Merge pull request #363 from Ecwid/dev

Dev

Author: meteor-ec

ecwid-shopping-cart.php

@@ -1829,7 +1829,14 @@ function ecwid_get_clear_all_cache_action() {
 
 function ecwid_clear_all_cache()
 {
-	if ( array_key_exists( ecwid_get_clear_all_cache_action(), $_GET ) ) {
+    $key = ecwid_get_clear_all_cache_action();
+
+	if ( array_key_exists( $key, $_GET ) ) {
+        
+        if ( isset( $_GET['_wpnonce'] ) && ! wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), $key ) ) {
+			return;
+		}
+
 		ecwid_full_cache_reset();
 
 		if ( array_key_exists( 'redirect_back', $_GET ) ) {
@@ -1896,7 +1903,8 @@ function ecwid_register_admin_styles($hook_suffix) {
 			wp_enqueue_script('ecwid-welcome-page-js', ECWID_PLUGIN_URL . 'js/welcome-page.js', array(), get_option('ecwid_plugin_version'));
 			wp_localize_script('ecwid-welcome-page-js', 'ecwidParams', array(
 				'registerLink' => ecwid_get_register_link(),
-				'isWL' => Ecwid_Config::is_wl()
+				'isWL' => Ecwid_Config::is_wl(),
+                '_ajax_nonce' => wp_create_nonce( 'ec-create-store' ),
 				)
 			);
 
@@ -2111,6 +2119,14 @@ function ecwid_create_store( $params = array() ) {
 }
 
 function ecwid_ajax_create_store() {
+    if ( ! check_ajax_referer( 'ec-create-store' ) ) {
+        die();
+    }
+
+    if ( ! current_user_can( 'manage_options' ) ) {
+        die();
+    }
+
 	$result = ecwid_create_store();
 	$is_store_created = is_array( $result ) && $result['response']['code'] == 200;
 

includes/shortcodes/class-ecwid-shortcode-product.php

@@ -66,15 +66,21 @@ public function render_placeholder() {
 
 		$product = Ecwid_Product::get_without_loading( $this->_params['id'], (object) array( 'name' => '' ) );
 
+        if ( ! empty ( $product->price ) ) {
+            $price = $product->price;
+        } else {
+            $price = 0;
+        }
+
 		if ( is_array( $items ) && count( $items ) > 0 ) {
 			foreach ( $items as $item ) {
 				if ( array_key_exists( $item, $display_items ) ) {
 					if ( $item == 'title' ) {
 						$display_items[ $item ] = str_replace( '$name', $product->name, $display_items[ $item ] );
 					}
 
-					if ( $item == 'price' && ! empty( $product->price ) ) {
-						$display_items[ $item ] = str_replace( '$price', $product->price, $display_items[ $item ] );
+					if ( $item == 'price' ) {
+                        $display_items[ $item ] = str_replace( '$price', $price, $display_items[ $item ] );
 					}
 
 					if ( $this->_params['link'] == 'yes' && in_array( $item, array( 'title', 'picture' ) ) ) {

js/welcome-page.js

@@ -1,34 +1,39 @@
-jQuery(document).ready(function(){
+jQuery(document).ready(function () {
 
-	jQuery('.ec-create-store-button').on('click', function() {
-		
-	    if (ecwidParams.isWL) {
-	        location.href = ecwidParams.registerLink;
-	        return;
+    jQuery('.ec-create-store-button').on('click', function () {
+
+        if (ecwidParams.isWL) {
+            location.href = ecwidParams.registerLink;
+            return;
         }
 
         jQuery('.ec-create-store-button').addClass('btn--loading');
         jQuery('.ec-connect-store').addClass('disabled');
 
-		jQuery.ajax(ajaxurl + '?action=ecwid_create_store',
-			{
-				success: function(result) {
-        			jQuery('.ec-create-store-note').hide();
-        			jQuery('.ec-create-store-success-note').show();
-					
-					setTimeout(function() {
-						location.href="admin.php?page=ec-store&ec-store-page=complete-registration";
-					}, 1000);
-				},
-				error: function(error) {
-					if( error.status == '409' ) {
-						location.href = 'admin-post.php?action=ec_connect';
-					} else {
-						location.href = ecwidParams.registerLink;
-					}
-				}
-			}
-		);
-	});
+        var data = {
+            action: 'ecwid_create_store',
+            _ajax_nonce: ecwidParams._ajax_nonce
+        };
+
+        jQuery.ajax({
+            'url': ajaxurl,
+            'data': data,
+            'success': function (result) {
+                jQuery('.ec-create-store-note').hide();
+                jQuery('.ec-create-store-success-note').show();
+
+                setTimeout(function () {
+                    location.href = "admin.php?page=ec-store&ec-store-page=complete-registration";
+                }, 1000);
+            },
+            'error': function (error) {
+                if (error.status == '409') {
+                    location.href = 'admin-post.php?action=ec_connect';
+                } else {
+                    location.href = ecwidParams.registerLink;
+                }
+            }
+        });
+    });
 
 });

templates/admin-params.php

@@ -67,4 +67,12 @@
 
 <br />
 <h2>Clear plugin cache</h2>
-<a href="?<?php echo esc_attr( ecwid_get_clear_all_cache_action() ); ?>&redirect_back">Clear all caches</a>
+<?php
+$ec_store_clear_cache_url = add_query_arg( array(
+    'page' => 'ec-params',
+    ecwid_get_clear_all_cache_action() => 1,
+    '_wpnonce' => wp_create_nonce( ecwid_get_clear_all_cache_action() ),
+    'redirect_back' => 1,
+) );
+?>
+<a href="<?php echo esc_attr( $ec_store_clear_cache_url ); ?>">Clear all caches</a>