/** * AJAX handler for all WPEC ajax requests. * * This function automates nonce checking and outputs JSON response. * * @since 3.8.9 * @access private */ function _wpsc_ajax_handler() { $ajax_action = str_replace('-', '_', $_REQUEST['wpsc_action']); $result = _wpsc_ajax_verify_nonce($ajax_action); if (!is_wp_error($result)) { $result = _wpsc_ajax_fire_callback($ajax_action); } $output = array('is_successful' => false); if (is_wp_error($result)) { $output['error'] = array('code' => $result->get_error_code(), 'messages' => $result->get_error_messages(), 'data' => $result->get_error_data()); } else { $output['is_successful'] = true; $output['obj'] = $result; } echo json_encode($output); exit; }
function _wpsc_ajax_verify_get_product_gallery() { return _wpsc_ajax_verify_nonce('get_gallery_' . absint($_REQUEST['postId'])); }
/** * AJAX Handler for sync products link in shipping admin * * Pings Shipwire server to get real-time inventory and tracking information for products * Processes results by updating inventory on-site for each product * Updates tracking numbers for each purchase log with one of the numbers presented (sometimes multiples are presented). * We need to figure out a good UX for multiple tracking numbers. Could potentially update the notes, but that feels janky. * Also emails customer with tracking ID. Email attempts to work out multiple tracking numbers * * @uses do_action() Calls 'wpsc_shipwire_pre_sync' on the $tracking and $inventory variables before database interaction * @uses do_action() Calls 'wpsc_shipwire_post_sync' on the $tracking and $inventory variables after database interaction * @uses apply_filters() Calls 'wpsc_shipwire_send_tracking_email' on the $order_id and $tracking_numbers arrays - a bool switch for sending the tracking email * @global $wpdb * @todo Use WPSC_Purchase_Log class to update tracking information * @since 3.8.9 * @return json Number of rows updated by each method */ public static function sync_products($product_code = '') { global $wpdb; if (defined('DOING_AJAX') && DOING_AJAX) { self::set_posted_properties(); if (!_wpsc_ajax_verify_nonce('shipping_module_settings_form')) { die(__('Session expired. Try refreshing your Shipping Settings page.', 'wp-e-commerce')); } // A bit tricky here - as we'd like this method available for all processes, not just AJAX, we have the product_code variable. // That variable will be set to the $_REQUEST['action'] from the AJAX handler. Resetting the $product_code to empty fixes the issue. // There may certainly be better ways to do this. $product_code = ''; } $product_code = isset($_POST['product_code']) ? $_POST['product_code'] : $product_code; $tracking = self::get_tracking_info(); $inventory = self::get_inventory_info(sanitize_text_field($product_code)); do_action('wpsc_shipwire_pre_sync', $tracking, $inventory); $tracking_updates = 0; foreach ($tracking as $order_id => $tracking_number) { $tracking_numbers = array_keys($tracking_number); $update = (int) $wpdb->update(WPSC_TABLE_PURCHASE_LOGS, array('track_id' => $tracking_numbers[0]), array('id' => $order_id), '%s', '%d'); $tracking_updates += $update; if (apply_filters('wpsc_shipwire_send_tracking_email', true, $order_id, $tracking_number) && $update) { self::_send_tracking_email($order_id, $tracking_number); } } $inventory_updates = 0; $product_ids = array(); $queries = array(); foreach ($inventory as $sku => $qty) { $sql = $wpdb->prepare("SELECT post_id FROM {$wpdb->postmeta} WHERE meta_key = '_wpsc_sku' AND meta_value = %s", $sku); $queries[] = $sql; $synced_product_ids = $wpdb->get_col($sql); foreach ($synced_product_ids as $product_id) { $product = get_post($product_id); if (!$product->post_status == 'publish') { continue; } $product_ids[] = $product_id; $inventory_updates += (int) update_post_meta($product_id, '_wpsc_stock', $qty); } } do_action('wpsc_shipwire_post_sync', $tracking, $inventory); $sync_response = array('tracking' => sprintf(_n('Shipwire updated %d tracking number.', 'Shipwire updated %d tracking numbers.', $tracking_updates, 'wp-e-commerce'), $tracking_updates), 'inventory' => sprintf(_n('Shipwire updated inventory on %d product.', 'Shipwire updated inventory on %d products.', $inventory_updates, 'wp-e-commerce'), $inventory_updates)); if (defined('DOING_AJAX') && DOING_AJAX) { die(json_encode($sync_response)); } return $sync_response; }