Merge branch 'develop' into fix/phpcs-security-issues

getdokan · Jun 26, 2024 · cdb9839 · cdb9839
2 parents 105d7dd + d2a44e3
commit cdb9839
Show file tree

Hide file tree

Showing 112 changed files with 3,607 additions and 1,296 deletions.
diff --git a/.github/workflows/e2e_api_tests.yml b/.github/workflows/e2e_api_tests.yml
@@ -43,6 +43,7 @@ env:
     VENDOR: vendor1
     VENDOR2: vendor2
     CUSTOMER: customer1
+    CUSTOMER2: customer2
     USER_PASSWORD: 01dokan01
     GMAP: ${{secrets.GMAP}}
     BASE_URL: http://localhost:9999

diff --git a/.github/workflows/phpcs.yml b/.github/workflows/phpcs.yml
@@ -6,34 +6,34 @@ jobs:
     name: Run PHPCS inspection
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '7.3'
+          php-version: '7.4'
           coverage: none
-          tools: cs2pr, composer:v1
+          tools: cs2pr, composer:v2
 
       - name: Get composer cache directory
         id: composercache
-        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache dependencies
-        uses: actions/cache@v2
+        uses: actions/cache@v4
         with:
           path: ${{ steps.composercache.outputs.dir }}
-          key: ${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}
+          key: "${{ runner.os }}-composer-${{ hashFiles('**/composer.lock') }}"
           restore-keys: ${{ runner.os }}-composer-
 
       - name: Install dependencies
-        run: composer install --prefer-dist --no-suggest --no-progress
+        run: composer install --prefer-dist --no-progress
 
       - id: changes
         run: |
           URL="https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files"
-          FILES=$(curl -s -X GET -G $URL | jq -r '.[] | .filename' | xargs)
-          echo "::set-output name=files::$FILES"
+          FILES=$(curl --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' -s -X GET -G $URL | jq -r '.[] | .filename' | xargs)
+          echo "files=$FILES" >> $GITHUB_OUTPUT
 
       - name: Detect coding standard violations
         run: vendor/bin/phpcs ${{ steps.changes.outputs.files }} -q --report=checkstyle | cs2pr --graceful-warnings
diff --git a/README.md b/README.md
@@ -1,17 +1,17 @@
-# Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy #
+# Dokan - Powerful WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy #
 **Contributors:** [tareq1988](https://profiles.wordpress.org/tareq1988/), [wedevs](https://profiles.wordpress.org/wedevs/), [nizamuddinbabu](https://profiles.wordpress.org/nizamuddinbabu/)  
 **Donate Link:** http://tareq.co/donate/  
 **Tags:** WooCommerce multivendor marketplace, multivendor marketplace, multivendor, multi seller, multi vendor, WooCommerce marketplace, WooCommerce product vendors  
 **Requires at least:** 6.4  
-**Tested up to:** 6.5.3  
+**Tested up to:** 6.5.4  
 **WC requires at least:** 8.0.0  
-**WC tested up to:** 8.8.3  
+**WC tested up to:** 8.9.2  
 **Requires PHP:** 7.4  
-**Stable tag:** 3.11.0  
+**Stable tag:** 3.11.3  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  
 
-Transform your WooCommerce site into a robust multivendor marketplace with Dokan - the #1 WooCommerce multivendor marketplace solution!
+Transform your WooCommerce site into a multivendor marketplace with Dokan - a powerful and advanced WooCommerce multivendor marketplace solution
 
 ## Description ##
 
@@ -69,7 +69,7 @@ Here is how you can build your multivendor marketplace with Dokan.
 
 👏 “Best investment we made last year.”
 
-👏 [“Excellent product. Ease of use. Saved hundreds of work hours with lots of additional benefits.”] (https://www.capterra.com/p/168004/Dokan-Multivendor-Marketplace/reviews/543139/)
+👏 “[Excellent product. Ease of use. Saved hundreds of work hours with lots of additional benefits] (https://www.capterra.com/p/168004/Dokan-Multivendor-Marketplace/reviews/543139/)”
 
 ### SUCCESS STORIES WE ARE PROUD TO BE A PART OF ###
 
@@ -308,7 +308,7 @@ A. Not for the moment. We have plans to integrate with BuddyPress via an add-on
 A. Yes, Dokan is fully responsive. We take mobile first approach and it displays very well in mobile and tablet devices. We are using Twitter Bootstrap as a framework and it just works.
 
 ### Q. Does it supports variable products? ###
-A. The **Pro** version does! You can seller normal products, downloadable products and variable products with your own attributes.
+A. The **Pro** version does! You can sell normal products, downloadable products, and variable products with your own attributes.
 
 ### Q. Can each vendor customize his store? ###
 A. Right now we have options for only changing the store banner page. We are working on a better customizable seller store page.
@@ -347,6 +347,19 @@ A. Just install and activate the PRO version without deleting the free plugin. A
 
 ## Changelog ##
 
+### v3.11.3 ( Jun 10, 2024 ) ###
+
+- **fix:** Responsive issue on vendor dashboard tabs preview.
+
+### v3.11.2 ( May 27, 2024 ) ###
+
+- **update:** WooCommerce 8.9.1 Compatibility added.
+
+### v3.11.1 ( May 16, 2024 ) ###
+
+- **new:** Action hook `dokan_dashboard_sidebar_start` added.
+- **new:** Action hook `dokan_dashboard_sidebar_end` added.
+
 ### v3.11.0 ( May 10, 2024 ) ###
 
 - **fix:** The status of sub-orders does not update to completed if it contains only virtual products.

diff --git a/assets/css/style.css b/assets/css/style.css
@@ -519,6 +519,7 @@ ul.dokan_tabs {
   border-bottom: 1px solid #EDEDED;
   margin-bottom: 20px;
   line-height: 24px;
+  margin-left: 0;
 }
 ul.dokan_tabs > li {
   margin-bottom: -1px !important;
@@ -2367,6 +2368,7 @@ div.media-sidebar a.edit-attachment {
   margin: 0 0 10px 0;
   border-bottom: 1px solid #EDEDED;
   padding: 0 0 10px 0;
+  line-height: 1.25;
 }
 .dokan-dashboard header.dokan-dashboard-header .dokan-add-product-link .dokan-btn {
   margin-right: 10px;
@@ -6373,6 +6375,23 @@ p.vendor-customer-registration .radio:hover {
     float: none;
     width: 100%;
   }
+  .dokan-dashboard .dokan-dash-sidebar ul.dokan_tabs,
+  .dokan-dashboard .dokan-dashboard-content ul.dokan_tabs {
+    border: 0;
+    gap: 0.5rem;
+    display: flex;
+    flex-wrap: wrap;
+    align-items: flex-start;
+  }
+  .dokan-dashboard .dokan-dash-sidebar ul.dokan_tabs li,
+  .dokan-dashboard .dokan-dashboard-content ul.dokan_tabs li {
+    margin: auto 0 !important;
+    border-bottom: 1px solid #EDEDED;
+  }
+  .dokan-dashboard .dokan-dash-sidebar ul.dokan_tabs li.active a,
+  .dokan-dashboard .dokan-dashboard-content ul.dokan_tabs li.active a {
+    border-bottom: 1px solid #EDEDED;
+  }
   .dokan-dashboard .product-edit-new-container .dokan-edit-row .dokan-side-left,
   .dokan-dashboard .product-edit-new-container .dokan-edit-row .dokan-side-right {
     float: none;

diff --git a/assets/js/vue-admin.js b/assets/js/vue-admin.js
diff --git a/assets/src/less/dashboard.less b/assets/src/less/dashboard.less
@@ -55,6 +55,7 @@ div.media-sidebar a.edit-attachment{
             margin: 0 0 10px 0;
             border-bottom: 1px solid @borderColor;
             padding: 0 0 10px 0;
+            line-height: 1.25;
         }
         .dokan-add-product-link{
             .dokan-btn{

diff --git a/assets/src/less/extra.less b/assets/src/less/extra.less
@@ -63,6 +63,7 @@ ul.dokan_tabs {
   border-bottom: 1px solid @borderColor;
   margin-bottom: 20px;
   line-height: 24px;
+  margin-left: 0;
 
   > li {
     margin-bottom: -1px !important;

diff --git a/assets/src/less/responsive.less b/assets/src/less/responsive.less
@@ -200,6 +200,25 @@
     .dokan-dashboard-content {
       float: none;
       width: 100%;
+
+      ul.dokan_tabs {
+        border: 0;
+        gap: .5rem;
+        display: flex;
+        flex-wrap: wrap;
+        align-items: flex-start;
+
+        li {
+          margin: auto 0 !important;
+          border-bottom: 1px solid #EDEDED;
+
+          &.active {
+            a {
+              border-bottom: 1px solid #EDEDED;
+            }
+          }
+        }
+      }
     }
     .product-edit-new-container {
       .dokan-edit-row {

diff --git a/dokan.php b/dokan.php
@@ -3,13 +3,13 @@
  * Plugin Name: Dokan
  * Plugin URI: https://dokan.co/wordpress/
  * Description: An e-commerce marketplace plugin for WordPress. Powered by WooCommerce and weDevs.
- * Version: 3.11.0
+ * Version: 3.11.3
  * Author: weDevs
  * Author URI: https://dokan.co/
  * Text Domain: dokan-lite
  * Requires Plugins: woocommerce
  * WC requires at least: 8.0.0
- * WC tested up to: 8.8.3
+ * WC tested up to: 8.9.2
  * Domain Path: /languages/
  * License: GPL2
  */
@@ -66,7 +66,7 @@ final class WeDevs_Dokan {
      *
      * @var string
      */
-    public $version = '3.11.0';
+    public $version = '3.11.3';
 
     /**
      * Instance of self

diff --git a/includes/Admin/Notices/Helper.php b/includes/Admin/Notices/Helper.php
@@ -116,18 +116,11 @@ public static function is_pro_license_active(): bool {
             return false;
         }
 
-        if ( ! property_exists( dokan_pro(), 'license' ) ) {
-            // this is old version of dokan pro
+        try {
+            return dokan_pro()->license->is_valid();
+        } catch ( \Exception $e ) {
             return false;
         }
-
-        $license = dokan_pro()->license->plugin_update_message();
-        if ( ! empty( $license ) ) {
-            // if the plugin update message is not empty, then the license is not active
-            return false;
-        }
-
-        return true;
     }
 
     /**

diff --git a/includes/Admin/functions.php b/includes/Admin/functions.php
@@ -109,7 +109,7 @@ function dokan_admin_report_data( $group_by = 'day', $year = '', $start = '', $e
                     {$date_where}
             GROUP BY {$group_by_query}";
 
-    $data = $wpdb->get_results( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL
+    $data = $wpdb->get_results( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
 
     return apply_filters( 'dokan_get_admin_report_data', $data, $group_by, $year, $start, $end, $seller_id );
 }
@@ -433,7 +433,7 @@ function dokan_admin_report_by_seller( $chosen_seller_id = 0 ) {
                 $date_where
             GROUP BY $group_by_query";
 
-    $data = $wpdb->get_results( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL
+    $data = $wpdb->get_results( $sql ); // phpcs:ignore WordPress.DB.PreparedSQL, WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
 
     // Prepare data for report
     $order_counts    = dokan_prepare_chart_data( $data, 'order_date', 'total_orders', $chart_interval, $start_date_to_time, $group_by );

diff --git a/includes/Order/Manager.php b/includes/Order/Manager.php
@@ -369,6 +369,7 @@ public function is_order_already_synced( $order_id ) {
             return false;
         }
 
+        // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
         $order_id = $wpdb->get_var( $wpdb->prepare( "SELECT 1 FROM {$wpdb->prefix}dokan_orders WHERE order_id=%d LIMIT 1", $order_id ) );
 
         return wc_string_to_bool( $order_id );
@@ -387,12 +388,12 @@ public function is_order_already_synced( $order_id ) {
     public function is_seller_has_order( $seller_id, $order_id ) {
         global $wpdb;
 
-        return 1 === (int) $wpdb->get_var(
-                $wpdb->prepare(
-                    "SELECT 1 FROM {$wpdb->prefix}dokan_orders WHERE seller_id = %d AND order_id = %d LIMIT 1",
-                    [ $seller_id, $order_id ]
-                )
-            );
+        return 1 === (int) $wpdb->get_var( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
+            $wpdb->prepare(
+                "SELECT 1 FROM {$wpdb->prefix}dokan_orders WHERE seller_id = %d AND order_id = %d LIMIT 1",
+                [ $seller_id, $order_id ]
+            )
+        );
     }
 
     /**
@@ -487,6 +488,7 @@ public function delete_seller_order( $order_id, $seller_id = null ) {
             $where_format[]     = '%d';
         }
 
+        // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
         $deleted = $wpdb->delete( $wpdb->prefix . 'dokan_orders', $where, $where_format );
         if ( false === $deleted ) {
             dokan_log( sprintf( '[DeleteSellerOrder] Error while deleting dokan order table data, order_id: %d, Database Error: %s  ', $order_id, $wpdb->last_error ) );
@@ -495,7 +497,7 @@ public function delete_seller_order( $order_id, $seller_id = null ) {
         }
 
         // delete from dokan refund table -> order_id
-        $deleted = $wpdb->query(
+        $deleted = $wpdb->query(  // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             $wpdb->prepare(
                 "DELETE FROM `{$wpdb->prefix}dokan_refund` WHERE order_id = %d",
                 [ $order_id ]
@@ -508,7 +510,7 @@ public function delete_seller_order( $order_id, $seller_id = null ) {
         do_action( 'dokan_after_deleting_seller_order', $order_id );
 
         // delete data from vendor balance table -> trn_id, trn_type: dokan_orders, dokan_refund, dokan_withdraw
-        $deleted = $wpdb->query(
+        $deleted = $wpdb->query( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             $wpdb->prepare(
                 "DELETE FROM `{$wpdb->prefix}dokan_vendor_balance`
                 WHERE trn_id = %d AND trn_type in ( %s, %s, %s )",
@@ -520,7 +522,7 @@ public function delete_seller_order( $order_id, $seller_id = null ) {
         }
 
         // delete data from reverse withdrawal table -> order_id, trn_type: order_commission, manual_order_commission, order_refund
-        $deleted = $wpdb->query(
+        $deleted = $wpdb->query( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             $wpdb->prepare(
                 "DELETE FROM `{$wpdb->prefix}dokan_reverse_withdrawal`
                 WHERE trn_id = %d AND trn_type in ( %s, %s, %s )",

diff --git a/includes/Order/MiscHooks.php b/includes/Order/MiscHooks.php
@@ -50,7 +50,9 @@ public function delete_child_order_from_wc_order_product( $args ) {
 
         if ( $order->get_parent_id() ) {
             global $wpdb;
+            // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             $wpdb->delete( $wpdb->prefix . 'wc_order_product_lookup', [ 'order_id' => $order->get_id() ] );
+            // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             $wpdb->delete( $wpdb->prefix . 'wc_order_stats', [ 'order_id' => $order->get_id() ] );
         }
     }

diff --git a/includes/ProductCategory/Hooks.php b/includes/ProductCategory/Hooks.php
@@ -84,7 +84,7 @@ public function add_chosen_categories_to_action_queue( $category_id ) {
         $search_key          = '%' . $wpdb->esc_like( $category_id ) . '%';
 
         while ( null !== $results ) {
-            $results = $wpdb->get_results(
+            $results = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
                 $wpdb->prepare( "SELECT post_id, meta_value FROM {$wpdb->prefix}postmeta where meta_key='chosen_product_cat' AND meta_value LIKE %s LIMIT %d OFFSET %d", $search_key, $limit, $offset ),
                 ARRAY_A
             );

diff --git a/includes/Registration.php b/includes/Registration.php
@@ -51,7 +51,7 @@ public function validate_registration( $error ) {
         $allowed_roles = apply_filters( 'dokan_register_user_role', [ 'customer', 'seller' ] );
 
         // is the role name allowed or user is trying to manipulate?
-        if ( isset( $_POST['role'] ) && ! in_array( $_POST['role'], $allowed_roles, true ) ) {
+        if ( empty( $_POST['role'] ) || ( ! in_array( $_POST['role'], $allowed_roles, true ) ) ) {
             return new WP_Error( 'role-error', __( 'Cheating, eh?', 'dokan-lite' ) );
         }
 

diff --git a/includes/ReverseWithdrawal/Manager.php b/includes/ReverseWithdrawal/Manager.php
@@ -556,7 +556,7 @@ public function insert( $args = [] ) {
         ];
 
         // add data into database
-        $inserted  = $wpdb->insert( $this->get_table(), $data, $format );
+        $inserted  = $wpdb->insert( $this->get_table(), $data, $format ); // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
         $insert_id = $wpdb->insert_id;
 
         if ( false === $inserted ) {

diff --git a/includes/Upgrade/Upgrades/BackgroundProcesses/V_2_8_3_VendorBalance.php b/includes/Upgrade/Upgrades/BackgroundProcesses/V_2_8_3_VendorBalance.php
@@ -83,7 +83,7 @@ private function migrate_order_data_283( $paged ) {
         $count         = $limit * $paged;
         $threshold_day = dokan_get_option( 'withdraw_date_limit', 'dokan_withdraw', 0 );
 
-        $results = $wpdb->get_results(
+        $results = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             $wpdb->prepare(
                 "SELECT `order`.*, post.post_date from {$wpdb->prefix}dokan_orders as `order` left join {$wpdb->prefix}posts as post on post.ID = order.order_id LIMIT %d OFFSET %d",
                 $limit, $count
@@ -127,7 +127,7 @@ private function migrate_withdraw_data_283( $paged ) {
 
         $limit   = 100;
         $count   = $limit * $paged;
-        $results = $wpdb->get_results(
+        $results = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             $wpdb->prepare(
                 "SELECT * from {$wpdb->prefix}dokan_withdraw WHERE `status` = 1 LIMIT %d OFFSET %d",
                 $limit, $count
@@ -166,7 +166,7 @@ private function migrate_withdraw_data_283( $paged ) {
     private function insert_vendor_balance_data_283( $data ) {
         global $wpdb;
 
-        $wpdb->insert(
+        $wpdb->insert( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery
             $wpdb->prefix . 'dokan_vendor_balance', $data,
             array(
                 '%d',

diff --git a/includes/Upgrade/Upgrades/BackgroundProcesses/V_2_9_4_OrderPostAuthor.php b/includes/Upgrade/Upgrades/BackgroundProcesses/V_2_9_4_OrderPostAuthor.php
@@ -44,7 +44,7 @@ private function update_shop_order_post_author( $paged ) {
 
         $limit  = 100;
         $count  = $limit * $paged;
-        $orders = $wpdb->get_results(
+        $orders = $wpdb->get_results( // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching
             $wpdb->prepare(
                 "SELECT `id`, `post_author` FROM {$wpdb->posts} WHERE `post_type` = 'shop_order' LIMIT %d OFFSET %d",
                 $limit, $count