WooCommerce 2.3.10 Fix/Security Release

·

·

WooCommerce 2.3.10 was released on June 1 .  Next to bugfixes and security updates it contains some improvements for the caching system and database effectivity.

Changelog:

  • Fix – Fixed theme check notice for core supported themes.
  • Fix – Add RTL direction to emails.
  • Fix – Fixed product category media upload modal.
  • Fix – Coupon maximum discount calculation.
  • Fix – PayPal icons and URLs.
  • Fix – API – Fixed subtotal_tax round and decimal dp.
  • Fix – Wrap payment js in jquery.
  • Fix – Delete correct transient when linking variations.
  • Fix – Set default currency position format string (in case of missing or invalidwoocommerce_currency_pos option value).
  • Fix – Simplify Commerce undefined constant (‹error_code› > ‹$error› typo).
  • Fix – Fixes too many arguments in function or method call: WC_Shortcode_My_Account::add_payment_method.
  • Fix – Pass correct number of arguments to wc_lostpassword_url(),wc_nav_menu_items(), wc_nav_menu_item_classes(), andwc_change_term_counts().
  • Fix – Fixes usage of void return value fromwc_cart_totals_taxes_total_html().
  • Fix – Missing global in render_product_columns().
  • Fix – Add $args arguments to WC_Product_Factory->get_product_class() to allow $product_type to be overwritten by $args['product_type'].
  • Fix – Remove call to wp_specialchars_decode() inwc_get_price_thousand_separator() andwc_get_price_decimal_separator().
  • Fix – fclose in logging class requires a resource, not a string.
  • Fix – Prevent (admin) SQLi when setting stock levels for product variations.

 

  • Tweak – Extra escaping of customer emails in wc_customer_bought_product().
  • Tweak – Improve tooltip sanitization.
  • Tweak – Escape provided array of post codes in tax class.
  • Tweak – Escape metadata when duplicating products.
  • Tweak – Escape permalink settings slugs.
  • Tweak – Sanitize columns value in shortcodes.
  • Tweak – Use prepare for updating attributes.
  • Tweak – Use wp_safe_remote_ functions in place of wp_remote_ where applicable.
  • Tweak – Added extra capability checks to notices, email template editing, and admin ajax requests.
  • Tweak – Set nonce_user_logged_out to WC session ID, if set.
  • Tweak – Added wc_send_frame_options_header function to prevent checkout and account pages from being used in iFrames. Added via filter so this can be disabled.
  • Tweak – Validate file types are allowed for downloadable products when saving.
  • Tweak – Filter: woocommerce_cart_item_removed_title
  • Tweak – Update html-admin-page-status-report.php to show unaltered URLs.
  • Tweak – When updating transients, clear previous version of transients.
  • Tweak – Replace max_related_posts_query for performance reasons.
  • Tweak – Combine transients for get_rating_count.
  • Tweak – Bump the PrettyPhoto version during enqueue to flush caches.
  • Tweak – Remove all instances of sslverify=false #8058
  • Tweak – Error prevention when showing customer orders on the frontend.
  • Tweak – Added PH states.

We highly recommend to backup your website before updating your system and test it in a secure area first.