_get_item_data’, 'display_custom_product_field_data_mstore_api’, 10, 2 );8687 function display_custom_product_field_data_mstore_api( $cart_data, $cart_item ) {8889 if( !empty( $cart_data ) ){90 $custom_items = $cart_data;9192 $code = sanitize_text_field($_GET[‘code’]) ?: get_transient( ‘mstore_code’ );93 set_transient( 'mstore_code’, $code, 600 );9495 global $wpdb;96 $table_name = $wpdb->prefix . "mstore_checkout";97 $item = $wpdb->get_row(“SELECT * FROM $table_name WHERE code = '$code’”);98 if ($item) {99 $data = json_decode(urldecode(base64_decode($item->order)), true);100 $line_items = $data[‘line_items’];101 $product_ids = [];102 foreach($line_items as $line => $item) {103 $product_ids[$item[‘product_id’]] = $item;104 }105106 if (array_key_exists($cart_item[‘product_id’], $product_ids)) {107 if ($varian = $product_ids[$cart_item[‘product_id’]]) {108 $variations = $varian[‘meta_data’];109 foreach($variations as $v => $f) {110 preg_match('#\((.*?)\)#’, $f[‘key’], $match);111 $val = $match[1];112 $custom_items[] = array(113 ‘key’ => $f[‘value’],114 ‘value’ => $val,115 ‘display’ => $val,116 );117 }118 }119 }120 }121122 return $custom_items;123 }124 return $cart_data;125 }126127128 add_action( 'woocommerce_before_calculate_totals’, ‘add_custom_price_mstore_api’ );129130 function add_custom_price_mstore_api( $cart_object ) {131 foreach ( WC()->cart->get_cart() as $cart_item_key => $cart_item ) {132 $add_price = 0;133 if ($variations = $cart_item[‘variation’]) {134 foreach($variations as $v => $f) {135 preg_match('#\((.*?)\)#’, $v, $match);136 if(is_array($match) && array_key_exists(1,$match)){137 $val = $match[1];138 $cents = filter_var($val, FILTER_SANITIZE_NUMBER_INT);139 if(is_numeric($cents)){140 $add_price += floatval($cents / 100);141 }142 }143 }144 }145 $new_price = $cart_item[‘data’]->get_price() + $add_price;146 $cart_item[‘data’]->set_price($new_price); 147 }148 }149 */150151 add_action('wp_print_scripts’, array($this, ‘handle_received_order_page’));152153 //add meta box shipping location in order detail154 add_action('add_meta_boxes’, ‘mv_add_meta_boxes’);155 if (!function_exists(‘mv_add_meta_boxes’)) {156 function mv_add_meta_boxes()157 {158 add_meta_box('mv_other_fields’, __('Shipping Location’, ‘woocommerce’), 'mv_add_other_fields_for_packaging’, 'shop_order’, ‘side’, ‘core’);159 }160 }161 // Adding Meta field in the meta container admin shop_order pages162 if (!function_exists(‘mv_add_other_fields_for_packaging’)) {163 function mv_add_other_fields_for_packaging()164 {165 global $post;166 $note = $post->post_excerpt;167 $items = explode("\n", $note);168 if (strpos($items[0], “URL:”) !== false) {169 $url = str_replace(“URL:", “", $items[0]);170 echo esc_html('<iframe width="600” height="500” src="’ . esc_url($url) . ‘"></iframe>’);171 }172 }173 }174175 register_activation_hook(__FILE__, array($this, ‘create_custom_mstore_table’));176177178 /**179 * Register js file to theme180 */181 function mstore_frontend_script()182 {183 wp_enqueue_script('my_script’, plugins_url('assets/js/mstore-inspireui.js’, MSTORE_PLUGIN_FILE), array(‘jquery’), '1.0.0’, true);184 wp_localize_script('my_script’, 'MyAjax’, array(‘ajaxurl’ => admin_url(‘admin-ajax.php’)));185 }186187 add_action('wp_enqueue_scripts’, ‘mstore_frontend_script’);188 // Setup Ajax action hook189 add_action('wp_ajax_mstore_delete_json_file’, array($this, ‘mstore_delete_json_file’));190 add_action('wp_ajax_mstore_update_limit_product’, array($this, ‘mstore_update_limit_product’));191 add_action('wp_ajax_mstore_update_firebase_server_key’, array($this, ‘mstore_update_firebase_server_key’));192 add_action('wp_ajax_mstore_update_new_order_title’, array($this, ‘mstore_update_new_order_title’));193 add_action('wp_ajax_mstore_update_new_order_message’, array($this, ‘mstore_update_new_order_message’));194 add_action('wp_ajax_mstore_update_status_order_title’, array($this, ‘mstore_update_status_order_title’));195 add_action('wp_ajax_mstore_update_status_order_message’, array($this, ‘mstore_update_status_order_message’));196197 // listen changed order status to notify198 add_action('woocommerce_order_status_changed’, array($this, ‘track_order_status_changed’), 9, 4);199 add_action('woocommerce_checkout_update_order_meta’, array($this, ‘track_new_order’));200 add_action('woocommerce_rest_insert_shop_order_object’, array($this, ‘track_api_new_order’), 10, 4);201202 $path = get_template_directory() . "/templates";203 if (!file_exists($path)) {204 mkdir($path, 0777, true);205 }206 if (file_exists($path)) {207 $templatePath = plugin_dir_path(__FILE__) . "templates/mstore-api-template.php";208 if (!copy($templatePath, $path . “/mstore-api-template.php”)) {209 return 0;210 }211 }212 }213214 function mstore_delete_json_file(){215 if(checkIsAdmin(get_current_user_id())){216 $id = sanitize_text_field($_REQUEST[‘id’]);217 $nonce = sanitize_text_field($_REQUEST[‘nonce’]);218 FlutterUtils::delete_config_file($id, $nonce);219 }else{220 wp_send_json_error('No Permission’,401);221 }222 }223224 function mstore_update_limit_product()225 {226 $nonce = sanitize_text_field($_REQUEST[‘nonce’]);227 if(checkIsAdmin(get_current_user_id()) && wp_verify_nonce($nonce, ‘update_limit_product’)){228 $limit = sanitize_text_field($_REQUEST[‘limit’]);229 if (is_numeric($limit)) {230 update_option("mstore_limit_product", intval($limit));231 }232 }else{233 wp_send_json_error('No Permission’,401);234 }235 }236237 function mstore_update_firebase_server_key()238 {239 $nonce = sanitize_text_field($_REQUEST[‘nonce’]);240 if(checkIsAdmin(get_current_user_id()) && wp_verify_nonce($nonce, ‘update_firebase_server_key’)){241 $serverKey = sanitize_text_field($_REQUEST[‘serverKey’]);242 update_option("mstore_firebase_server_key", $serverKey);243 }else{244 wp_send_json_error('No Permission’,401);245 }246 }247248 function mstore_update_new_order_title()249 {250 $nonce = sanitize_text_field($_REQUEST[‘nonce’]);251 if(checkIsAdmin(get_current_user_id()) && wp_verify_nonce($nonce, ‘update_new_order_title’)){252 $title = sanitize_text_field($_REQUEST[‘title’]);253 update_option("mstore_new_order_title", $title);254 }else{255 wp_send_json_error('No Permission’,401);256 }257 }258259 function mstore_update_new_order_message()260 {261 $nonce = sanitize_text_field($_REQUEST[‘nonce’]);262 if(checkIsAdmin(get_current_user_id()) && wp_verify_nonce($nonce, ‘update_new_order_message’)){263 $message = sanitize_text_field($_REQUEST[‘message’]);264 update_option("mstore_new_order_message", $message);265 }else{266 wp_send_json_error('No Permission’,401);267 }268 }269270 function mstore_update_status_order_title()271 {272 $nonce = sanitize_text_field($_REQUEST[‘nonce’]);273 if(checkIsAdmin(get_current_user_id()) && wp_verify_nonce($nonce, ‘update_status_order_title’)){274 $title = sanitize_text_field($_REQUEST[‘title’]);275 update_option("mstore_status_order_title", $title);276 }else{277 wp_send_json_error('No Permission’,401);278 }279 }280281 function mstore_update_status_order_message()282 {283 $nonce = sanitize_text_field($_REQUEST[‘nonce’]);284 if(checkIsAdmin(get_current_user_id()) && wp_verify_nonce($nonce, ‘update_status_order_message’)){285 $message = sanitize_text_field($_REQUEST[‘message’]);286 update_option("mstore_status_order_message", $message);287 }else{288 wp_send_json_error('No Permission’,401);289 }290 }291292 // update order via website293 function track_order_status_changed($id, $previous_status, $next_status)294 {295 trackOrderStatusChanged($id, $previous_status, $next_status);296 }297298 // new order via website299 function track_new_order($order_id)300 {301 trackNewOrder($order_id);302 }303304 //new order or update order via API305 function track_api_new_order($object,$request, $creating)306 {307 if($creating){308 trackNewOrder($object->id);309 }else{310 $body = $request->get_body_params();311 if(isset($body[‘status’])){312 sendNotificationForOrderStatusUpdated($object->id, $body[‘status’]);313 }314 }315 }316317 public function handle_received_order_page()318 {319 // default return true for getting checkout library working320 if (is_order_received_page()) {321 $detect = new MDetect;322 if ($detect->isMobile()) {323 wp_register_style('mstore-order-custom-style’, plugins_url('assets/css/mstore-order-style.css’, MSTORE_PLUGIN_FILE));324 wp_enqueue_style(‘mstore-order-custom-style’);325 }326 }327328 }329330 function create_custom_mstore_table()331 {332 global $wpdb;333 // include upgrade-functions for maybe_create_table;334 if (!function_exists(‘maybe_create_table’)) {335 require_once ABSPATH . 'wp-admin/includes/upgrade.php’;336 }337 $charset_collate = $wpdb->get_charset_collate();338 $table_name = $wpdb->prefix . 'mstore_checkout’;339 $sql = "CREATE TABLE $table_name (340 id mediumint(9) NOT NULL AUTO_INCREMENT,341 `code` tinytext NOT NULL,342 `order` text NOT NULL,343 PRIMARY KEY (id)344 ) $charset_collate;";345 $success = maybe_create_table($table_name, $sql);346 }347}348349$mstoreCheckOut = new MstoreCheckOut();350351// use JO\Module\Templater\Templater;352include plugin_dir_path(__FILE__) . "templates/class-templater.php";353354add_action('plugins_loaded’, ‘load_mstore_templater’);355function load_mstore_templater()356{357358 // add our new custom templates359 $my_templater = new Templater(360 array(361 // YOUR_PLUGIN_DIR or plugin_dir_path(__FILE__)362 ‘plugin_directory’ => plugin_dir_path(__FILE__),363 // should end with _ > prefix_364 ‘plugin_prefix’ => 'plugin_prefix_’,365 // templates directory inside your plugin366 ‘plugin_template_directory’ => 'templates’,367 )368 );369 $my_templater->add(370 array(371 ‘page’ => array(372 ‘mstore-api-template.php’ => 'Page Custom Template’,373 ),374 )375 )->register();376}377378//custom rest api379function flutter_users_routes()380{381 $controller = new FlutterUserController();382 $controller->register_routes();383}384385add_action('rest_api_init’, ‘flutter_users_routes’);386add_action('rest_api_init’, ‘mstore_check_payment_routes’);387function mstore_check_payment_routes()388{389 register_rest_route('order’, '/verify’, array(390 ‘methods’ => 'GET’,391 ‘callback’ => 'mstore_check_payment’,392 ‘permission_callback’ => function () {393 return true;394 },395 )396 );397}398399function mstore_check_payment()400{401 return true;402}403404405// Add menu Setting406add_action('admin_menu’, ‘mstore_plugin_setup_menu’);407408function mstore_plugin_setup_menu()409{410 add_menu_page('MStore Api’, 'MStore Api’, 'manage_options’, 'mstore-plugin’, ‘mstore_init’);411}412413function mstore_init()414{415 load_template(dirname(__FILE__) . ‘/templates/mstore-api-admin-page.php’);416}417418add_filter('woocommerce_rest_prepare_product_variation_object’, 'custom_woocommerce_rest_prepare_product_variation_object’, 20, 3);419add_filter('woocommerce_rest_prepare_product_object’, 'flutter_custom_change_product_response’, 20, 3);420add_filter('woocommerce_rest_prepare_product_review’, 'custom_product_review’, 20, 3);421add_filter('woocommerce_rest_prepare_product_cat’, 'custom_product_category’, 20, 3);422423function custom_product_category($response, $object, $request)424{425 $id = $response->data[‘id’];426 $children = get_term_children($id, ‘product_cat’);427428 if(empty( $children ) ) {429 $response->data[‘has_children’] = false;430 }else{431 $response->data[‘has_children’] = true;432 }433 return $response;434}435436function custom_product_review($response, $object, $request)437{438 if(is_plugin_active(‘woo-photo-reviews/woo-photo-reviews.php’) || is_plugin_active(‘woocommerce-photo-reviews/woocommerce-photo-reviews.php’)){439 $id = $response->data[‘id’];440 $image_post_ids = get_comment_meta( $id, 'reviews-images’, true );441 $image_arr = array();442 if(!is_string($image_post_ids)){443 foreach( $image_post_ids as $image_post_id ) {444 $image_arr[] = wp_get_attachment_thumb_url( $image_post_id );445 }446 }447 $response->data[‘images’] = $image_arr;448 }449 return $response;450}451 452453function flutter_custom_change_product_response($response, $object, $request)454{455 return customProductResponse($response, $object, $request);456}457458function custom_woocommerce_rest_prepare_product_variation_object($response, $object, $request)459{460461 global $woocommerce_wpml;462463 $is_purchased = false;464 if (isset($request[‘user_id’])) {465 $user_id = $request[‘user_id’];466 $user_data = get_userdata($user_id);467 $user_email = $user_data->user_email;468 $is_purchased = wc_customer_bought_product($user_email, $user_id, $response->data[‘id’]);469 }470 $response->data[‘is_purchased’] = $is_purchased;471 if (!empty($woocommerce_wpml->multi_currency) && !empty($woocommerce_wpml->settings[‘currencies_order’])) {472473 $price = $response->data[‘price’];474475 foreach ($woocommerce_wpml->settings[‘currency_options’] as $key => $currency) {476 $rate = (float)$currency[“rate”];477 $response->data[‘multi-currency-prices’][$key][‘price’] = $rate == 0 ? $price : sprintf("%.2f", $price * $rate);478 }479 }480481 return $response;482}483484// Prepare data before checkout by webview485function flutter_prepare_checkout()486{487488 if(empty($_GET) && isset($_SERVER[‘HTTP_REFERER’])){489 $url_components = parse_url($_SERVER[‘HTTP_REFERER’]);490 if (isset($url_components[‘query’])) {491 parse_str($url_components[‘query’], $params);492 if(!empty($params)){493 $_GET = $params;494 }495 }496 }497 498 if (isset($_GET[‘mobile’]) && isset($_GET[‘code’])) {499500 $code = sanitize_text_field($_GET[‘code’]);501 global $wpdb;502 $table_name = $wpdb->prefix . "mstore_checkout";503 $item = $wpdb->get_row(“SELECT * FROM $table_name WHERE code = '$code’”);504 if ($item) {505 $data = json_decode(urldecode(base64_decode($item->order)), true);506 } else {507 return var_dump(“Can’t not get the order”);508 }509510 $shipping = isset($data[‘shipping’]) ? $data[‘shipping’] : NULL;511 $billing = isset($data[‘billing’]) ? $data[‘billing’] : $shipping;512513 if (isset($data[‘token’])) {514 // Validate the cookie token515 $userId = validateCookieLogin($data[‘token’]);516 if(!is_wp_error($userId)){517 if (isset($billing)) {518 if(isset($billing[“first_name”]) && !empty($billing[“first_name”])){519 update_user_meta($userId, 'billing_first_name’, $billing[“first_name”]);520 update_user_meta($userId, 'shipping_first_name’, $billing[“first_name”]);521 }522 if(isset($billing[“last_name”]) && !empty($billing[“last_name”])){523 update_user_meta($userId, 'billing_last_name’, $billing[“last_name”]);524 update_user_meta($userId, 'shipping_last_name’, $billing[“last_name”]);525 }526 if(isset($billing[“company”]) && !empty($billing[“company”])){527 update_user_meta($userId, 'billing_company’, $billing[“company”]);528 update_user_meta($userId, 'shipping_company’, $billing[“company”]);529 }530 if(isset($billing[“address_1”]) && !empty($billing[“address_1”])){531 update_user_meta($userId, 'billing_address_1’, $billing[“address_1”]);532 update_user_meta($userId, 'shipping_address_1’, $billing[“address_1”]);533 }534 if(isset($billing[“address_2”]) && !empty($billing[“address_2”])){535 update_user_meta($userId, 'billing_address_2’, $billing[“address_2”]);536 update_user_meta($userId, 'shipping_address_2’, $billing[“address_2”]);537 }538 if(isset($billing[“city”]) && !empty($billing[“city”])){539 update_user_meta($userId, 'billing_city’, $billing[“city”]);540 update_user_meta($userId, 'shipping_city’, $billing[“city”]);541 }542 if(isset($billing[“state”]) && !empty($billing[“state”])){543 update_user_meta($userId, 'billing_state’, $billing[“state”]);544 update_user_meta($userId, 'shipping_state’, $billing[“state”]);545 }546 if(isset($billing[“postcode”]) && !empty($billing[“postcode”])){547 update_user_meta($userId, 'billing_postcode’, $billing[“postcode”]);548 update_user_meta($userId, 'shipping_postcode’, $billing[“postcode”]);549 }550 if(isset($billing[“country”]) && !empty($billing[“country”])){551 update_user_meta($userId, 'billing_country’, $billing[“country”]);552 update_user_meta($userId, 'shipping_country’, $billing[“country”]);553 }554 if(isset($billing[“email”]) && !empty($billing[“email”])){555 update_user_meta($userId, 'billing_email’, $billing[“email”]);556 update_user_meta($userId, 'shipping_email’, $billing[“email”]);557 }558 if(isset($billing[“phone”]) && !empty($billing[“phone”])){559 update_user_meta($userId, 'billing_phone’, $billing[“phone”]);560 update_user_meta($userId, 'shipping_phone’, $billing[“phone”]);561 }562 } else {563 $billing = [];564 $shipping = [];565 566 $billing[“first_name”] = get_user_meta($userId, 'billing_first_name’, true);567 $billing[“last_name”] = get_user_meta($userId, 'billing_last_name’, true);568 $billing[“company”] = get_user_meta($userId, 'billing_company’, true);569 $billing[“address_1”] = get_user_meta($userId, 'billing_address_1’, true);570 $billing[“address_2”] = get_user_meta($userId, 'billing_address_2’, true);571 $billing[“city”] = get_user_meta($userId, 'billing_city’, true);572 $billing[“state”] = get_user_meta($userId, 'billing_state’, true);573 $billing[“postcode”] = get_user_meta($userId, 'billing_postcode’, true);574 $billing[“country”] = get_user_meta($userId, 'billing_country’, true);575 $billing[“email”] = get_user_meta($userId, 'billing_email’, true);576 $billing[“phone”] = get_user_meta($userId, 'billing_phone’, true);577 578 $shipping[“first_name”] = get_user_meta($userId, 'shipping_first_name’, true);579 $shipping[“last_name”] = get_user_meta($userId, 'shipping_last_name’, true);580 $shipping[“company”] = get_user_meta($userId, 'shipping_company’, true);581 $shipping[“address_1”] = get_user_meta($userId, 'shipping_address_1’, true);582 $shipping[“address_2”] = get_user_meta($userId, 'shipping_address_2’, true);583 $shipping[“city”] = get_user_meta($userId, 'shipping_city’, true);584 $shipping[“state”] = get_user_meta($userId, 'shipping_state’, true);585 $shipping[“postcode”] = get_user_meta($userId, 'shipping_postcode’, true);586 $shipping[“country”] = get_user_meta($userId, 'shipping_country’, true);587 $shipping[“email”] = get_user_meta($userId, 'shipping_email’, true);588 $shipping[“phone”] = get_user_meta($userId, 'shipping_phone’, true);589 590 if (isset($billing[“first_name”]) && !isset($shipping[“first_name”])) {591 $shipping = $billing;592 }593 if (!isset($billing[“first_name”]) && isset($shipping[“first_name”])) {594 $billing = $shipping;595 }596 }597 598 // Check user and authentication599 $user = get_userdata($userId);600 if ($user && (!is_user_logged_in() || get_current_user_id() != $userId)) {601 wp_set_current_user($userId, $user->user_login);602 wp_set_auth_cookie($userId);603 604 header(“Refresh:0”);605 }606 }607 } else {608 if (is_user_logged_in()) {609 wp_logout();610 wp_set_current_user(0);611 header(“Refresh:0”);612 }613 }614615 if (is_plugin_active(‘woocommerce/woocommerce.php’) == true) {616 //header(“Content-Security-Policy: frame-ancestors ‘self’ *.yourdomain.com”);617 global $woocommerce;618 WC()->session->set('refresh_totals’, true);619 WC()->cart->empty_cart();620621 $products = $data[‘line_items’];622623 foreach ($products as $product) {624 $productId = absint($product[‘product_id’]);625626 $quantity = $product[‘quantity’];627 $variationId = isset($product[‘variation_id’]) ? $product[‘variation_id’] : "";628629 $attributes = [];630 if (isset($product[“meta_data”])) {631 foreach ($product[“meta_data”] as $item) {632 if($item[“value”] != null){633 $attributes[strtolower($item[“key”])] = $item[“value”];634 }635 }636 }637638 if (isset($product[‘addons’])) {639 $_POST = $product[‘addons’];640 }641 642 // Check the product variation643 if (!empty($variationId)) {644 $productVariable = new WC_Product_Variable($productId);645 $listVariations = $productVariable->get_available_variations();646 foreach ($listVariations as $vartiation => $value) {647 if ($variationId == $value[‘variation_id’]) {648 $attributes = array_merge($value[‘attributes’], $attributes);649 $woocommerce->cart->add_to_cart($productId, $quantity, $variationId, $attributes);650 }651 }652 } else {653 parseMetaDataForBookingProduct($product);654 $cart_item_data = array();655 if (is_plugin_active(‘woo-wallet/woo-wallet.php’)) {656 $wallet_product = get_wallet_rechargeable_product();657 if ($wallet_product->get_id() == $productId) {658 $cart_item_data[‘recharge_amount’] = $product[‘total’];659 }660 }661662 $woocommerce->cart->add_to_cart($productId, $quantity, 0, $attributes, $cart_item_data);663664 }665 }666667 if (isset($shipping)) {668 $woocommerce->customer->set_shipping_first_name($shipping[“first_name”]);669 $woocommerce->customer->set_shipping_last_name($shipping[“last_name”]);670 $woocommerce->customer->set_shipping_company($shipping[“company”]);671 $woocommerce->customer->set_shipping_address_1($shipping[“address_1”]);672 $woocommerce->customer->set_shipping_address_2($shipping[“address_2”]);673 $woocommerce->customer->set_shipping_city($shipping[“city”]);674 $woocommerce->customer->set_shipping_state($shipping[“state”]);675 $woocommerce->customer->set_shipping_postcode($shipping[“postcode”]);676 $woocommerce->customer->set_shipping_country($shipping[“country”]);677 }678679 if (isset($billing)) {680 $woocommerce->customer->set_billing_first_name($billing[“first_name”]);681 $woocommerce->customer->set_billing_last_name($billing[“last_name”]);682 $woocommerce->customer->set_billing_company($billing[“company”]);683 $woocommerce->customer->set_billing_address_1($billing[“address_1”]);684 $woocommerce->customer->set_billing_address_2($billing[“address_2”]);685 $woocommerce->customer->set_billing_city($billing[“city”]);686 $woocommerce->customer->set_billing_state($billing[“state”]);687 $woocommerce->customer->set_billing_postcode($billing[“postcode”]);688 $woocommerce->customer->set_billing_country($billing[“country”]);689 $woocommerce->customer->set_billing_email($billing[“email”]);690 $woocommerce->customer->set_billing_phone($billing[“phone”]);691 }692693 if (!empty($data[‘coupon_lines’])) {694 $coupons = $data[‘coupon_lines’];695 foreach ($coupons as $coupon) {696 $woocommerce->cart->add_discount($coupon[‘code’]);697 }698 }699700 if (!empty($data[‘shipping_lines’])) {701 $shippingLines = $data[‘shipping_lines’];702 $shippingMethod = $shippingLines[0][‘method_id’];703 WC()->session->set('chosen_shipping_methods’, array($shippingMethod));704 }705 if (!empty($data[‘payment_method’])) {706 WC()->session->set('chosen_payment_method’, $data[‘payment_method’]);707 }708709 if (isset($data[‘customer_note’]) && !empty($data[‘customer_note’])) {710 $_POST[“order_comments”] = sanitize_text_field($data[‘customer_note’]);711 $checkout_fields = WC()->checkout->__get(“checkout_fields”);712 $checkout_fields[“order”] = [“order_comments” => [“type” => "textarea", “class” => [], “label” => "Order notes", “placeholder” => “Notes about your order, e.g. special notes for delivery.”]];713 WC()->checkout->__set("checkout_fields", $checkout_fields);714 }715 }716 }717718 if (isset($_GET[‘cookie’])) {719 $cookie = urldecode(base64_decode(sanitize_text_field($_GET[‘cookie’])));720 $userId = validateCookieLogin($cookie);721 if (!is_wp_error($userId)) {722 $user = get_userdata($userId);723 if ($user !== false) {724 wp_set_current_user($userId, $user->user_login);725 wp_set_auth_cookie($userId);726 if (isset($_GET[‘vendor_admin’])) {727 global $wp;728 $request = $wp->request;729 wp_redirect(esc_url_raw(home_url(“/” . $request)));730 die;731 }732 }733 }734 }735}736737// Add product image to order738add_filter('woocommerce_rest_prepare_shop_order_object’, 'custom_woocommerce_rest_prepare_shop_order_object’, 10, 1);739function custom_woocommerce_rest_prepare_shop_order_object($response)740{741 if (empty($response->data) || empty($response->data[‘line_items’])) {742 return $response;743 }744 $api = new WC_REST_Products_Controller();745 $req = new WP_REST_Request(‘GET’);746 $line_items = [];747 foreach ($response->data[‘line_items’] as $item) {748 $product_id = $item[‘product_id’];749 $req->set_query_params([“id” => $product_id]);750 $res = $api->get_item($req);751 if (is_wp_error($res)) {752 $item[“product_data”] = null;753 } else {754 $item[“product_data”] = $res->get_data();755 }756 $line_items[] = $item;757758 }759 $response->data[‘line_items’] = $line_items;760761 // Get the value762 $bacs_info = get_option( ‘woocommerce_bacs_accounts’);763 $response->data[‘bacs_info’] = $bacs_info;764 765 return $response;766}767768769function mstore_register_order_refund_requested_order_status()770{771 register_post_status('wc-refund-req’, array(772 ‘label’ => esc_attr__(‘Refund Requested’),773 ‘public’ => true,774 ‘show_in_admin_status_list’ => true,775 ‘show_in_admin_all_list’ => true,776 ‘exclude_from_search’ => false,777 ‘label_count’ => _n_noop('Refund requested <span class="count">(%s)</span>’, ‘Refund requested <span class="count">(%s)</span>’)778 ));779}780781add_action('init’, ‘mstore_register_order_refund_requested_order_status’);782783784function mstore_add_custom_order_statuses($order_statuses)785{786 // Create new status array.787 $new_order_statuses = array();788 // Loop though statuses.789 foreach ($order_statuses as $key => $status) {790 // Add status to our new statuses.791 $new_order_statuses[$key] = $status;792 // Add our custom statuses.793 if (‘wc-processing’ === $key) {794 $new_order_statuses[‘wc-refund-req’] = esc_attr__(‘Refund Requested’);795 }796 }797798 return $new_order_statuses;799}800801add_filter('wc_order_statuses’, ‘mstore_add_custom_order_statuses’);802803804function custom_status_bulk_edit($actions)805{806 // Add order status changes.807 $actions[‘mark_refund-req’] = __(‘Change status to refund requested’);808809 return $actions;810}811812add_filter('bulk_actions-edit-shop_order’, 'custom_status_bulk_edit’, 20, 1);