Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-2734: flutter-woo.php in mstore-api/tags/3.9.0/controllers – WordPress Plugin Repository

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

CVE
#sql#mac#js#wordpress#php#auth

1<?php2require_once(__DIR__ . ‘/flutter-base.php’);34/*5 * Base REST Controller for flutter6 *7 * @since 1.4.08 *9 * @package shipping10 */1112class FlutterWoo extends FlutterBaseController13{14 /**15 * Endpoint namespace16 *17 * @var string18 */19 protected $namespace = 'api/flutter_woo’;2021 /**22 * Register all routes releated with stores23 *24 * @return void25 */26 public function __construct()27 {28 add_action('rest_api_init’, array($this, ‘register_flutter_woo_routes’));29 }3031 public function register_flutter_woo_routes()32 {33 register_rest_route($this->namespace, '/shipping_methods’, array(34 array(35 ‘methods’ => WP_REST_Server::CREATABLE,36 ‘callback’ => array($this, ‘shipping_methods’),37 ‘permission_callback’ => function () {38 return parent::checkApiPermission();39 }40 ),41 ));4243 register_rest_route($this->namespace, '/ddates’, array(44 array(45 ‘methods’ => "GET",46 ‘callback’ => array($this, ‘get_ddates’),47 ‘permission_callback’ => function () {48 return parent::checkApiPermission();49 }50 ),51 ));5253 register_rest_route($this->namespace, '/payment_methods’, array(54 array(55 ‘methods’ => WP_REST_Server::CREATABLE,56 ‘callback’ => array($this, ‘payment_methods’),57 ‘permission_callback’ => function () {58 return parent::checkApiPermission();59 }60 ),61 ));6263 register_rest_route($this->namespace, '/coupon’, array(64 array(65 ‘methods’ => WP_REST_Server::CREATABLE,66 ‘callback’ => array($this, ‘coupon’),67 ‘permission_callback’ => function () {68 return parent::checkApiPermission();69 }70 ),71 ));7273 register_rest_route($this->namespace, '/cart’, array(74 array(75 ‘methods’ => "GET",76 ‘callback’ => array($this, ‘get_cart’),77 ‘permission_callback’ => function () {78 return parent::checkApiPermission();79 }80 ),81 ));8283 register_rest_route($this->namespace, '/cart’, array(84 array(85 ‘methods’ => "POST",86 ‘callback’ => array($this, ‘sync_cart_from_mobile’),87 ‘permission_callback’ => function () {88 return parent::checkApiPermission();89 }90 ),91 ));9293 $config_file = array(94 array(95 ‘methods’ => WP_REST_Server::CREATABLE,96 ‘callback’ => array($this, ‘upload_config_file’),97 ‘permission_callback’ => array($this, ‘check_upload_file_permission’),98 ),99 );100 register_rest_route($this->namespace, '/config-file’, $config_file);101102 register_rest_route($this->namespace, '/taxes’, array(103 array(104 ‘methods’ => "POST",105 ‘callback’ => array($this, ‘get_taxes’),106 ‘permission_callback’ => function () {107 return parent::checkApiPermission();108 }109 ),110 ));111112 register_rest_route($this->namespace, '/points’, array(113 array(114 ‘methods’ => "GET",115 ‘callback’ => array($this, ‘get_points’),116 ‘permission_callback’ => function () {117 return parent::checkApiPermission();118 }119 ),120 ));121122 register_rest_route($this->namespace, '/points’, array(123 array(124 ‘methods’ => "PATCH",125 ‘callback’ => array($this, ‘update_points’),126 ‘permission_callback’ => function () {127 return parent::checkApiPermission();128 }129 ),130 ));131132 register_rest_route($this->namespace, '/products/reviews’, array(133 array(134 ‘methods’ => "POST",135 ‘callback’ => array($this, ‘create_product_review’),136 ‘permission_callback’ => function () {137 return parent::checkApiPermission();138 }139 ),140 ));141 register_rest_route($this->namespace, '/products/dynamic’, array(142 array(143 ‘methods’ => "GET",144 ‘callback’ => array($this, ‘get_product_from_dynamic_link’),145 ‘permission_callback’ => function () {146 return parent::checkApiPermission();147 }148 ),149 ));150 register_rest_route($this->namespace, '/product-category/dynamic’, array(151 array(152 ‘methods’ => "GET",153 ‘callback’ => array($this, ‘get_product_category_from_dynamic_link’),154 ‘permission_callback’ => function () {155 return parent::checkApiPermission();156 }157 ),158 ));159 register_rest_route($this->namespace, '/blog/dynamic’, array(160 array(161 ‘methods’ => "GET",162 ‘callback’ => array($this, ‘get_blog_from_dynamic_link’),163 ‘permission_callback’ => function () {164 return parent::checkApiPermission();165 }166 ),167 ));168169 register_rest_route( $this->namespace, '/blog/create’, array(170 array(171 ‘methods’ => "POST",172 ‘callback’ => array( $this, ‘create_blog’ ),173 ‘permission_callback’ => function () {174 return parent::checkApiPermission();175 }176 ),177 ));178179 register_rest_route( $this->namespace, '/blog/comment’, array(180 array(181 ‘methods’ => "POST",182 ‘callback’ => array( $this, ‘create_comment’ ),183 ‘permission_callback’ => function () {184 return parent::checkApiPermission();185 }186 ),187 ));188189 register_rest_route($this->namespace, '/scanner’, array(190 array(191 ‘methods’ => "GET",192 ‘callback’ => array($this, ‘get_data_from_scanner’),193 ‘permission_callback’ => function () {194 return parent::checkApiPermission();195 }196 ),197 ));198199 register_rest_route( $this->namespace, '/products’. '/(?P<id>[\d]+)'.’/check’, array(200 ‘args’ => array(201 ‘id’ => array(202 ‘description’ => __('Unique identifier for the resource.’, ‘woocommerce’),203 ‘type’ => 'integer’,204 ),205 ),206 array(207 ‘methods’ => "GET",208 ‘callback’ => array( $this, ‘check_product’ ),209 ‘permission_callback’ => function () {210 return parent::checkApiPermission();211 }212 ),213 ));214215 register_rest_route( $this->namespace, '/products’. '/(?P<id>[\d]+)'.’/rating_counts’, array(216 ‘args’ => array(217 ‘id’ => array(218 ‘description’ => __('Unique identifier for the resource.’, ‘woocommerce’),219 ‘type’ => 'integer’,220 ),221 ),222 array(223 ‘methods’ => "GET",224 ‘callback’ => array( $this, ‘get_product_rating_counts’ ),225 ‘permission_callback’ => function () {226 return parent::checkApiPermission();227 }228 ),229 ));230231 register_rest_route($this->namespace, '/products/video’, array(232 array(233 ‘methods’ => "GET",234 ‘callback’ => array($this, ‘get_products_video’),235 ‘permission_callback’ => function () {236 return parent::checkApiPermission();237 }238 ),239 ));240 }241242 function get_data_from_scanner($request){243 $data = sanitize_text_field($request[‘data’]);244 $token = sanitize_text_field($request[‘token’]);245 if(isset($data) && is_numeric($data)){246 $type = get_post_type($data);247 248 if($type){249 if($type == ‘product’){250 $controller = new CUSTOM_WC_REST_Products_Controller();251 $req = new WP_REST_Request(‘GET’);252 $params = array(‘status’ =>’published’, ‘include’ => [$data], 'page’=>1, 'per_page’=>10);253 $req->set_query_params($params);254 $response = $controller->get_items($req);255 return array(256 ‘type’ => $type,257 ‘data’ => $response->get_data(),258 );259 }260261262 if($type == ‘shop_order’){263 if (isset($token)) {264 $cookie = urldecode(base64_decode($token));265 } else {266 return parent::sendError("unauthorized", "You are not allowed to do this", 401);267 }268 $user_id = validateCookieLogin($cookie);269 if (is_wp_error($user_id)) {270 return $user_id;271 }272273274 $api = new WC_REST_Orders_V1_Controller();275 $order = wc_get_order($data);276 $customer_id = $order->get_user_id();277 if($user_id != $customer_id){278 return parent::sendError("unauthorized", "You are not allowed to do this", 401);279 }280 $response = $api->prepare_item_for_response($order, $request);281 $order = $response->get_data();282 $count = count($order[“line_items”]);283 $order[“product_count”] = $count;284 $line_items = array();285 for ($i = 0; $i < $count; $i++) {286 $image = wp_get_attachment_image_src(287 get_post_thumbnail_id($product_id)288 );289 if (!is_null($image[0])) {290 $order[“line_items”][$i][“featured_image”] = $image[0];291 }292 $order_item = new WC_Order_Item_Product($order[“line_items”][$i][“id”]);293 $order[“line_items”][$i][“meta”] = $order_item->get_meta_data();294 if (is_plugin_active(‘wc-frontend-manager-delivery/wc-frontend-manager-delivery.php’)) {295 $table_name = $wpdb->prefix . "wcfm_delivery_orders";296 $sql = "SELECT delivery_boy FROM `{$table_name}`";297 $sql .= " WHERE 1=1";298 $sql .= " AND product_id = '{$product_id}’";299 $sql .= " AND order_id = '{$item->order_id}’";300 $users = $wpdb->get_results($sql);301302 if (count($users) > 0) {303 $user = get_userdata($users[0]->delivery_boy);304 $order[“line_items”][$i][‘delivery_user’] = [305 “id” => $user->ID,306 “name” => $user->display_name,307 “profile_picture” => $profile_pic,308 ];309 }310 }311 $line_items[] = $order[“line_items”][$i];312 }313 $order[“line_items”] = $line_items;314 315 return array(316 ‘type’ => $type,317 ‘data’ => [$order],318 );319 }320 }321 }322 return parent::sendError("invalid_data", "Invalid data", 400);323 }324325 function check_upload_file_permission($request){326 $base_permission = parent::checkApiPermission();327 if(!$base_permission){328 return false;329 }330 $cookie = $request->get_header(“User-Cookie”);331 if (isset($cookie) && $cookie != null) {332 $user_id = validateCookieLogin($cookie);333 if (is_wp_error($user_id)) {334 return false;335 }336 return is_super_admin( $user_id );337 }338 return false;339 }340341 /**342 * Check any prerequisites for our REST request.343 */344 private function check_prerequisites()345 {346 if (defined(‘WC_ABSPATH’)) {347 // WC 3.6+ - Cart and other frontend functions are not included for REST requests.348 include_once WC_ABSPATH . 'includes/wc-cart-functions.php’;349 include_once WC_ABSPATH . 'includes/wc-notice-functions.php’;350 include_once WC_ABSPATH . 'includes/wc-template-hooks.php’;351 }352353 if (null === WC()->session) {354 $session_class = apply_filters('woocommerce_session_handler’, ‘WC_Session_Handler’);355356 WC()->session = new $session_class();357 WC()->session->init();358 }359360 if (null === WC()->customer) {361 WC()->customer = new WC_Customer(get_current_user_id(), true);362 }363364 if (null === WC()->cart) {365 WC()->cart = new WC_Cart();366 }367 WC()->cart->empty_cart(true);368 }369370 function get_product_from_dynamic_link($request)371 {372 if (isset($request[‘url’])) {373 $url = $request[‘url’];374 $langs = ["en", "ar", “vi”];375 foreach( $langs as $lang ) {376 $url = str_replace("/". $lang,"",$url);377 }378 $product_id = url_to_postid($url);379 $controller = new CUSTOM_WC_REST_Products_Controller();380 $req = new WP_REST_Request(‘GET’);381 //$params = array(‘status’ => 'published’, 'include[0]' => $product_id, 'page’=>1, 'per_page’=>10, ‘lang’=>’en’);382 $params = array(‘status’ => 'published’, ‘include’ => [$product_id], 'page’=>1, 'per_page’=>10, ‘lang’=>’en’);383 $req->set_query_params($params);384385 $response = $controller->get_items($req);386 return $response->get_data();387 }388 return parent::sendError("invalid_url", "Not Found", 404);389 }390391 function get_product_category_from_dynamic_link($request)392 {393 if (isset($request[‘url’])) {394 $url = $request[‘url’];395 $items = explode("/", $url);396 $slug = null;397 for ($i = count($items) - 1; $i >= 0; $i–) {398 if (strlen($items[$i]) > 0) {399 $slug = $items[$i];400 break;401 }402 }403 $term = get_term_by('slug’, $slug, ‘product_cat’);404 if ($term != false) {405 $controller = new WC_REST_Product_Categories_Controller();406 $req = new WP_REST_Request(‘GET’);407 $params = array(‘include’ => [$term->term_id], 'page’=>1, 'per_page’=>10);408 $req->set_query_params($params);409 $response = $controller->get_items($req);410 return $response->get_data();411 } else {412 return parent::sendError(“invalid_url", “Not Found", 404);413 }414 }415 }416417 /**418 * Add a product to the cart.419 *420 * @param int $product_id contains the id of the product to add to the cart.421 * @param int $quantity contains the quantity of the item to add.422 * @param int $variation_id ID of the variation being added to the cart.423 * @param array $variation attribute values.424 * @param array $cart_item_data extra cart item data we want to pass into the item.425 * @return string|bool $cart_item_key426 * @throws Exception Plugins can throw an exception to prevent adding to cart.427 */428 public function add_to_cart($product_id = 0, $quantity = 1, $variation_id = 0, $variation = array(), $cart_item_data = array())429 {430 try {431 $product_id = absint($product_id);432 $variation_id = absint($variation_id);433434 // Ensure we don’t add a variation to the cart directly by variation ID.435 if (‘product_variation’ === get_post_type($product_id)) {436 $variation_id = $product_id;437 $product_id = wp_get_post_parent_id($variation_id);438 }439440 $product_data = wc_get_product($variation_id ? $variation_id : $product_id);441 $quantity = apply_filters('woocommerce_add_to_cart_quantity’, $quantity, $product_id);442443 if ($quantity <= 0) {444 throw new Exception(“The quantity must be a valid number greater than 0”);445 }446 if (!$product_data) {447 throw new Exception(“The product is not found”);448 }449 if (‘trash’ === $product_data->get_status()) {450 throw new Exception(“The product is trash”);451 }452453 // Load cart item data - may be added by other plugins.454 $cart_item_data = (array)apply_filters('woocommerce_add_cart_item_data’, $cart_item_data, $product_id, $variation_id, $quantity);455456 // Generate a ID based on product ID, variation ID, variation data, and other cart item data.457 $cart_id = WC()->cart->generate_cart_id($product_id, $variation_id, $variation, $cart_item_data);458459 // Find the cart item key in the existing cart.460 $cart_item_key = WC()->cart->find_product_in_cart($cart_id);461462 // Force quantity to 1 if sold individually and check for existing item in cart.463 if ($product_data->is_sold_individually()) {464 $quantity = apply_filters('woocommerce_add_to_cart_sold_individually_quantity’, 1, $quantity, $product_id, $variation_id, $cart_item_data);465 $found_in_cart = apply_filters('woocommerce_add_to_cart_sold_individually_found_in_cart’, $cart_item_key && WC()->cart->cart_contents[$cart_item_key][‘quantity’] > 0, $product_id, $variation_id, $cart_item_data, $cart_id);466467 if ($found_in_cart) {468 /* translators: %s: product name */469 throw new Exception(sprintf('<a href="%s” class="button wc-forward">%s</a> %s’, wc_get_cart_url(), __('View cart’, ‘woocommerce’), sprintf(__('You cannot add another “%s” to your cart.’, ‘woocommerce’), $product_data->get_name())));470 }471 }472473 // if (!$product_data->is_purchasable()) {474 // $message = __('Sorry, this product cannot be purchased.’, ‘woocommerce’);475 // /**476 // * Filters message about product unable to be purchased.477 // *478 // * @param string $message Message.479 // * @param WC_Product $product_data Product data.480 // * @since 3.8.0481 // */482 // $message = apply_filters('woocommerce_cart_product_cannot_be_purchased_message’, $message, $product_data);483 // throw new Exception($message);484 // }485486 // Stock check - only check if we’re managing stock and backorders are not allowed.487 if (!$product_data->is_in_stock()) {488 /* translators: %s: product name */489 throw new Exception(sprintf(__('You cannot add “%s” to the cart because the product is out of stock.’, ‘woocommerce’), $product_data->get_name()));490 }491492 if (!$product_data->has_enough_stock($quantity)) {493 /* translators: 1: product name 2: quantity in stock */494 throw new Exception(sprintf(__('You cannot add that amount of “%1$s” to the cart because there is not enough stock (%2$s remaining).’, ‘woocommerce’), $product_data->get_name(), wc_format_stock_quantity_for_display($product_data->get_stock_quantity(), $product_data)));495 }496497 // Stock check - this time accounting for whats already in-cart.498 if ($product_data->managing_stock()) {499 $products_qty_in_cart = WC()->cart->get_cart_item_quantities();500501 if (isset($products_qty_in_cart[$product_data->get_stock_managed_by_id()]) && !$product_data->has_enough_stock($products_qty_in_cart[$product_data->get_stock_managed_by_id()] + $quantity)) {502 throw new Exception(503 sprintf(504 '<a href="%s” class="button wc-forward">%s</a> %s’,505 wc_get_cart_url(),506 __('View cart’, ‘woocommerce’),507 /* translators: 1: quantity in stock 2: current quantity */508 sprintf(__('You cannot add that amount to the cart — we have %1$s in stock and you already have %2$s in your cart.’, ‘woocommerce’), wc_format_stock_quantity_for_display($product_data->get_stock_quantity(), $product_data), wc_format_stock_quantity_for_display($products_qty_in_cart[$product_data->get_stock_managed_by_id()], $product_data))509 )510 );511 }512 }513514 // If cart_item_key is set, the item is already in the cart.515 if ($cart_item_key) {516 $new_quantity = $quantity + WC()->cart->cart_contents[$cart_item_key][‘quantity’];517 WC()->cart->set_quantity($cart_item_key, $new_quantity, false);518 } else {519 $cart_item_key = $cart_id;520521 // Add item after merging with $cart_item_data - hook to allow plugins to modify cart item.522 WC()->cart->cart_contents[$cart_item_key] = apply_filters(523 'woocommerce_add_cart_item’,524 array_merge(525 $cart_item_data,526 array(527 ‘key’ => $cart_item_key,528 ‘product_id’ => $product_id,529 ‘variation_id’ => $variation_id,530 ‘variation’ => $variation,531 ‘quantity’ => $quantity,532 ‘data’ => $product_data,533 ‘data_hash’ => wc_get_cart_item_data_hash($product_data),534 )535 ),536 $cart_item_key537 );538 }539540 WC()->cart->cart_contents = apply_filters('woocommerce_cart_contents_changed’, WC()->cart->cart_contents);541542 do_action('woocommerce_add_to_cart’, $cart_item_key, $product_id, $quantity, $variation_id, $variation, $cart_item_data);543544 return true;545546 } catch (Exception $e) {547 if ($e->getMessage()) {548 return html_entity_decode(strip_tags($e->getMessage()));549 }550 return false;551 }552 }553554 private function add_items_to_cart($products, $isValidate = true)555 {556 try {557 foreach ($products as $product) {558 $productId = absint($product[‘product_id’]);559560 $quantity = $product[‘quantity’];561 $variationId = isset($product[‘variation_id’]) ? $product[‘variation_id’] : "";562563 $attributes = [];564 if (isset($product[“meta_data”])) {565 foreach ($product[“meta_data”] as $item) {566 $attributes[strtolower($item[“key”])] = $item[“value”];567 }568 }569570 // Check the product variation571 if (!empty($variationId)) {572 $productVariable = new WC_Product_Variable($productId);573 $listVariations = $productVariable->get_available_variations();574 foreach ($listVariations as $vartiation => $value) {575 if ($variationId == $value[‘variation_id’]) {576 $attributes = array_merge($value[‘attributes’], $attributes);577 $error = $this->add_to_cart($productId, $quantity, $variationId, $attributes);578 if ((is_string($error) || $error == false) && $isValidate) {579 throw new Exception($error);580 }581 }582 }583 } else {584 parseMetaDataForBookingProduct($product);585 $error = $this->add_to_cart($productId, $quantity, 0, $attributes);586 if ((is_string($error) || $error == false) && $isValidate) {587 throw new Exception($error);588 }589 }590 }591 return true;592 } catch (Exception $e) {593 return $e->getMessage();594 }595596 }597598 public function shipping_methods($request)599 {600 $json = file_get_contents(‘php://input’);601 $body = json_decode($json, TRUE);602603 $this->check_prerequisites();604605 $shipping = $body[“shipping”];606 WC()->customer->set_shipping_first_name($shipping[“first_name”]);607 WC()->customer->set_shipping_last_name($shipping[“last_name”]);608 WC()->customer->set_shipping_company($shipping[“company”]);609 WC()->customer->set_shipping_address_1($shipping[“address_1”]);610 WC()->customer->set_shipping_address_2($shipping[“address_2”]);611 WC()->customer->set_shipping_city($shipping[“city”]);612 WC()->customer->set_shipping_state($shipping[“state”]);613 WC()->customer->set_shipping_postcode($shipping[“postcode”]);614 WC()->customer->set_shipping_country($shipping[“country”]);615616 $error = $this->add_items_to_cart($body[‘line_items’], false);617 if (is_string($error)) {618 return parent::sendError("invalid_item", $error, 400);619 }620621 if(isset($body[‘coupon_lines’]) && is_array($body[‘coupon_lines’]) && count($body[‘coupon_lines’]) > 0){622 WC()->cart->apply_coupon($body[‘coupon_lines’][0][‘code’]);623 }624 625 /* set calculation type if product is subscription to get shipping methods for subscription product have trial days */626 if (is_plugin_active(‘woocommerce-subscriptions/woocommerce-subscriptions.php’)) {627 foreach ($body[‘line_items’] as $product) {628 $productId = absint($product[‘product_id’]);629 $variationId = isset($product[‘variation_id’]) ? absint($product[‘variation_id’]) : 0;630 $product_data = wc_get_product($variationId != 0 ? $variationId : $productId);631 if (class_exists(‘WC_Subscriptions_Product’) && WC_Subscriptions_Product::is_subscription($product_data)) {632 WC_Subscriptions_Cart::set_calculation_type(‘recurring_total’);633 break;634 }635 }636 }637638 if( apply_filters( 'wcfmmp_is_allow_checkout_user_location’, true ) ) {639 if ( !empty($shipping[“wcfmmp_user_location”]) ) {640 WC()->customer->set_props( array( ‘wcfmmp_user_location’ => sanitize_text_field( $shipping[“wcfmmp_user_location”] ) ) );641 WC()->session->set( '_wcfmmp_user_location’, sanitize_text_field( $shipping[“wcfmmp_user_location”] ) );642 }643 if ( !empty($shipping[“wcfmmp_user_location_lat”]) ) {644 WC()->session->set( '_wcfmmp_user_location_lat’, sanitize_text_field( $shipping[‘wcfmmp_user_location_lat’] ) );645 }646 if ( !empty( $shipping[‘wcfmmp_user_location_lng’] ) ) {647 WC()->session->set( '_wcfmmp_user_location_lng’, sanitize_text_field( $shipping[‘wcfmmp_user_location_lng’] ) );648 }649 }650651 $shipping_methods = WC()->shipping->calculate_shipping(WC()->cart->get_shipping_packages());652 $required_shipping = WC()->cart->needs_shipping() && WC()->cart->show_shipping();653654 if(count( $shipping_methods) == 0){655 return new WP_Error(400, 'No Shipping’, array(‘required_shipping’ => $required_shipping));656 }657658 $results = [];659 foreach ($shipping_methods as $shipping_method) {660 $rates = $shipping_method[‘rates’];661 foreach ($rates as $rate) {662 $results[] = [663 “id” => $rate->get_id(),664 “method_id” => $rate->get_method_id(),665 “instance_id” => $rate->get_instance_id(),666 “label” => $rate->get_label(),667 “cost” => $rate->get_cost(),668 “taxes” => $rate->get_taxes(),669 “shipping_tax” => $rate->get_shipping_tax()670 ];671 }672 }673 return $results;674 }675676 public function payment_methods($request)677 {678 $json = file_get_contents(‘php://input’);679 $body = json_decode($json, TRUE);680681 $cookie = $request->get_header(“User-Cookie”);682 if (isset($cookie) && $cookie != null) {683 $user_id = validateCookieLogin($cookie);684 if (is_wp_error($user_id)) {685 return $user_id;686 }687 wp_set_current_user($user_id);688 } elseif (isset($body[‘customer_id’]) && $body[‘customer_id’] != null) {689 wp_set_current_user($body[‘customer_id’]);690 }691692 $this->check_prerequisites();693694 $shipping = $body[“shipping”];695 if (isset($shipping)) {696 WC()->customer->set_shipping_first_name($shipping[“first_name”]);697 WC()->customer->set_shipping_last_name($shipping[“last_name”]);698 WC()->customer->set_shipping_company($shipping[“company”]);699 WC()->customer->set_shipping_address_1($shipping[“address_1”]);700 WC()->customer->set_shipping_address_2($shipping[“address_2”]);701 WC()->customer->set_shipping_city($shipping[“city”]);702 WC()->customer->set_shipping_state($shipping[“state”]);703 WC()->customer->set_shipping_postcode($shipping[“postcode”]);704 WC()->customer->set_shipping_country($shipping[“country”]);705 }706 //Fix to show COD based on the country for WooCommerce Multilingual & Multicurrency707 if(is_plugin_active(‘woocommerce-multilingual/wpml-woocommerce.php’) && !is_plugin_active(‘elementor-pro/elementor-pro.php’)){708 $_GET[‘wc-ajax’] = 'update_order_review’;709 $_POST[‘country’] = $shipping[“country”];710 }711 712 $error = $this->add_items_to_cart($body[‘line_items’]);713 if (is_string($error)) {714 return parent::sendError("invalid_item", $error, 400);715 }716 if(isset($body[‘coupon_lines’]) && is_array($body[‘coupon_lines’]) && count($body[‘coupon_lines’]) > 0){717 WC()->cart->apply_coupon($body[‘coupon_lines’][0][‘code’]);718 }719 if (isset($body[“shipping_lines”]) && !empty($body[“shipping_lines”])) {720 $shippings = [];721 foreach ($body[“shipping_lines”] as $shipping_line) {722 $shippings[] = $shipping_line[“method_id”];723 }724 WC()->session->set('chosen_shipping_methods’, $shippings);725 }726 $payment_methods = WC()->payment_gateways->get_available_payment_gateways();727 $results = [];728 foreach ($payment_methods as $key => $value) {729 $results[] = [“id” => $value->id, “title” => $value->title, “method_title” => $value->method_title, “description” => $value->description];730 }731 return $results;732 }733734 public function coupon($request)735 {736 $json = file_get_contents(‘php://input’);737 $body = json_decode($json, TRUE);738739 $this->check_prerequisites();740 $error = $this->add_items_to_cart($body[‘line_items’]);741 if (is_string($error)) {742 return parent::sendError("invalid_item", $error, 400);743 }744745 if (isset($body[“customer_id”]) && $body[“customer_id”] != null) {746 $userId = $body[“customer_id”];747 $user = get_userdata($userId);748 if ($user) {749 wp_set_current_user($userId, $user->user_login);750 wp_set_auth_cookie($userId);751 WC()->customer = new WC_Customer($userId, true);752 }753 }754755 $coupon_code = $body[“coupon_code”];756757 // Coupons are globally disabled.758 if (!wc_coupons_enabled()) {759 return parent::sendError("invalid_coupon", "Coupon is disabled", 400);760 }761762 // Sanitize coupon code.763 $coupon_code = wc_format_coupon_code($coupon_code);764765 // Get the coupon.766 $the_coupon = new WC_Coupon($coupon_code);767768 // Prevent adding coupons by post ID.769 if ($the_coupon->get_code() !== $coupon_code) {770 $the_coupon->set_code($coupon_code);771 return parent::sendError("invalid_coupon", $the_coupon->get_coupon_error(WC_Coupon::E_WC_COUPON_NOT_EXIST), 400);772 }773774 // Check it can be used with cart.775 if (!$the_coupon->is_valid()) {776 return parent::sendError("invalid_coupon", html_entity_decode(strip_tags($the_coupon->get_error_message())), 400);777 }778779 // Check if applied.780 if (WC()->cart->has_discount($coupon_code)) {781 WC()->cart->remove_coupons();782 }783784 // If its individual use then remove other coupons.785 if ($the_coupon->get_individual_use()) {786787 foreach (WC()->cart->applied_coupons as $applied_coupon) {788 $keep_key = array_search($applied_coupon, $coupons_to_keep, true);789 if (false === $keep_key) {790 WC()->cart->remove_coupon($applied_coupon);791 } else {792 unset($coupons_to_keep[$keep_key]);793 }794 }795796 if (!empty($coupons_to_keep)) {797 WC()->cart->applied_coupons += $coupons_to_keep;798 }799 }800801 WC()->cart->set_applied_coupons([$coupon_code]);802 WC()->cart->calculate_totals();803804 $price = WC()->cart->get_coupon_discount_amount($the_coupon->get_code(), WC()->cart->display_cart_ex_tax);805 return [“coupon” => $this->get_formatted_coupon_data($the_coupon), “discount” => $price];806 }807808 protected function get_formatted_coupon_data($object)809 {810 $data = $object->get_data();811812 $format_decimal = array('amount’, 'minimum_amount’, ‘maximum_amount’);813 $format_date = array('date_created’, 'date_modified’, ‘date_expires’);814 $format_null = array('usage_limit’, 'usage_limit_per_user’, ‘limit_usage_to_x_items’);815816 // Format decimal values.817 foreach ($format_decimal as $key) {818 $data[$key] = wc_format_decimal($data[$key], 2);819 }820821 // Format date values.822 foreach ($format_date as $key) {823 $datetime = $data[$key];824 $data[$key] = wc_rest_prepare_date_response($datetime, false);825 $data[$key . ‘_gmt’] = wc_rest_prepare_date_response($datetime);826 }827828 // Format null values.829 foreach ($format_null as $key) {830 $data[$key] = $data[$key] ? $data[$key] : null;831 }832833 return array(834 ‘id’ => $object->get_id(),835 ‘code’ => $data[‘code’],836 ‘amount’ => $data[‘amount’],837 ‘date_created’ => $data[‘date_created’],838 ‘date_created_gmt’ => $data[‘date_created_gmt’],839 ‘date_modified’ => $data[‘date_modified’],840 ‘date_modified_gmt’ => $data[‘date_modified_gmt’],841 ‘discount_type’ => $data[‘discount_type’],842 ‘description’ => $data[‘description’],843 ‘date_expires’ => $data[‘date_expires’],844 ‘date_expires_gmt’ => $data[‘date_expires_gmt’],845 ‘usage_count’ => $data[‘usage_count’],846 ‘individual_use’ => $data[‘individual_use’],847 ‘product_ids’ => $data[‘product_ids’],848 ‘excluded_product_ids’ => $data[‘excluded_product_ids’],849 ‘usage_limit’ => $data[‘usage_limit’],850 ‘usage_limit_per_user’ => $data[‘usage_limit_per_user’],851 ‘limit_usage_to_x_items’ => $data[‘limit_usage_to_x_items’],852 ‘free_shipping’ => $data[‘free_shipping’],853 ‘product_categories’ => $data[‘product_categories’],854 ‘excluded_product_categories’ => $data[‘excluded_product_categories’],855 ‘exclude_sale_items’ => $data[‘exclude_sale_items’],856 ‘minimum_amount’ => $data[‘minimum_amount’],857 ‘maximum_amount’ => $data[‘maximum_amount’],858 ‘email_restrictions’ => $data[‘email_restrictions’],859 ‘used_by’ => $data[‘used_by’],860 ‘meta_data’ => $data[‘meta_data’],861 );862 }863864 public function get_cart($request)865 {866 $cookie = $request[“cookie”];867 if (isset($request[“token”])) {868 $cookie = urldecode(base64_decode($request[“token”]));869 }870 $user_id = validateCookieLogin($cookie);871 if (is_wp_error($user_id)) {872 return $user_id;873 }874875 // Get an instance of the WC_Session_Handler Object876 $session_handler = new WC_Session_Handler();877878 // Get the user session from its user ID:879 $session = $session_handler->get_session($user_id);880881 // Get cart items array882 $cart_items = maybe_unserialize($session[‘cart’]);883884 $items = [];885886 // Loop through cart items and get cart items details887 $product_controller = new WC_REST_Products_Controller();888 $product_variation_controller = new WC_REST_Product_Variations_Controller();889 if(is_array($cart_items)){890 foreach ($cart_items as $cart_item_key => $cart_item) {891 $product_id = $cart_item[‘product_id’];892 $variation_id = $cart_item[‘variation_id’];893 $quantity = $cart_item[‘quantity’];894 895 $product = wc_get_product($product_id);896 $product_data = $product_controller->prepare_object_for_response($product, $request)->get_data();897 898 if ($variation_id != 0) {899 $variation = new WC_Product_Variation($variation_id);900 $variation_data = $product_variation_controller->prepare_object_for_response($variation, $request)->get_data();901 } else {902 $variation_data = null;903 }904 $items[] = [“product” => $product_data, “quantity” => $quantity, “variation” => $variation_data];905 }906 }907908 return $items;909 }910911 public function sync_cart_from_mobile($request)912 {913 $json = file_get_contents(‘php://input’);914 $body = json_decode($json, TRUE);915916 if (defined(‘WC_ABSPATH’)) {917 // WC 3.6+ - Cart and other frontend functions are not included for REST requests.918 include_once WC_ABSPATH . 'includes/wc-cart-functions.php’;919 }920921 $user_id = $body[“customer_id”];922923 $session_expiring = time() + intval(apply_filters('wc_session_expiring’, 60 * 60 * 47)); // 47 Hours.924 $session_expiration = time() + intval(apply_filters('wc_session_expiration’, 60 * 60 * 48)); // 48 Hours.925 $to_hash = $user_id . ‘|’ . $session_expiration;926 $cookie_hash = hash_hmac('md5’, $to_hash, wp_hash($to_hash));927 $_COOKIE[‘wp_woocommerce_session_’ . COOKIEHASH] = $user_id . “||” . $session_expiration . “||” . $session_expiring . “||” . $cookie_hash;928929 $user = get_userdata($user_id);930 wp_set_current_user($user_id, $user->user_login);931 wp_set_auth_cookie($user_id);932933 // Get an instance of the WC_Session_Handler Object934 WC()->session = new WC_Session_Handler();935 WC()->session->init();936937 WC()->customer = new WC_Customer(get_current_user_id(), true);938939 WC()->cart = new WC_Cart();940 WC()->cart->empty_cart();941942 $products = $body[‘line_items’];943 foreach ($products as $product) {944 $productId = absint($product[‘product_id’]);945946 $quantity = $product[‘quantity’];947 $variationId = isset($product[‘variation_id’]) ? $product[‘variation_id’] : "";948949 $attributes = [];950 foreach ($product[“meta_data”] as $item) {951 $attributes[$item[“key”]] = $item[“value”];952 }953 // Check the product variation954 if (!empty($variationId)) {955 $productVariable = new WC_Product_Variable($productId);956 $listVariations = $productVariable->get_available_variations();957 foreach ($listVariations as $vartiation => $value) {958 if ($variationId == $value[‘variation_id’]) {959 $attributes = array_merge($value[‘attributes’], $attributes);960 WC()->cart->add_to_cart($productId, $quantity, $variationId, $attributes);961 }962 }963 } else {964 WC()->cart->add_to_cart($productId, $quantity, 0, $attributes);965 }966 }967968 return WC()->cart->get_totals();969 }970971 public function upload_config_file($request){972 if (!isset($_FILES[‘file’])) {973 return parent::sendError("invalid_key","Key must be 'file’", 400);974 }975 $file = $_FILES[‘file’];976 if ($file[“size”] == 0) {977 return parent::sendError("invalid_file","File is required", 400);978 }979 980 if ($file[“type”] !== “application/json”) {981 return parent::sendError("invalid_file","You need to upload json file", 400);982 }983 984 $errMsg = FlutterUtils::upload_file_by_admin($file);985 if ($errMsg != null) {986 return parent::sendError("invalid_file","You need to upload config_xx.json file", 400);987 }988 return FlutterUtils::get_json_file_url($file[‘name’]);989 }990991 public function get_taxes($request)992 {993 $json = file_get_contents(‘php://input’);994 $body = json_decode($json, TRUE);995996 $this->check_prerequisites();997998 $shipping = $body[“shipping”];999 if (isset($shipping)) {1000 WC()->customer->set_shipping_first_name($shipping[“first_name”]);1001 WC()->customer->set_shipping_last_name($shipping[“last_name”]);1002 WC()->customer->set_shipping_company($shipping[“company”]);1003 WC()->customer->set_shipping_address_1($shipping[“address_1”]);1004 WC()->customer->set_shipping_address_2($shipping[“address_2”]);1005 WC()->customer->set_shipping_city($shipping[“city”]);1006 WC()->customer->set_shipping_state($shipping[“state”]);1007 WC()->customer->set_shipping_postcode($shipping[“postcode”]);1008 WC()->customer->set_shipping_country($shipping[“country”]);1009 }10101011 $billing = $body[“billing”];1012 if (isset($billing)) {1013 WC()->customer->set_billing_first_name($billing[“first_name”]);1014 WC()->customer->set_billing_last_name($billing[“last_name”]);1015 WC()->customer->set_billing_company($billing[“company”]);1016 WC()->customer->set_billing_address_1($billing[“address_1”]);1017 WC()->customer->set_billing_address_2($billing[“address_2”]);1018 WC()->customer->set_billing_city($billing[“city”]);1019 WC()->customer->set_billing_state($billing[“state”]);1020 WC()->customer->set_billing_postcode($billing[“postcode”]);1021 WC()->customer->set_billing_country($billing[“country”]);1022 WC()->customer->set_billing_email($billing[“email”]);1023 WC()->customer->set_billing_phone($billing[“phone”]);1024 }10251026 $error = $this->add_items_to_cart($body[‘line_items’]);1027 if (is_string($error)) {1028 return parent::sendError("invalid_item", $error, 400);1029 }1030 if(isset($body[‘coupon_lines’]) && is_array($body[‘coupon_lines’]) && count($body[‘coupon_lines’]) > 0){1031 WC()->cart->apply_coupon($body[‘coupon_lines’][0][‘code’]);1032 }1033 if (isset($body[“shipping_lines”]) && !empty($body[“shipping_lines”])) {1034 $shippings = [];1035 foreach ($body[“shipping_lines”] as $shipping_line) {1036 $shippings[] = $shipping_line[“method_id”];1037 }1038 WC()->session->set('chosen_shipping_methods’, $shippings);1039 }10401041 $results = [];1042 if (wc_tax_enabled()) {1043 $taxable_address = WC()->customer->get_taxable_address();1044 $estimated_text = '’;10451046 if (WC()->customer->is_customer_outside_base() && !WC()->customer->has_calculated_shipping()) {1047 /* translators: %s location. */1048 $estimated_text = sprintf(esc_html__('(estimated for %s)', ‘woocommerce’), WC()->countries->estimated_for_prefix($taxable_address[0]) . WC()->countries->countries[$taxable_address[0]]);1049 }10501051 if (‘itemized’ === get_option(‘woocommerce_tax_total_display’)) {1052 foreach (WC()->cart->get_tax_totals() as $code => $tax) { // phpcs:ignore WordPress.WP.GlobalVariablesOverride.Prohibited1053 $results[] = [“label” => $tax->label . " " . $estimated_text, “value” => $tax->amount];1054 }1055 } else {1056 $results[] = [“label” => WC()->countries->tax_or_vat() . $estimated_text, “value” => WC()->cart->get_taxes_total()];1057 }1058 1059 return [“items” => $results, “taxes_total” => count($results) > 0 ? WC()->cart->get_taxes_total() : "0", “is_including_tax” => WC()->cart->display_prices_including_tax()];1060 }else{1061 return [“items” => [], “taxes_total” => "0", “is_including_tax” => false];1062 }1063 }10641065 public function get_points($request)1066 {1067 if (!is_plugin_active(‘woocommerce-points-and-rewards/woocommerce-points-and-rewards.php’)) {1068 return parent::sendError("invalid_plugin", "You need to install WooCommerce Points and Rewards plugin to use this api", 404);1069 }10701071 $cookie = $request[“cookie”];1072 if (isset($request[“token”])) {1073 $cookie = urldecode(base64_decode($request[“token”]));1074 }1075 $user_id = validateCookieLogin($cookie);1076 if (is_wp_error($user_id)) {1077 return $user_id;1078 }1079 if (‘yes’ === get_option(‘wc_points_rewards_partial_redemption_enabled’)) {1080 $myPoints = WC_Points_Rewards_Manager::get_users_points($user_id);1081 list($points, $monetary_value) = explode(':’, get_option('wc_points_rewards_redeem_points_ratio’, ‘’));1082 $max_product_point_discount = get_option(‘wc_points_rewards_max_discount’);1083 $max_point_discount = get_option(‘wc_points_rewards_cart_max_discount’);10841085 return [“points” => $myPoints, “cart_price_rate” => floatval($monetary_value), “cart_points_rate” => intval($points), “max_point_discount” => $max_point_discount, “max_product_point_discount” => $max_product_point_discount];1086 } else {1087 return parent::sendError("disabled_redemption", "Disabled partial redemption", 400);1088 }1089 }10901091 public function update_points($request)1092 {1093 if (!is_plugin_active(‘woocommerce-points-and-rewards/woocommerce-points-and-rewards.php’)) {1094 return parent::sendError("invalid_plugin", "You need to install Points and Rewards for WooCommerce plugin to use this api", 404);1095 }10961097 $json = file_get_contents(‘php://input’);1098 $body = json_decode($json, TRUE);10991100 $order_id = $body[“order_id”];1101 $cookie = $body[“cookie”];1102 $user_id = validateCookieLogin($cookie);1103 if (is_wp_error($user_id)) {1104 return $user_id;1105 }11061107 $user = get_user_by('ID’, $user_id);1108 $user_email = $user->user_email;11091110 $get_points = WC_Points_Rewards_Manager::get_users_points($user_id);1111 list($points, $monetary_value) = explode(':’, get_option('wc_points_rewards_redeem_points_ratio’, ‘’));1112 $order = wc_get_order($order_id);1113 if (isset($order) && !empty($order)) {1114 /*Order Fees*/1115 $order_fees = $order->get_fees();1116 if (!empty($order_fees)) {1117 foreach ($order_fees as $fee_item_id => $fee_item) {1118 $fee_id = $fee_item_id;1119 $fee_name = $fee_item->get_name();1120 $fee_amount = $fee_item->get_total();1121 if (isset($fee_name) && !empty($fee_name) && ‘Cart Discount’ == $fee_name) {1122 $fee_amount = -($fee_amount);1123 $fee_to_point = ceil((intval($points) * $fee_amount) / floatval($monetary_value));1124 $remaining_point = $get_points - $fee_to_point;1125 if ($remaining_point >= 0) {1126 /*update the users points in the*/1127 WC_Points_Rewards_Manager::set_points_balance($user_id, $remaining_point, ‘order-redeem’);1128 }1129 }1130 }1131 }1132 }1133 return true;1134 }11351136 public function create_product_review($request)1137 {1138 $images = $request[‘images’];1139 $controller = new WC_REST_Product_Reviews_Controller();1140 $response = $controller->create_item($request);1141 if(is_wp_error($response)){1142 return array(1143 'message’=>$response->get_error_message ());1144 }1145 $comment_id = $response->get_data()[‘id’];1146 if(is_plugin_active(‘wc-multivendor-marketplace/wc-multivendor-marketplace.php’)){1147 global $WCFMmp;1148 $WCFMmp->wcfmmp_reviews->wcfmmp_add_store_review( $comment_id );1149 } 1150 if(is_plugin_active(‘woo-photo-reviews/woo-photo-reviews.php’) || is_plugin_active(‘woocommerce-photo-reviews/woocommerce-photo-reviews.php’)){1151 if(isset($images)){1152 $images = $images;1153 $images = array_filter(explode(',’, $images));1154 $count = 0;1155 $img_arr = array();1156 $user_id = get_comment($comment_id)->user_id;1157 foreach($images as $image){1158 $img_id = upload_image_from_mobile($image, $count ,$user_id);1159 $img_arr[] = $img_id;1160 $count++;1161 }1162 update_comment_meta( $comment_id, 'reviews-images’, $img_arr );1163 }1164 }1165 return $response;1166 }11671168 public function get_ddates($request)1169 {1170 if (is_plugin_active(‘wc-frontend-manager-delivery/wc-frontend-manager-delivery.php’)) {1171 if (isset($request[‘id’])) {1172 $helper = new FlutterWCFMHelper();1173 return $helper->generate_vendor_delivery_time_checkout_field($request[‘id’]);1174 }else{1175 return parent::sendError("required_vendor_id", "id is required", 400);1176 }1177 }else if (is_plugin_active(‘order-delivery-date/order_delivery_date.php’)) {1178 $number_of_dates = get_option(‘orddd_number_of_dates’);1179 $options = ORDDD_Functions::orddd_get_dates_for_dropdown($number_of_dates);1180 $arr = array();1181 foreach ($options as $k => $v) {1182 if ($k == ‘select’) {1183 continue;1184 }1185 $date[‘timestamp’] = strtotime($k);1186 $date[‘date’] = $k;1187 $arr[] = $date;1188 }1189 return $arr;1190 }else{1191 return parent::sendError("invalid_plugin", "You need to install Order Delivery Date for WooCommerce or WOOCOMMERCE FRONTEND MANAGER - DELIVERY plugin to use this api", 404);1192 }1193 }11941195 function check_product($request){1196 $params = $request->get_url_params();1197 $token = sanitize_text_field($request[‘token’]);1198 $postid = sanitize_text_field($params[‘id’]);11991200 if (!empty($token)) {1201 $cookie = urldecode(base64_decode($token));1202 }1203 if(!empty($cookie)){1204 $userid = validateCookieLogin($cookie);1205 if (is_wp_error($userid)) {1206 return $userid;1207 }1208 wp_set_current_user($userid);1209 }else{1210 wp_set_current_user(0);1211 }12121213 if (!is_plugin_active(‘indeed-membership-pro/indeed-membership-pro.php’)) {1214 return parent::sendError("invalid_plugin", “You need to install Ultimate Membership Pro plugin to use this api", 404);1215 }12161217 $meta_arr = ihc_post_metas($postid);1218 $errMsg = null;1219 if(isset($meta_arr[‘ihc_mb_type’]) && $meta_arr[‘ihc_mb_type’] == ‘block’){1220 $errMsg = ‘This item is blocked’;1221 }else {1222 if(isset($meta_arr[‘ihc_mb_who’])){1223 //getting current user type and target user types1224 $current_user = ihc_get_user_type();1225 if($meta_arr[‘ihc_mb_who’]!=-1 && $meta_arr[‘ihc_mb_who’]!=’’){1226 $target_users = explode(‘,’, $meta_arr[‘ihc_mb_who’]);1227 } else {1228 $target_users = FALSE;1229 }1230 //test if current user must be redirect1231 if($current_user==’admin’){1232 return true;//show always for admin1233 }12341235 $result = ihc_test_if_must_block($meta_arr[‘ihc_mb_type’], $current_user, $target_users, $postid);12361237 if($result == 0){1238 return true;1239 }1240 if($result == 2){1241 $errMsg = 'This item is expired’;1242 }else {1243 $errMsg = ‘This item is blocked’;1244 }12451246 if($meta_arr[‘ihc_mb_block_type’]==’redirect’){1247 return parent::sendError('redirect’, $errMsg, 401);1248 }else{1249 return parent::sendError(‘replace_content’, $meta_arr[‘ihc_replace_content’], 401);1250 }1251 }1252 return true;1253 }1254 }12551256 function get_blog_from_dynamic_link($request)1257 {1258 $helper = new FlutterBlogHelper();1259 return $helper->get_blog_from_dynamic_link($request);1260 }1261 1262 function create_blog($request){1263 $helper = new FlutterBlogHelper();1264 return $helper->create_blog($request);1265 }12661267 function create_comment($request){1268 $helper = new FlutterBlogHelper();1269 return $helper->create_comment($request);1270 }12711272 function get_product_rating_counts($request){1273 $params = $request->get_url_params();1274 $productId = sanitize_text_field($params[‘id’]);1275 $product = wc_get_product( $productId );1276 $rating_1 = $product->get_rating_count(1);1277 $rating_2 = $product->get_rating_count(2);1278 $rating_3 = $product->get_rating_count(3);1279 $rating_4 = $product->get_rating_count(4);1280 $rating_5 = $product->get_rating_count(5);1281 return [“rating_1” => $rating_1, “rating_2” => $rating_2, “rating_3” => $rating_3, “rating_4” => $rating_4, “rating_5” => $rating_5];1282 }12831284 function get_products_video($request){1285 global $wpdb;1286 $table_name = $wpdb->prefix . "postmeta";1287 $page = 1;1288 $per_page = 10;12891290 if (isset($request[‘page’])) {1291 $page = sanitize_text_field($request[‘page’]);1292 if(!is_numeric($page)){1293 $page = 1;1294 }1295 }1296 if (isset($request[‘per_page’])) {1297 $per_page = sanitize_text_field($request[‘per_page’]);1298 if(!is_numeric($per_page)){1299 $per_page = 10;1300 }1301 }1302 $page = ($page - 1) * $per_page;1303 $items = $wpdb->get_results("SELECT * FROM $table_name WHERE meta_key=’_mstore_video_url’ AND meta_value IS NOT NULL AND meta_value <> ‘’ LIMIT $per_page OFFSET $page”);13041305 if(count($items) > 0){1306 $controller = new CUSTOM_WC_REST_Products_Controller();1307 $req = new WP_REST_Request(‘GET’);1308 $params = array(‘include’ => array_map(function($item){1309 return $item->post_id;1310 }, $items));1311 $req->set_query_params($params);1312 $response = $controller->get_items($req);1313 return $response->get_data();1314 }else{1315 return [];1316 }1317 }1318}13191320new FlutterWoo;

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907