From b6b849957d190e75ea54589b6f25a2443c427243 Mon Sep 17 00:00:00 2001
From: Nugetzrul3 <52128634+Nugetzrul3@users.noreply.github.com>
Date: Fri, 6 Aug 2021 09:08:46 +1000
Subject: [PATCH 1/5] [Core] Change file_get_contents to wp_remote_get

---
 WC_Dogecash.php          | 3 ++-
 woocommerce-dogecash.php | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/WC_Dogecash.php b/WC_Dogecash.php
index 7b14b9d..bd73ffe 100644
--- a/WC_Dogecash.php
+++ b/WC_Dogecash.php
@@ -139,7 +139,8 @@ public function dogec_exchange_rate($default_currency) {
             }
 
             if ( is_checkout() ) {
-                $rate = file_get_contents(DOGEC_API_URL ."?rate=" . $default_currency);
+                $rate = wp_remote_get(DOGEC_API_URL ."?rate=" . $default_currency);
+                $rate = wp_remote_retrieve_body($rate);
                 $rate = json_decode($rate, true);
                 return $rate['result'];
             }
diff --git a/woocommerce-dogecash.php b/woocommerce-dogecash.php
index 8046bf7..f62e1f6 100644
--- a/woocommerce-dogecash.php
+++ b/woocommerce-dogecash.php
@@ -168,7 +168,8 @@ function dogec_verify_payment() {
     if(empty($transaction_id)){
         $transaction_id = "missing";
     }
-    $response = file_get_contents(DOGEC_API_URL ."?address=" . $payment_address . "&tx=" . $transaction_id . "&amount=" . $order_in_crypto . "&conf=" . $confirmation_no . "&otime=" . $order_time . "&mtime=" . $max_time_limit . "&pv=" . $plugin_version);
+    $response = wp_remote_get(DOGEC_API_URL . "?address=" . $payment_address . "&tx=" . $transaction_id . "&amount=" . $order_in_crypto . "&conf=" . $confirmation_no . "&otime=" . $order_time . "&mtime=" . $max_time_limit . "&pv=" . $plugin_version);
+    $response = wp_remote_retrieve_body($response);
     $response = json_decode($response);
 
 

From b4b58dace11902559a764b23d92924e1fb96897a Mon Sep 17 00:00:00 2001
From: Nugetzrul3 <52128634+Nugetzrul3@users.noreply.github.com>
Date: Fri, 6 Aug 2021 09:49:23 +1000
Subject: [PATCH 2/5] [Core] Add escape statements

---
 woocommerce/checkout/form-pay.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/woocommerce/checkout/form-pay.php b/woocommerce/checkout/form-pay.php
index 23a352c..fa14117 100644
--- a/woocommerce/checkout/form-pay.php
+++ b/woocommerce/checkout/form-pay.php
@@ -47,7 +47,7 @@
 				<ul class="cp-order-info-list">
 						<li class="cp-order-info-list-item">
 								<?php _e( 'Order number:', 'woocommerce' ); ?>
-								<strong><?php echo $order->get_order_number(); ?></strong>
+								<strong><?php echo esc_html($order->get_order_number()); ?></strong>
 						</li>
 
 						<li class="cp-order-info-list-item">
@@ -57,7 +57,7 @@
 
 						<li class="cp-order-info-list-item">
 								<?php _e( 'Total:', 'woocommerce' ); ?>
-								<strong><?php echo $cp_order->order_in_crypto . " " . $wc_dogec->cryptocurrency_used . " (" . $cp_order->order_total . " " . $cp_order->order_default_currency . ")" ?></strong>
+								<strong><?php echo esc_html($cp_order->order_in_crypto . " " . $wc_dogec->cryptocurrency_used . " (" . $cp_order->order_total . " " . $cp_order->order_default_currency . ")") ?></strong>
 						</li>
 				</ul>
 		</div>
@@ -70,7 +70,7 @@
 
 						<div>Amount:</div>
 						<div class="cp-input-box">
-								<input type="text" class="cp-payment-input" value="<?php echo $cp_order->order_in_crypto ?>" readonly>
+								<input type="text" class="cp-payment-input" value="<?php echo esc_attr($cp_order->order_in_crypto) ?>" readonly>
 								<button type="button" class="cp-copy-btn"><img src="<?php echo plugins_url('/woocommerce-dogecash/img/cp-copy-icon.svg') ?>" /></button>
 						</div>
 
@@ -78,7 +78,7 @@
 
 						<div>Payment Address:</div>
 						<div class="cp-input-box">
-								<input type="text" class="cp-payment-input" value="<?php echo $cp_order->payment_address ?>" readonly>
+								<input type="text" class="cp-payment-input" value="<?php echo esc_attr($cp_order->payment_address) ?>" readonly>
 								<button type="button" class="cp-copy-btn"><img src="<?php echo plugins_url('/woocommerce-dogecash/img/cp-copy-icon.svg') ?>" /></button>
 						</div>
 
@@ -88,13 +88,13 @@
 								<div class="cp-counter">00:00</div>
 								<div class="cp-payment-info">
 										<div class="cp-payment-info-status">Waiting for payment...</div>
-										<div class="cp-payment-info-text">Exchange rate locked 1 <?php echo $wc_dogec->cryptocurrency_used; ?> = <?php echo round($cp_order->order_crypto_exchange_rate, 5) . ' ' . $cp_order->order_default_currency; ?></div>
+										<div class="cp-payment-info-text">Exchange rate locked 1 <?php echo esc_html($wc_dogec->cryptocurrency_used) ?> = <?php echo esc_html(round($cp_order->order_crypto_exchange_rate, 5) . ' ' . $cp_order->order_default_currency) ?></div>
 								</div>
 						</div>
 				</div>
 				<div class="cp-box-col-2">
 						<div class="cp-qr-code-holder">
-								<img src="https://chart.googleapis.com/chart?chs=300x300&cht=qr&chl=<?php echo $cp_order->payment_address ?>&choe=UTF-8" />
+								<img src="https://chart.googleapis.com/chart?chs=300x300&cht=qr&chl=<?php echo esc_attr($cp_order->payment_address) ?>&choe=UTF-8" />
 						</div>
 				</div>
 		</div>

From ac795a4a4cd3a3a2c9a48fde6f1784b113ae08d4 Mon Sep 17 00:00:00 2001
From: Nugetzrul3 <52128634+Nugetzrul3@users.noreply.github.com>
Date: Sun, 8 Aug 2021 00:10:56 +1000
Subject: [PATCH 3/5] Change ways in which files are called

---
 WC_Dogecash.php                   | 2 +-
 woocommerce-dogecash.php          | 4 ++--
 woocommerce/checkout/form-pay.php | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/WC_Dogecash.php b/WC_Dogecash.php
index bd73ffe..186a9c4 100644
--- a/WC_Dogecash.php
+++ b/WC_Dogecash.php
@@ -117,7 +117,7 @@ public function payment_fields(){
                     <table>
                         <tr style="vertical-align: middle; text-align: left;">
                             <td width="180">
-                                <img alt="plugin logo" width="160" style="max-height: 40px;" src="<?php echo plugins_url('/woocommerce-dogecash/img/plugin-logo.png') ?>">
+                                <img alt="plugin logo" width="160" style="max-height: 40px;" src="<?php echo plugins_url('img/plugin-logo.png', __FILE__) ?>">
                             </td>
                             <td>
                                 <div>Exchange rate:</div>
diff --git a/woocommerce-dogecash.php b/woocommerce-dogecash.php
index 50fcf9b..8e1395f 100644
--- a/woocommerce-dogecash.php
+++ b/woocommerce-dogecash.php
@@ -73,8 +73,8 @@ function dogec_admin_notice()
 function dogec_load_cp_scripts()
 {
     if (is_wc_endpoint_url('order-pay')) {
-        wp_enqueue_style('cp-styles', plugins_url('/woocommerce-dogecash/css/cp-styles.css'));
-        wp_enqueue_script('cp-script', plugins_url('/woocommerce-dogecash/js/cp-script.js'));
+        wp_enqueue_style('cp-styles', plugins_url('css/cp-styles.css', __FILE__));
+        wp_enqueue_script('cp-script', plugins_url('js/cp-script.js', __FILE__));
     }
 }
 
diff --git a/woocommerce/checkout/form-pay.php b/woocommerce/checkout/form-pay.php
index fa14117..fd1157b 100644
--- a/woocommerce/checkout/form-pay.php
+++ b/woocommerce/checkout/form-pay.php
@@ -71,7 +71,7 @@
 						<div>Amount:</div>
 						<div class="cp-input-box">
 								<input type="text" class="cp-payment-input" value="<?php echo esc_attr($cp_order->order_in_crypto) ?>" readonly>
-								<button type="button" class="cp-copy-btn"><img src="<?php echo plugins_url('/woocommerce-dogecash/img/cp-copy-icon.svg') ?>" /></button>
+								<button type="button" class="cp-copy-btn"><img src="<?php echo plugins_url('/img/cp-copy-icon.svg', __FILE__) ?>" /></button>
 						</div>
 
 						<br />
@@ -79,7 +79,7 @@
 						<div>Payment Address:</div>
 						<div class="cp-input-box">
 								<input type="text" class="cp-payment-input" value="<?php echo esc_attr($cp_order->payment_address) ?>" readonly>
-								<button type="button" class="cp-copy-btn"><img src="<?php echo plugins_url('/woocommerce-dogecash/img/cp-copy-icon.svg') ?>" /></button>
+								<button type="button" class="cp-copy-btn"><img src="<?php echo plugins_url('img/cp-copy-icon.svg', __FILE__) ?>" /></button>
 						</div>
 
 						<br />

From 699f90e6502435a7ccab06f4681754562cd470ef Mon Sep 17 00:00:00 2001
From: Nugetzrul3 <52128634+Nugetzrul3@users.noreply.github.com>
Date: Sun, 8 Aug 2021 00:18:19 +1000
Subject: [PATCH 4/5] Change version

---
 readme.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/readme.txt b/readme.txt
index f2cba80..fa1580a 100644
--- a/readme.txt
+++ b/readme.txt
@@ -1,7 +1,7 @@
 === DogeCash Gateway for WooCommerce ===
 Tags: woocommerce, dogecash, cryptocurrency, gateway
 Tested up to: 5.8
-Stable tag: 4.3
+Stable tag: 1.0.4
 License: GPLv2
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
  

From 7ed93d5e2448a7bb0a36287eb24074a8920466ed Mon Sep 17 00:00:00 2001
From: Nugetzrul3 <52128634+Nugetzrul3@users.noreply.github.com>
Date: Sun, 8 Aug 2021 00:21:04 +1000
Subject: [PATCH 5/5] Add sanitization to POST parameter

---
 woocommerce-dogecash.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/woocommerce-dogecash.php b/woocommerce-dogecash.php
index 8e1395f..801a522 100644
--- a/woocommerce-dogecash.php
+++ b/woocommerce-dogecash.php
@@ -158,7 +158,7 @@ function dogec_verify_payment()
 
     $wc_dogec = new WC_Dogecash;
 
-    $order_id = $_POST['order_id'];
+    $order_id = intval(sanitize_text_field($_POST['order_id']));
     $order = new WC_Order($order_id);
 
 
