added screenshot + sanitized query

bekarice · bekarice · commit 155e77b1f6af · 2015-03-05T19:30:29.000-05:00
diff --git a/readme.txt b/readme.txt
@@ -1,7 +1,7 @@
 === WooCommerce Filter Orders by Coupon ===
 Contributors: skyverge, beka.rice
 Tags: woocommerce, orders, filter orders, coupons
-Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal@skyverge.com&item_name=Donation+for+WooCommerce+Extra+Product+Sorting
+Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal@skyverge.com&item_name=Donation+for+WooCommerce+Filter+Orders
 Requires at least: 3.8
 Tested up to: 4.1
 Requires WooCommerce at least: 2.2
diff --git a/screenshots/screenshot-1.png b/screenshots/screenshot-1.png
diff --git a/woocommerce-filter-orders-by-coupon.php b/woocommerce-filter-orders-by-coupon.php
@@ -8,15 +8,15 @@
  * Version: 1.0.0
  * Text Domain: wc-filter-orders
  *
- * Copyright: (c) 2012-2015 SkyVerge, Inc. (info@skyverge.com)
+ * Copyright: (c) 2015-2015 SkyVerge, Inc. (info@skyverge.com)
  *
  * License: GNU General Public License v3.0
  * License URI: http://www.gnu.org/licenses/gpl-3.0.html
  *
  * @package   WC-Filter-Orders
  * @author    SkyVerge
  * @category  Admin
- * @copyright Copyright (c) 2012-2015, SkyVerge, Inc.
+ * @copyright Copyright (c) 2015-2015, SkyVerge, Inc.
  * @license   http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License v3.0
  *
  */
@@ -156,7 +156,7 @@ public function add_filterable_where( $where ) {
 		if ( ! empty( $_GET['_coupons_used'] ) ) {
 	
 			// Main WHERE query part
-			$where .= $wpdb->prepare( " AND woi.order_item_type='coupon' AND woi.order_item_name='%s'", $_GET['_coupons_used'] );
+			$where .= $wpdb->prepare( " AND woi.order_item_type='coupon' AND woi.order_item_name='%s'", wc_clean( $_GET['_coupons_used'] ) );
 		}
 	
 		return $where;

Original file line number	Diff line number	Diff line change
`@@ -8,15 +8,15 @@`
`8`	`8`	`* Version: 1.0.0`
`9`	`9`	`* Text Domain: wc-filter-orders`
`10`	`10`	`*`
`11`		`- * Copyright: (c) 2012-2015 SkyVerge, Inc. (info@skyverge.com)`
	`11`	`+ * Copyright: (c) 2015-2015 SkyVerge, Inc. (info@skyverge.com)`
`12`	`12`	`*`
`13`	`13`	`* License: GNU General Public License v3.0`
`14`	`14`	`* License URI: http://www.gnu.org/licenses/gpl-3.0.html`
`15`	`15`	`*`
`16`	`16`	`* @package WC-Filter-Orders`
`17`	`17`	`* @author SkyVerge`
`18`	`18`	`* @category Admin`
`19`		`- * @copyright Copyright (c) 2012-2015, SkyVerge, Inc.`
	`19`	`+ * @copyright Copyright (c) 2015-2015, SkyVerge, Inc.`
`20`	`20`	`* @license http://www.gnu.org/licenses/gpl-3.0.html GNU General Public License v3.0`
`21`	`21`	`*`
`22`	`22`	`*/`
`@@ -156,7 +156,7 @@ public function add_filterable_where( $where ) {`
`156`	`156`	`if ( ! empty( $_GET['_coupons_used'] ) ) {`
`157`	`157`
`158`	`158`	`// Main WHERE query part`
`159`		`- $where .= $wpdb->prepare( " AND woi.order_item_type='coupon' AND woi.order_item_name='%s'", $_GET['_coupons_used'] );`
	`159`	`+ $where .= $wpdb->prepare( " AND woi.order_item_type='coupon' AND woi.order_item_name='%s'", wc_clean( $_GET['_coupons_used'] ) );`
`160`	`160`	`}`
`161`	`161`
`162`	`162`	`return $where;`