Dokan PHP bugs

This topic contains 15 reply and 5 voices, and was last updated by Sekander Badsha 10 years, 1 month ago
Viewing 15 Posts - 1 through 15 (of 15 total)
Author Posts
October 20, 2014 at 6:49 pm 28743
Sekander Badsha I start this topic to report non-regression bugs in the code of Dokan plugin 1.1 when I find them. Since the Bitbucket project has been made private, I have no other place to report code errors and suggest corrections to the Dokan developers. ( I report regression bugs in a separate topic: http://wedevs.com/support/topic/dokan-theme-1-0-6-dokan-plugin-1-1-code-regression-report/ ) Here is the first one : in classes/template-settings.php in function insert_settings_info() around line 135: if ( !defined('DOING_AJAX') && DOING_AJAX !== true ) { should be changed to: if ( !defined('DOING_AJAX') || DOING_AJAX !== true ) { (if the constant is not defined, it will never verify the second part of the condition. If it is defined, you are checking the wrong condition.) This PHP coding error has no practical consequence right now, but it is still a logical error that should be corrected to avoid confusion.
October 20, 2014 at 7:08 pm 28744
Yann Yann

A shortcode cannot do a wp_redirect()

Since the Dokan dashboard is now a shortcode in the Dokan plugin version, this code is completely wrong:

wp_redirect( add_query_arg( array( ‘message’ => ‘profile_saved’ ), get_permalink() ) );

in classes/template-settings.php
in function insert_settings_info()
around line 138.

This generates errors like this:
Warning: Cannot modify header information – headers already sent by (output started at …/wp-includes/class.wp-styles.php:122) in …/wp-includes/pluggable.php on line 1121

When we try to save store settings in the dashboard / store configuration

This error is triggered by line 6 of the template/settings.php file that calls $dokan_template_settings->insert_settings_info(); and when at the end of this function there is an attempt to do a wp_redirect() we get those warnings. So this whole process workflow is wrong. It worked with the theme but cannot work with the plugin that uses a shortcode to include the dashboard tamplates. Please correct ASAP. This is a major bug of the Dokan plugin.

October 20, 2014 at 7:17 pm 28745
Yann Yann

…here is how lines 135 to 137 of classes/template-settings.php have to be corrected for the Dokan plugin:

if ( !defined(‘DOING_AJAX’) || DOING_AJAX !== true ) {
$_GET[‘message’] = ‘profile_saved’;
}

Please include this fix ASAP in the next version of the Dokan plugin.

October 20, 2014 at 9:16 pm 28751
Yann Yann

Dokan templates cannot be overriden.

This is due to a bug in the code of the Dokan plugin

in this file: /includes/theme-functions.php
in this function: dokan_get_template_part()

You check for the default templates (in the $dokan->plugin_path() directory) before you check the overridden templates ( in $dokan->template_path() ).

The default templates are always present in the plugin directory, so the overridden templates will never get loaded.

Lines 596-599 of the file need to be moved up before line 587 to correct this bug:

/**
* Get template part implementation for wedocs
*
* Looks at the theme directory first
*/
function dokan_get_template_part( $slug, $name = ” ) {
$dokan = WeDevs_Dokan::init();

$template = ”;

// Look in yourtheme/slug-name.php and yourtheme/dokan/slug-name.php
if ( $name ) {
$template = locate_template( array( “{$slug}-{$name}.php”, $dokan->template_path() . “{$slug}-{$name}.php” ) );
}

// If template file doesn’t exist, look in yourtheme/slug.php and yourtheme/dokan/slug.php
if ( ! $template ) {
$template = locate_template( array( “{$slug}.php”, $dokan->template_path() . “{$slug}.php” ) );
}

// Get default slug-name.php
if ( ! $template && $name && file_exists( $dokan->plugin_path() . “/templates/{$slug}-{$name}.php” ) ) {
$template = $dokan->plugin_path() . “/templates/{$slug}-{$name}.php”;
}

if ( ! $template && !$name && file_exists( $dokan->plugin_path() . “/templates/{$slug}.php” ) ) {
$template = $dokan->plugin_path() . “/templates/{$slug}.php”;
}

// Allow 3rd party plugin filter template file from their plugin
$template = apply_filters( ‘dokan_get_template_part’, $template, $slug, $name );

if ( $template ) {
load_template( $template, false );
}
}

October 21, 2014 at 4:03 am 28770
Christopher Christopher

messaged you.

October 22, 2014 at 8:54 pm 28883
Tareq Hasan Tareq Hasan

Thanks Yann, these issues has been addressed and fixed. Thanks a bunch 🙂

October 22, 2014 at 9:14 pm 28885
Sekander Badsha Sekander Badsha

Okay Yann,
I have added these to the queue too 😀

October 22, 2014 at 10:05 pm 28890
Yann Yann

Thanks!

I will post again in this topic if I find any other bug.

October 23, 2014 at 4:53 pm 28955
Yann Yann

Dashboard product listing pagination is broken in the Dokan plugin.

This is because you use a WordPress rewrite_endpoint to implement dashboard sub-pages URLs in the plugin, and WP endpoints do not support pagination. So again this is a major bug due to wrong implementation of shortcode/endpoint based dashboard admin pages in the plugin.

Since there is no way to implement pagination on WP endpoints, you have to add wp rewrite_rules somewhere to support pagination. Such as this:

/**
* Missing rewriterules for Dokan dashboard
*
*/
public function dokan_dashboard_pagination_rules() {
//@see http://wordpress.stackexchange.com/questions/67732/setting-a-custom-sub-path-for-blog-without-using-pages

add_rewrite_tag( ‘%fake_page%’, ‘([^&]+)’);

add_rewrite_rule(
‘[^/]+/products/page/?([0-9]+)/?$’,
‘index.php?fake_page=products&products=&paged=$matches[1]’,
‘top’
);
}
add_action( ‘init’, array( $this, ‘dokan_dashboard_pagination_rules’ ), 1 );

public function handle_redirect() {
global $wp;
$template = $wp->query_vars;
if (
array_key_exists( ‘fake_page’, $template ) &&
‘products’ == $template[‘fake_page’]
) {
//note: please replace with actual template used for dashboard!
include( get_stylesheet_directory() . ‘/dashboard.php’ );
exit;
}
}
add_action( ‘template_redirect’, array( $this, ‘handle_redirect’ ), 1 );

NOTE: this is just a rough code example, the rewrite rule could be better written to include the actual dashboard slug at the beginning, and there must be some way to determine the right template to use based on dokan_get_option( $page, ‘dokan_pages’ ) and the _wp_page_template meta… However I implemented it to fix our site and it works.

October 23, 2014 at 5:02 pm 28956
Yann Yann

Product edit page in the dashboard is broken for published products.

This is because depending on the context, the product-edit.php template is either loaded inside the shortcode (when the product is not published) or standing alone by itself (when the product is published). Of course this is completely wrong. Since the dashboard is now loaded inside a page context in a shortcode, you should not load the product-edit template as a standalone page.

You have to correct this function:
function dokan_edit_product_url()
in this file:
includes/theme-functions.php
around line 701-713

We cannot use this kind of URL anymore :
trailingslashit( get_permalink( $product_id ) ). ‘edit/’;
…because it returns the product-edit template outside the dashboard.

We always have to load the product edit template inside the dashboard shortcode!

So you must correct the function to completely bypass the old kind of URL, even when the product is published:

/**
* Get edit product url
*
* @param type $product_id
* @return type
*/
function dokan_edit_product_url( $product_id ) {
if ( false && get_post_field( ‘post_status’, $product_id ) == ‘publish’ ) {
return trailingslashit( get_permalink( $product_id ) ). ‘edit/’;
}

return add_query_arg( array( ‘product_id’ => $product_id, ‘action’ => ‘edit’ ), dokan_get_navigation_url(‘products’) );
}

NOTICE the if( false &&… ) to bypass first test. We don’t want this!

You can also simply delete lines 708-710.

NOTE: I am not sure yet if this fix has consequences elsewhere on product edit links or buttons outside the dashboard. However it is not possible to edit products outside of the dashboard anymore because of the shortcode-based dashboard in the Dokan plugin. So this has to be fixed everywhere there is a product edit link anyway.

October 24, 2014 at 12:06 am 28983
Yann Yann

Dashboard reports page breaks when the dashboard template files are overridden

This is because of this include in the reports.php template:

require_once dirname( dirname(__FILE__) ) . ‘/includes/reports.php’;

This is wrong, because when the templates are overridden, they are no longer in the Dokan plugin directory, they are in a subdirectory of the theme, so this relative path-based include can never work!

It can be corrected this way:

require_once( WP_PLUGIN_DIR . ‘/dokan/includes/reports.php’ );

October 27, 2014 at 7:50 pm 29172
Yann Yann

[suppressed]

October 27, 2014 at 10:33 pm 29188
MAHMOUD HASSAN MAHMOUD HASSAN

Yann can add me on skype or facebook to help me in some thin in my site

October 28, 2014 at 12:20 am 29196
Yann Yann

@Mahmoud: please do not use this bug reporting topic for conversation.

Unfortunately I have no time to give free help.

October 28, 2014 at 12:23 am 29197
Yann Yann

One of your functions is just incredibly dangerous

http://wedevs.com/support/topic/warning-dokan-major-security-issue

You need to implement Nonces, check for appropriate user credentials when handling POST requests, etc.

http://codex.wordpress.org/WordPress_Nonces

As is, this code is totally unprofessional, and a tue security hazard for any user of the Dokan plugin. This needs to be patched ASAP, and all users must be warned!

Your plugin is a security threat fo the WordPress community. Totally unappropriate for e-commerce.

I have a fixed version of the function if needed. I cannot give any more details here because of the security threat if the exploit is revealed.

October 29, 2014 at 5:34 pm 29369
Sekander Badsha Sekander Badsha

Added on the queue.

Viewing 15 Posts - 1 through 15 (of 15 total)