Fixes for module issues (Plugin Check)

Author: Ivan Chaplygin

resources/pot/woo-retailcrm-es_ES.pot

@@ -629,3 +629,12 @@ msgstr "El token no es válido"
 
 msgid "Access denied"
 msgstr "Acceso denegado"
+
+msgid "%1$s bonuses will expire %2$s"
+msgstr "%1$s bonos expirarán %2$s"
+
+msgid "%1$s bonuses will active %2$s"
+msgstr "%1$s bonos se activarán %2$s"
+
+msgid "Error while processing validation: %1$s. userId: %2$s"
+msgstr "Error al procesar la validación: %1$s. userId: %2$s"

resources/pot/woo-retailcrm-ru_RU.pot

@@ -638,3 +638,12 @@ msgstr "Токен недействителен"
 
 msgid "Access denied"
 msgstr "Доступ запрещен"
+
+msgid "%1$s bonuses will expire %2$s"
+msgstr "%1$s бонусов сгорят %2$s"
+
+msgid "%1$s bonuses will active %2$s"
+msgstr "%1$s бонусов ожидают активации %2$s"
+
+msgid "Error while processing validation: %1$s. userId: %2$s"
+msgstr "Ошибка при валидации: %1$s. userId: %2$s"

src/include/abstracts/class-wc-retailcrm-abstracts-settings.php

@@ -34,7 +34,7 @@ abstract class WC_Retailcrm_Abstracts_Settings extends WC_Integration
     public function __construct()
     {
         $this->id                 = 'integration-retailcrm';
-        $this->method_title       = esc_html__('Simla.com', 'woo_retailcrm');
+        $this->method_title       = esc_html__('Simla.com', 'woo-retailcrm');
         $this->method_description = esc_html__('Integration with Simla.com management system', 'woo-retailcrm');
 
         static::$option_key = $this->get_option_key();
@@ -55,14 +55,14 @@ public function __construct()
      */
     public function ajax_retailcrm_generate_icml()
     {
-        $ajax_url = esc_url(admin_url('admin-ajax.php'));
+        $ajax_url = admin_url('admin-ajax.php');
         ?>
         <script type="text/javascript">
         jQuery('#icml-retailcrm, #wp-admin-bar-retailcrm_ajax_generate_icml').bind('click', function() {
             jQuery.ajax({
                 type: "POST",
-                url: '<?php echo $ajax_url; ?>?action=retailcrm_generate_icml',
-                data: { _ajax_nonce: '<?php echo wp_create_nonce('woo-retailcrm-admin-nonce'); ?>'},
+                url: '<?php echo esc_js($ajax_url . '?action=retailcrm_generate_icml'); ?>',
+                data: { _ajax_nonce: '<?php echo esc_js(wp_create_nonce('woo-retailcrm-admin-nonce')); ?>' },
                 success: function (response) {
                     alert('<?php echo esc_html__('Catalog was generated', 'woo-retailcrm'); ?>');
                     console.log('AJAX response : ', response);
@@ -75,14 +75,14 @@ public function ajax_retailcrm_generate_icml()
 
     public function ajax_retailcrm_upload_loyalty_price()
     {
-        $ajax_url = esc_url(admin_url('admin-ajax.php'));
+        $ajax_url = admin_url('admin-ajax.php');
         ?>
         <script type="text/javascript">
             jQuery('#upload-loyalty-price-retailcrm').bind('click', function () {
                 jQuery.ajax({
                     type: "POST",
-                    url: '<?php echo $ajax_url; ?>?action=retailcrm_upload_loyalty_price',
-                    data: { _ajax_nonce: '<?php echo wp_create_nonce('woo-retailcrm-admin-nonce'); ?>'},
+                    url: '<?php echo esc_js($ajax_url . '?action=retailcrm_upload_loyalty_price'); ?>',
+                    data: { _ajax_nonce: '<?php echo esc_js(wp_create_nonce('woo-retailcrm-admin-nonce')); ?>'},
                     success: function (response) {
                         alert('<?php echo esc_html__('Promotional prices unloaded', 'woo-retailcrm');?>');
                         console.log('AJAX response : ', response);
@@ -263,13 +263,9 @@ public function init_form_fields()
 
                     foreach ($wc_shipping_list as $shipping_code => $shipping) {
                         if (isset($shipping['enabled']) && $shipping['enabled'] == static::YES) {
-                            $title = $shipping['title'] ? esc_html($shipping['title']): '';
-                            $description = $shipping['description'] ? esc_html($shipping['description']) : '';
-
-
                             $this->form_fields[$shipping_code] = [
-                                'title'          => esc_html__($title, 'woo-retailcrm'),
-                                'description' => esc_html__($description, 'woo-retailcrm'),
+                                'title'          => $shipping['title'],
+                                'description' => $shipping['description'],
                                 'css'            => 'min-width:350px;',
                                 'class'          => 'select',
                                 'type'           => 'select',
@@ -718,7 +714,7 @@ public function init_form_fields()
 
                 $this->form_fields['corporate_enabled'] = [
                     'title'       => esc_html__('Corporate customers support', 'woo-retailcrm'),
-                    'label'       => esc_html__('Enabled'),
+                    'label'       => esc_html__('Enabled', 'woo-retailcrm'),
                     'description' => '',
                     'class'       => 'checkbox',
                     'type'        => 'checkbox',
@@ -813,13 +809,13 @@ public function generate_button_html($key, $data)
         <tr valign="top">
             <th scope="row" class="titledesc">
                 <label for="<?php echo esc_attr($field); ?>"><?php echo wp_kses_post($data['title']); ?></label>
-                <?php echo $this->get_tooltip_html($data); ?>
+                <?php echo esc_attr($this->get_tooltip_html($data)); ?>
             </th>
             <td class="forminp">
                 <fieldset>
                     <legend class="screen-reader-text"><span><?php echo wp_kses_post($data['label']); ?></span></legend>
-                    <button id="<?php echo $data['id']; ?>" class="<?php echo esc_attr($data['class']); ?>" type="button" name="<?php echo esc_attr($field); ?>" id="<?php echo esc_attr($field); ?>" style="<?php echo esc_attr($data['css']); ?>" <?php echo $this->get_custom_attribute_html($data); ?>><?php echo wp_kses_post($data['label']); ?></button>
-                    <?php echo $this->get_description_html($data); ?>
+                    <button id="<?php echo esc_attr($data['id']); ?>" class="<?php echo esc_attr($data['class']); ?>" type="button" name="<?php echo esc_attr($field); ?>" id="<?php echo esc_attr($field); ?>" style="<?php echo esc_attr($data['css']); ?>" <?php echo esc_attr($this->get_custom_attribute_html($data)); ?>><?php echo wp_kses_post($data['label']); ?></button>
+                    <?php echo esc_attr($this->get_description_html($data)); ?>
                 </fieldset>
             </td>
         </tr>

src/include/api/class-wc-retailcrm-client-v5.php

@@ -693,7 +693,7 @@ public function customersCorporateEdit(array $customerCorporate, $by = 'external
         $this->checkIdParameter($by);
         if (!array_key_exists($by, $customerCorporate)) {
             throw new InvalidArgumentException(
-                sprintf('Corporate customer array must contain the "%s" parameter.', $by)
+                sprintf('Corporate customer array must contain the "%s" parameter.', esc_attr($by))
             );
         }
 
@@ -1184,7 +1184,7 @@ public function ordersEdit(array $order, $by = 'externalId', $site = null)
 
         if (!array_key_exists($by, $order)) {
             throw new InvalidArgumentException(
-                sprintf('Order array must contain the "%s" parameter.', $by)
+                sprintf('Order array must contain the "%s" parameter.', esc_attr($by))
             );
         }
 
@@ -1298,7 +1298,7 @@ public function ordersPaymentEdit(array $payment, $by = 'externalId', $site = nu
 
         if (!array_key_exists($by, $payment)) {
             throw new InvalidArgumentException(
-                sprintf('Order array must contain the "%s" parameter.', $by)
+                sprintf('Order array must contain the "%s" parameter.', esc_attr($by))
             );
         }
 
@@ -1486,7 +1486,7 @@ public function customersEdit(array $customer, $by = 'externalId', $site = null)
 
         if (!array_key_exists($by, $customer)) {
             throw new InvalidArgumentException(
-                sprintf('Customer array must contain the "%s" parameter.', $by)
+                sprintf('Customer array must contain the "%s" parameter.', esc_attr($by))
             );
         }
 
@@ -3123,8 +3123,8 @@ protected function checkIdParameter($by)
             throw new InvalidArgumentException(
                 sprintf(
                     'Value "%s" for "by" param is not valid. Allowed values are %s.',
-                    $by,
-                    implode(', ', $allowedForBy)
+                    esc_attr($by),
+                    esc_attr(implode(', ', $allowedForBy))
                 )
             );
         }

src/include/api/class-wc-retailcrm-request.php

@@ -65,8 +65,8 @@ public function makeRequest(
             throw new \InvalidArgumentException(
                 sprintf(
                     'Method "%1$s" is not valid. Allowed methods are %2$s',
-                    $method,
-                    implode(', ', $allowedMethods)
+                    esc_attr($method),
+                    esc_attr(implode(', ', $allowedMethods))
                 )
             );
         }
@@ -110,7 +110,7 @@ public function makeRequest(
         curl_close($curlHandler);
 
         if ($errno) {
-            throw new WC_Retailcrm_Exception_Curl($error, $errno);
+            throw new WC_Retailcrm_Exception_Curl(esc_html($error), esc_html($errno));
         }
 
         return new WC_Retailcrm_Response($statusCode, $responseBody);

src/include/api/class-wc-retailcrm-response.php

@@ -43,9 +43,9 @@ public function __construct($statusCode, $responseBody = null)
             $response = json_decode($responseBody, true);
 
             if (!$response && JSON_ERROR_NONE !== ($error = json_last_error())) {
-                throw new WC_Retailcrm_Exception_Json(
-                    "Invalid JSON in the API response body. Error code #$error",
-                    $error
+                throw new WC_Retailcrm_Exception_Json(sprintf(
+                    "Invalid JSON in the API response body. Error code #%s", esc_attr($error)),
+                    esc_attr($error)
                 );
             }
 
@@ -89,7 +89,7 @@ public function __call($name, $arguments)
         $propertyName = strtolower(substr($name, 3, 1)) . substr($name, 4);
 
         if (!isset($this->response[$propertyName])) {
-            throw new \InvalidArgumentException("Method \"$name\" not found");
+            throw new \InvalidArgumentException(sprintf("Method '%s' not found", esc_attr($name)));
         }
 
         return $this->response[$propertyName];
@@ -107,7 +107,7 @@ public function __call($name, $arguments)
     public function __get($name)
     {
         if (!isset($this->response[$name])) {
-            throw new \InvalidArgumentException("Property \"$name\" not found");
+            throw new \InvalidArgumentException(sprintf("Property '%s' not found", esc_attr($name)));
         }
 
         return $this->response[$name];
@@ -161,7 +161,7 @@ public function offsetExists($offset): bool
     public function offsetGet($offset)
     {
         if (!isset($this->response[$offset])) {
-            throw new \InvalidArgumentException("Property \"$offset\" not found");
+            throw new \InvalidArgumentException(sprintf("Property '%s' not found", esc_attr($offset)));
         }
 
         return $this->response[$offset];