Updated translations

Fixed HTML elements output
Fixed parameters retrieval

Author: Ivan Chaplygin

src/include/abstracts/class-wc-retailcrm-abstracts-settings.php

@@ -804,18 +804,20 @@ public function generate_button_html($key, $data)
 
         $data = wp_parse_args($data, $defaults);
 
+        $allowed_tags = ['span' => ['class' => true, 'tabindex' => true, 'aria-label' => true, 'data-tip' => true]];
+
         ob_start();
         ?>
         <tr valign="top">
             <th scope="row" class="titledesc">
                 <label for="<?php echo esc_attr($field); ?>"><?php echo wp_kses_post($data['title']); ?></label>
-                <?php echo esc_attr($this->get_tooltip_html($data)); ?>
+                <?php echo wp_kses($this->get_tooltip_html($data), $allowed_tags); ?>
             </th>
             <td class="forminp">
                 <fieldset>
                     <legend class="screen-reader-text"><span><?php echo wp_kses_post($data['label']); ?></span></legend>
                     <button id="<?php echo esc_attr($data['id']); ?>" class="<?php echo esc_attr($data['class']); ?>" type="button" name="<?php echo esc_attr($field); ?>" id="<?php echo esc_attr($field); ?>" style="<?php echo esc_attr($data['css']); ?>" <?php echo esc_attr($this->get_custom_attribute_html($data)); ?>><?php echo wp_kses_post($data['label']); ?></button>
-                    <?php echo esc_attr($this->get_description_html($data)); ?>
+                    <?php echo wp_kses($this->get_description_html($data), $allowed_tags); ?>
                 </fieldset>
             </td>
         </tr>
@@ -863,10 +865,12 @@ public function generate_heading_html($key, $data)
     public function validate_online_assistant_field($key, $value)
     {
         $onlineAssistant = $_POST['woocommerce_integration-retailcrm_online_assistant']
-            ? sanitize_text_field(wp_unslash($_POST['woocommerce_integration-retailcrm_online_assistant']))
+            ? wp_unslash($_POST['woocommerce_integration-retailcrm_online_assistant'])
             : ''
         ;
 
+        sanitize_text_field($_POST['woocommerce_integration-retailcrm_online_assistant']);
+
         if ($onlineAssistant === '') {
             return '';
         }

src/include/class-wc-retailcrm-base.php

@@ -952,7 +952,7 @@ public function retailcrm_coupon_info()
                             'onclick' => true,
                         ],
                         'b'   => [],
-                        'i'   => ['style' => true],
+                        'i'   => ['style' => true, 'id' => true, 'onclick' => true],
                         'u'   => [],
                     ]);
                 }
@@ -1343,7 +1343,7 @@ public function retailcrm_show_loyalty()
                     'a' => ['id' => true, 'class' => true, 'href' => true, 'target' => true],
                     'div' => ['id' => true, 'class' => true],
                     'br' => [],
-                    'table' => ['style' => true, 'border' => true],
+                    'table' => ['style' => true],
                     'tbody' => ['style' => true],
                     'tr' => ['style' => true],
                     'td' => ['style' => true]

src/include/class-wc-retailcrm-ga.php

@@ -76,9 +76,11 @@ public function send_analytics() {
                 return $js;
             }
 
-            $order_id = wc_get_order_id_by_order_key(sanitize_text_field(wp_unslash($_GET['key'])));
+            $order_id = wc_get_order_id_by_order_key(wp_unslash($_GET['key']));
             $order = wc_get_order($order_id);
 
+            sanitize_text_field($_GET['key']);
+
             if (is_object($order) === false) {
                 return $js;
             }

src/include/class-wc-retailcrm-uploader.php

@@ -59,7 +59,9 @@ public function __construct($retailcrm, $orders, $customers)
          */
         public function uploadSelectedOrders()
         {
-            $ids = $_GET['order_ids_retailcrm'] ? sanitize_text_field(wp_unslash($_GET['order_ids_retailcrm'])) : [];
+            $ids = $_GET['order_ids_retailcrm'] ? wp_unslash($_GET['order_ids_retailcrm']) : [];
+
+            sanitize_text_field($_GET['order_ids_retailcrm']);
 
             WC_Retailcrm_Logger::info(__METHOD__, 'Selected order IDs: ' . json_encode($ids));
 

src/include/components/class-wc-retailcrm-loyalty-form.php

@@ -130,7 +130,7 @@ public function getInfoLoyalty(array $loyaltyAccount)
             $data[] = '<b style="font-size: 100%">' . esc_html__('History', 'woo-retailcrm') . '</b>';
 
             $htmlTable = '
-                <table style="width: 75%; border: none;>
+                <table style="width: 75%; border: none;">
                 <tbody>';
 
             foreach ($loyaltyAccount['history'] as $operation) {