Changeset 836741

Timestamp:

01/11/2014 04:36:28 PM (12 years ago)

Author:

garyc40

Message:

Synced with git.

Location:

wp-e-commerce/branches/branch-3.8.13

Files:

• readme.txt (modified) (2 diffs)
• wp-shopping-cart.php (modified) (1 diff)
• wpsc-core/wpsc-constants.php (modified) (2 diffs)
• wpsc-includes/cron.php (modified) (4 diffs)
• wpsc-includes/customer.php (modified) (7 diffs)
• wpsc-includes/wpsc-meta-init.php (modified) (1 diff)

wp-e-commerce/branches/branch-3.8.13/readme.txt

@@ -5 +5 @@
 Requires at least: 3.7
 Tested up to: 3.8
-Stable tag: 3.8.13
+Stable tag: 3.8.13.2
 
 WP e-Commerce is a free WordPress Shopping Cart Plugin that lets customers buy your products, services and digital downloads online.
@@ -146 +146 @@
 
 == Changelog ==
+
+= 3.8.13.2 =
+* Fix: Anonymous customers should not be visible in admin UI.
+* Fix: Cronjob to purge anonymous customers doesn't work due to memory issues.
+* Fix: Anonymous cart items will be lost after signing in.
+
+= 3.8.13.1 =
+* Security and maintenance release
 
 = 3.8.13 =

wp-e-commerce/branches/branch-3.8.13/wp-shopping-cart.php

@@ -4 +4 @@
   * Plugin URI: http://getshopped.org/
   * Description: A plugin that provides a WordPress Shopping Cart. See also: <a href="http://getshopped.org" target="_blank">GetShopped.org</a> | <a href="http://getshopped.org/forums/" target="_blank">Support Forum</a> | <a href="http://docs.getshopped.org/" target="_blank">Documentation</a>
-  * Version: 3.8.13
+  * Version: 3.8.13.2
   * Author: Instinct Entertainment
   * Author URI: http://getshopped.org/

wp-e-commerce/branches/branch-3.8.13/wpsc-core/wpsc-constants.php

@@ -30 +30 @@
 
     // Define Plugin version
-    define( 'WPSC_VERSION'            , '3.8.13' );
-    define( 'WPSC_MINOR_VERSION'      , 'e8a508c011' );
-    define( 'WPSC_PRESENTABLE_VERSION', '3.8.13' );
+    define( 'WPSC_VERSION'            , '3.8.13.2' );
+    define( 'WPSC_MINOR_VERSION'      , 'b0ef2e3' );
+    define( 'WPSC_PRESENTABLE_VERSION', '3.8.13.2' );
     define( 'WPSC_DB_VERSION'         , 8 );
 
@@ -257 +257 @@
         add_filter( 'the_content', 'wpsc_shopping_cart', 14 );
 
-    $cart = maybe_unserialize( base64_decode( wpsc_get_customer_meta( 'cart' ) ) );
-
-    if ( is_object( $cart ) && ! is_wp_error( $cart ) )
-        $GLOBALS['wpsc_cart'] = $cart;
-    else
-        $GLOBALS['wpsc_cart'] = new wpsc_cart();
+    $GLOBALS['wpsc_cart'] = wpsc_get_customer_cart();
 }
 

wp-e-commerce/branches/branch-3.8.13/wpsc-includes/cron.php

@@ -4 +4 @@
 
 /**
- * wpsc_clear_stock_claims, clears the stock claims, runs using wp-cron and when editing purchase log statuses via the dashboard
+ * Clears the stock claims, runs on hourly WP_Cron event and when editing purchase log statuses.
+ *
+ * @since 3.8.9
+ * @access public
+ *
+ * @return void
  */
 function wpsc_clear_stock_claims() {
     global $wpdb;
 
-    $time = (float) get_option( 'wpsc_stock_keeping_time', 1 );
+    $time     = (float) get_option( 'wpsc_stock_keeping_time', 1 );
     $interval = get_option( 'wpsc_stock_keeping_interval', 'day' );
 
@@ -19 +24 @@
     );
 
-    $seconds = floor( $time * $convert[$interval] );
+    $seconds = floor( $time * $convert[ $interval ] );
 
     $sql = $wpdb->prepare( "DELETE FROM " . WPSC_TABLE_CLAIMED_STOCK . " WHERE last_activity < UTC_TIMESTAMP() - INTERVAL %d SECOND", $seconds );
@@ -25 +30 @@
 }
 
+/**
+ * Purges customer meta that is older than WPSC_CUSTOMER_DATA_EXPIRATION on an hourly WP_Cron event.
+ *
+ * @since 3.8.9.2
+ * @access public
+ *
+ * @return void
+ */
 function _wpsc_clear_customer_meta() {
     global $wpdb;
 
     require_once( ABSPATH . 'wp-admin/includes/user.php' );
+
+    $purge_count = 200;
 
     $sql = "
@@ -36 +51 @@
         meta_key = '_wpsc_last_active'
         AND meta_value < UNIX_TIMESTAMP() - " . WPSC_CUSTOMER_DATA_EXPIRATION . "
+        LIMIT {$purge_count}
     ";
 
-    $ids = $wpdb->get_col( $sql );
-    foreach ( $ids as $id ) {
-        wp_delete_user( $id );
-    }
+    /* Do this in batches of 200 to avoid memory issues when there are too many anonymous users */
+    @set_time_limit( 0 ); // no time limit
+
+    do {
+        $ids = $wpdb->get_col( $sql );
+        foreach ( $ids as $id ) {
+            wp_delete_user( $id );
+        }
+    } while ( count( $ids ) == $purge_count );
 }

wp-e-commerce/branches/branch-3.8.13/wpsc-includes/customer.php

@@ -5 +5 @@
 add_action( 'wpsc_before_submit_checkout', '_wpsc_action_update_customer_last_active'     );
 add_action( 'wp_login'                   , '_wpsc_action_setup_customer'                  );
+add_action( 'load-users.php'             , '_wpsc_action_load_users'                      );
+add_filter( 'views_users'                , '_wpsc_filter_views_users'                     );
+add_filter( 'editable_roles'             , '_wpsc_filter_editable_roles'                  );
 
 /**
@@ -124 +127 @@
  */
 function _wpsc_validate_customer_cookie() {
-    if ( is_admin() || ! isset( $_COOKIE[ WPSC_CUSTOMER_COOKIE ] ) )
-        return;
+
+    if ( is_admin() || ! isset( $_COOKIE[ WPSC_CUSTOMER_COOKIE ] ) ) {
+        return false;
+    }
 
     $cookie = $_COOKIE[ WPSC_CUSTOMER_COOKIE ];
@@ -134 +139 @@
 
     // invalid ID
-    if ( ! $id )
+    if ( ! $id ) {
         return false;
+    }
 
     $user = get_user_by( 'id', $id );
 
     // no user found
-    if ( $user === false )
+    if ( $user === false ) {
         return false;
+    }
 
     $pass_frag = substr( $user->user_pass, 8, 4 );
@@ -148 +155 @@
 
     // integrity check
-    if ( $hmac == $hash )
+    if ( $hmac == $hash ) {
         return $id;
+    }
 
     _wpsc_set_customer_cookie( '', time() - 3600 );
@@ -193 +201 @@
  */
 function _wpsc_action_setup_customer() {
-    // if the user is logged in and the cookie is still there, delete the cookie
-    if ( is_user_logged_in() && isset( $_COOKIE[WPSC_CUSTOMER_COOKIE] ) )
-        _wpsc_set_customer_cookie( '', time() - 3600 );
-
     // if the customer cookie is invalid, unset it
-    _wpsc_validate_customer_cookie();
+    $id = _wpsc_validate_customer_cookie();
+
+    // if a valid ID is present in the cookie, and the user is logged in,
+    // it's time to merge the carts
+    if ( isset( $_COOKIE[WPSC_CUSTOMER_COOKIE] ) && is_user_logged_in() ) {
+        // merging cart requires the taxonomies to have been initialized
+        if ( did_action( 'wpsc_register_taxonomies_after' ) ) {
+            _wpsc_merge_cart();
+        }
+        else {
+            add_action( 'wpsc_register_taxonomies_after', '_wpsc_merge_cart', 1 );
+        }
+    }
 
     // if this request is by a bot, prevent multiple account creation
@@ -210 +226 @@
 
     do_action( 'wpsc_setup_customer' );
+}
+
+function _wpsc_merge_cart() {
+    $old_id = _wpsc_validate_customer_cookie();
+
+    if ( ! $old_id ) {
+        return;
+    }
+
+    $new_id = get_current_user_id();
+
+    $old_cart = wpsc_get_customer_cart( $old_id );
+    $items    = $old_cart->get_items();
+
+    $new_cart = wpsc_get_customer_cart( $new_id );
+
+    // first of all empty the old cart so that the claimed stock and related
+    // hooks are released
+    $old_cart->empty_cart();
+
+    // add each item to the new cart
+    foreach ( $items as $item ) {
+        $new_cart->set_item( $item->product_id, array(
+            'quantity'         => $item->quantity,
+            'variation_values' => $item->variation_values,
+            'custom_message'   => $item->custom_message,
+            'provided_price'   => $item->provided_price,
+            'time_requested'   => $item->time_requested,
+            'custom_file'      => $item->custom_file,
+            'is_customisable'  => $item->is_customisable,
+            'meta'             => $item->meta
+        ) );
+    }
+
+    require_once( ABSPATH . 'wp-admin/includes/user.php' );
+    wp_delete_user( $old_id );
+
+    _wpsc_set_customer_cookie( '', time() - 3600 );
+}
+
+function wpsc_get_customer_cart( $id = false ) {
+    global $wpsc_cart;
+
+    if ( ! empty( $wpsc_cart ) && ( ! $id || $id == wpsc_get_current_customer_id() ) )
+        return $wpsc_cart;
+
+    $cart = maybe_unserialize( base64_decode( wpsc_get_customer_meta( 'cart', $id ) ) );
+    if ( empty( $cart ) || ! $cart instanceof wpsc_cart )
+        $cart = new wpsc_cart();
+
+    return $cart;
+}
+
+function wpsc_update_customer_cart( $cart, $id = false ) {
+    if ( ! $id || $id == wpsc_get_current_customer_id() )
+        return wpsc_serialize_shopping_cart();
+
+    return wpsc_update_customer_meta( 'cart', base64_encode( serialize( $wpsc_cart ) ), $id );
 }
 
@@ -476 +550 @@
     return false;
 }
+
+/**
+ * Given a users.php view's HTML code, this function returns the user count displayed
+ * in the view.
+ *
+ * If `count_users()` had implented caching, we could have just called that function again
+ * instead of using this hack.
+ *
+ * @access private
+ * @since  3.8.13.2
+ * @param  string $view
+ * @return int
+ */
+function _wpsc_extract_user_count( $view ) {
+    if ( preg_match( '/class="count">\((\d+)\)/', $view, $matches ) ) {
+        return absint( $matches[1] );
+    }
+
+    return 0;
+}
+
+/**
+ * Filter the user views so that Anonymous role is not displayed
+ *
+ * @since  3.8.13.2
+ * @access private
+ * @param  array $views
+ * @return array
+ */
+function _wpsc_filter_views_users( $views ) {
+    if ( isset( $views['wpsc_anonymous'] ) ) {
+        // ugly hack to make the anonymous users not count towards "All"
+        // really wish WordPress had a filter in count_users(), but in the mean time
+        // this will do
+        $anon_count = _wpsc_extract_user_count( $views['wpsc_anonymous'] );
+        $all_count = _wpsc_extract_user_count( $views['all'] );
+        $new_count = $all_count - $anon_count;
+        $views['all'] = str_replace( "(${all_count})", "(${new_count})", $views['all'] );
+    }
+
+    unset( $views['wpsc_anonymous'] );
+    return $views;
+}
+
+/**
+ * Add the action necessary to filter out anonymous users
+ *
+ * @since 3.8.13.2
+ * @access private
+ */
+function _wpsc_action_load_users() {
+    add_action( 'pre_user_query', '_wpsc_action_pre_user_query', 10, 1 );
+}
+
+/**
+ * Filter out anonymous users in "All" view
+ *
+ * @since 3.8.13.2
+ * @access private
+ * @param  WP_User_Query $query
+ */
+function _wpsc_action_pre_user_query( $query ) {
+    global $wpdb;
+
+    // only do this when we're viewing all users
+    if ( ! empty( $query->query_vars['role'] ) )
+        return;
+
+    // if the site is multisite, a JOIN is already done
+    if ( is_multisite() ) {
+        $query->query_where .= " AND CAST($wpdb->usermeta.meta_value AS CHAR) NOT LIKE '%" . like_escape( '"wpsc_anonymous"' ) . "%'";
+        return;
+    }
+
+    $cap_meta_query = array(
+        array(
+            'key'     => $wpdb->get_blog_prefix( $query->query_vars['blog_id'] ) . 'capabilities',
+            'value'   => '"wpsc_anonymous"',
+            'compare' => 'not like',
+        )
+    );
+
+    $meta_query = new WP_Meta_Query( $cap_meta_query );
+    $clauses = $meta_query->get_sql( 'user', $wpdb->users, 'ID', $query );
+
+    $query->query_from .= $clauses['join'];
+    $query->query_where .= $clauses['where'];
+}
+
+/**
+ * Make sure Anonymous role not editable
+ *
+ * @since 3.8.13.2
+ * @param  array $editable_roles
+ * @return array
+ */
+function _wpsc_filter_editable_roles( $editable_roles ) {
+    unset( $editable_roles['wpsc_anonymous'] );
+    return $editable_roles;
+}

wp-e-commerce/branches/branch-3.8.13/wpsc-includes/wpsc-meta-init.php

@@ -123 +123 @@
     foreach ( $old_meta_rows as $old_meta_row ) {
         $meta_data = maybe_unserialize( $old_meta_row->meta_value );
-        add_metadata( $meta_object_type, $old_meta_row->object_id, $old_meta_row->meta_key, $meta_data, false );
+        add_metadata( 'wpsc_' . $meta_object_type, $old_meta_row->object_id, $old_meta_row->meta_key, $meta_data, false );
     }
 }