Home Forums Theme Support Dokan Dokan PHP bugs

This topic is: not resolved

This topic contains 15 replies, has 5 voices, and was last updated by  Sekander Badsha 4 years, 7 months ago.

Viewing 15 posts - 1 through 15 (of 16 total)
  • Author
    Posts
  • #28743

    Yann
    Member
    Post count: 33

    I start this topic to report non-regression bugs in the code of Dokan plugin 1.1 when I find them. Since the Bitbucket project has been made private, I have no other place to report code errors and suggest corrections to the Dokan developers.

    ( I report regression bugs in a separate topic: http://wedevs.com/support/topic/dokan-theme-1-0-6-dokan-plugin-1-1-code-regression-report/ )

    Here is the first one :

    in classes/template-settings.php
    in function insert_settings_info()
    around line 135:

    if ( !defined(‘DOING_AJAX') && DOING_AJAX !== true ) {

    should be changed to:

    if ( !defined(‘DOING_AJAX') || DOING_AJAX !== true ) {

    (if the constant is not defined, it will never verify the second part of the condition. If it is defined, you are checking the wrong condition.)

    This PHP coding error has no practical consequence right now, but it is still a logical error that should be corrected to avoid confusion.

    #28744

    Yann
    Member
    Post count: 33

    A shortcode cannot do a wp_redirect()

    Since the Dokan dashboard is now a shortcode in the Dokan plugin version, this code is completely wrong:

    wp_redirect( add_query_arg( array( ‘message' => ‘profile_saved' ), get_permalink() ) );

    in classes/template-settings.php
    in function insert_settings_info()
    around line 138.

    This generates errors like this:
    Warning: Cannot modify header information – headers already sent by (output started at …/wp-includes/class.wp-styles.php:122) in …/wp-includes/pluggable.php on line 1121

    When we try to save store settings in the dashboard / store configuration

    This error is triggered by line 6 of the template/settings.php file that calls $dokan_template_settings->insert_settings_info(); and when at the end of this function there is an attempt to do a wp_redirect() we get those warnings. So this whole process workflow is wrong. It worked with the theme but cannot work with the plugin that uses a shortcode to include the dashboard tamplates. Please correct ASAP. This is a major bug of the Dokan plugin.

    #28745

    Yann
    Member
    Post count: 33

    …here is how lines 135 to 137 of classes/template-settings.php have to be corrected for the Dokan plugin:

    if ( !defined(‘DOING_AJAX') || DOING_AJAX !== true ) {
    $_GET[‘message'] = ‘profile_saved';
    }

    Please include this fix ASAP in the next version of the Dokan plugin.

    #28751

    Yann
    Member
    Post count: 33

    Dokan templates cannot be overriden.

    This is due to a bug in the code of the Dokan plugin

    in this file: /includes/theme-functions.php
    in this function: dokan_get_template_part()

    You check for the default templates (in the $dokan->plugin_path() directory) before you check the overridden templates ( in $dokan->template_path() ).

    The default templates are always present in the plugin directory, so the overridden templates will never get loaded.

    Lines 596-599 of the file need to be moved up before line 587 to correct this bug:

    /**
    * Get template part implementation for wedocs
    *
    * Looks at the theme directory first
    */
    function dokan_get_template_part( $slug, $name = ” ) {
    $dokan = WeDevs_Dokan::init();

    $template = ”;

    // Look in yourtheme/slug-name.php and yourtheme/dokan/slug-name.php
    if ( $name ) {
    $template = locate_template( array( “{$slug}-{$name}.php”, $dokan->template_path() . “{$slug}-{$name}.php” ) );
    }

    // If template file doesn't exist, look in yourtheme/slug.php and yourtheme/dokan/slug.php
    if ( ! $template ) {
    $template = locate_template( array( “{$slug}.php”, $dokan->template_path() . “{$slug}.php” ) );
    }

    // Get default slug-name.php
    if ( ! $template && $name && file_exists( $dokan->plugin_path() . “/templates/{$slug}-{$name}.php” ) ) {
    $template = $dokan->plugin_path() . “/templates/{$slug}-{$name}.php”;
    }

    if ( ! $template && !$name && file_exists( $dokan->plugin_path() . “/templates/{$slug}.php” ) ) {
    $template = $dokan->plugin_path() . “/templates/{$slug}.php”;
    }

    // Allow 3rd party plugin filter template file from their plugin
    $template = apply_filters( ‘dokan_get_template_part', $template, $slug, $name );

    if ( $template ) {
    load_template( $template, false );
    }
    }

    #28770

    Christopher
    Member
    Post count: 88

    messaged you.

    #28883

    Tareq Hasan
    Keymaster
    Post count: 2831

    Thanks Yann, these issues has been addressed and fixed. Thanks a bunch ๐Ÿ™‚

    #28885

    Sekander Badsha
    Member
    Post count: 2067

    Okay Yann,
    I have added these to the queue too ๐Ÿ˜€

    #28890

    Yann
    Member
    Post count: 33

    Thanks!

    I will post again in this topic if I find any other bug.

    #28955

    Yann
    Member
    Post count: 33

    Dashboard product listing pagination is broken in the Dokan plugin.

    This is because you use a WordPress rewrite_endpoint to implement dashboard sub-pages URLs in the plugin, and WP endpoints do not support pagination. So again this is a major bug due to wrong implementation of shortcode/endpoint based dashboard admin pages in the plugin.

    Since there is no way to implement pagination on WP endpoints, you have to add wp rewrite_rules somewhere to support pagination. Such as this:

    /**
    * Missing rewriterules for Dokan dashboard
    *
    */
    public function dokan_dashboard_pagination_rules() {
    //@see http://wordpress.stackexchange.com/questions/67732/setting-a-custom-sub-path-for-blog-without-using-pages

    add_rewrite_tag( ‘%fake_page%', ‘([^&]+)');

    add_rewrite_rule(
    ‘[^/]+/products/page/?([0-9]+)/?$',
    ‘index.php?fake_page=products&products=&paged=$matches[1]',
    ‘top'
    );
    }
    add_action( ‘init', array( $this, ‘dokan_dashboard_pagination_rules' ), 1 );

    public function handle_redirect() {
    global $wp;
    $template = $wp->query_vars;
    if (
    array_key_exists( ‘fake_page', $template ) &&
    ‘products' == $template[‘fake_page']
    ) {
    //note: please replace with actual template used for dashboard!
    include( get_stylesheet_directory() . ‘/dashboard.php' );
    exit;
    }
    }
    add_action( ‘template_redirect', array( $this, ‘handle_redirect' ), 1 );

    NOTE: this is just a rough code example, the rewrite rule could be better written to include the actual dashboard slug at the beginning, and there must be some way to determine the right template to use based on dokan_get_option( $page, ‘dokan_pages' ) and the _wp_page_template meta… However I implemented it to fix our site and it works.

    #28956

    Yann
    Member
    Post count: 33

    Product edit page in the dashboard is broken for published products.

    This is because depending on the context, the product-edit.php template is either loaded inside the shortcode (when the product is not published) or standing alone by itself (when the product is published). Of course this is completely wrong. Since the dashboard is now loaded inside a page context in a shortcode, you should not load the product-edit template as a standalone page.

    You have to correct this function:
    function dokan_edit_product_url()
    in this file:
    includes/theme-functions.php
    around line 701-713

    We cannot use this kind of URL anymore :
    trailingslashit( get_permalink( $product_id ) ). ‘edit/';
    …because it returns the product-edit template outside the dashboard.

    We always have to load the product edit template inside the dashboard shortcode!

    So you must correct the function to completely bypass the old kind of URL, even when the product is published:

    /**
    * Get edit product url
    *
    * @param type $product_id
    * @return type
    */
    function dokan_edit_product_url( $product_id ) {
    if ( false && get_post_field( ‘post_status', $product_id ) == ‘publish' ) {
    return trailingslashit( get_permalink( $product_id ) ). ‘edit/';
    }

    return add_query_arg( array( ‘product_id' => $product_id, ‘action' => ‘edit' ), dokan_get_navigation_url(‘products') );
    }

    NOTICE the if( false &&… ) to bypass first test. We don't want this!

    You can also simply delete lines 708-710.

    NOTE: I am not sure yet if this fix has consequences elsewhere on product edit links or buttons outside the dashboard. However it is not possible to edit products outside of the dashboard anymore because of the shortcode-based dashboard in the Dokan plugin. So this has to be fixed everywhere there is a product edit link anyway.

    #28983

    Yann
    Member
    Post count: 33

    Dashboard reports page breaks when the dashboard template files are overridden

    This is because of this include in the reports.php template:

    require_once dirname( dirname(__FILE__) ) . ‘/includes/reports.php';

    This is wrong, because when the templates are overridden, they are no longer in the Dokan plugin directory, they are in a subdirectory of the theme, so this relative path-based include can never work!

    It can be corrected this way:

    require_once( WP_PLUGIN_DIR . ‘/dokan/includes/reports.php' );

    #29172

    Yann
    Member
    Post count: 33

    [suppressed]

    #29188

    MAHMOUD HASSAN
    Member
    Post count: 3

    Yann can add me on skype or facebook to help me in some thin in my site

    #29196

    Yann
    Member
    Post count: 33

    @mahmoud: please do not use this bug reporting topic for conversation.

    Unfortunately I have no time to give free help.

    #29197

    Yann
    Member
    Post count: 33

    One of your functions is just incredibly dangerous

    http://wedevs.com/support/topic/warning-dokan-major-security-issue

    You need to implement Nonces, check for appropriate user credentials when handling POST requests, etc.

    http://codex.wordpress.org/WordPress_Nonces

    As is, this code is totally unprofessional, and a tue security hazard for any user of the Dokan plugin. This needs to be patched ASAP, and all users must be warned!

    Your plugin is a security threat fo the WordPress community. Totally unappropriate for e-commerce.

    I have a fixed version of the function if needed. I cannot give any more details here because of the security threat if the exploit is revealed.

Viewing 15 posts - 1 through 15 (of 16 total)

The topic ‘Dokan PHP bugs’ is closed to new replies.