Home Forums WoodMart support forum Woodmart Core Incompatible with WooCommerce Amazon & eBay Integration

Woodmart Core Incompatible with WooCommerce Amazon & eBay Integration

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • July 2, 2020 at 10:18 am #208116

    Edat
    Participant

    Hi Guys

    I’ve just spent the last 10 hours trying to find what was causing this error CORS error when trying to setup the WooCommerce Amazon & eBay Integration plugin.

    Access to XMLHttpRequest at 'https://ui.codisto.com/ebaytab/' (redirected from 'https://dev.mydomain.com/wp-admin/codisto/ebaytab/0/109135/') from origin 'https://dev.mydomain.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

    I’ve found that the following function in /wp-content/plugins/woodmart-core/post-types.php is causing the error.

    // **********************************************************************//
// ! It could be useful if you using nginx instead of apache
// **********************************************************************//

if (!function_exists('getallheaders')) {
	function getallheaders() {
		$headers = array();
		foreach ($_SERVER as $name => $value) {
			if (substr($name, 0, 5) == 'HTTP_') {
				$headers[str_replace(' ', '-', ucwords(strtolower(str_replace('_', ' ', substr($name, 5)))))] = $value;
			}
		}
		return $headers;
   }
}

    When I comment out this block of PHP code I no longer get the CORS error.

    Could you please take a look at this code and see what you can do do prevent this CORS error, or can I safely remove it all together as I’m not using nginx.

    Thanks

    July 2, 2020 at 10:19 am #208117

    Edat
    Participant

    Here’s the screen shot of the error. It happens when signing up for the trial.

    Attachments:
    You must be logged in to view attached files.
    July 2, 2020 at 10:34 am #208123

    Edat
    Participant

    It turns out that the plugin has a function of the same name.

    In this file /wp-content/plugins/woocommerce-amazon-ebay-integration/woocommerce-amazon-ebay-integration.php

    if ( ! function_exists( 'getallheaders' ) ) {
			 function getallheaders() {
				$headers = array();
				foreach ( $_SERVER as $name => $value ) {
					if ( substr( $name, 0, 5 ) == 'HTTP_' ) {
						$headers[str_replace( ' ', '-', ucwords( strtolower( str_replace( '_', ' ', substr( $name, 5 ) ) ) ) )] = $value;
					} elseif ( $name == 'CONTENT_TYPE' ) {
						$headers['Content-Type'] = $value;
					} elseif ( $name == 'CONTENT_LENGTH' ) {
						$headers['Content-Length'] = $value;
					}
				}
				return $headers;
			 }
		}
    July 2, 2020 at 10:37 am #208124

    Edat
    Participant

    This is the full public function in /wp-content/plugins/woocommerce-amazon-ebay-integration/woocommerce-amazon-ebay-integration.php

    	/**
	* proxy is used to translate local requests to the wordpress instance that represent
	* requests for UI and proxies those requests from the server back to Codisto
	*
	*/
	public function proxy() {
		global $wp;

		error_reporting( E_ERROR | E_PARSE );
		set_time_limit( 0 );

		@ini_set( 'zlib.output_compression', 'Off' );
		@ini_set( 'output_buffering', 'Off' );
		@ini_set( 'output_handler', '' );

		while( ob_get_level() > 1 ) {
			@ob_end_clean();
		}
		if ( ob_get_level() > 0 ) {
			@ob_clean();
		}

		if ( isset( $_GET['productid'] ) ) {
			wp_redirect( admin_url( 'post.php?post='.urlencode( wp_unslash( $_GET['productid'] ) ).'&action=edit#codisto_product_data' ) );
			exit;
		}

		$HostKey = get_option( 'codisto_key' );

		if ( ! function_exists( 'getallheaders' ) ) {
			 function getallheaders() {
				$headers = array();
				foreach ( $_SERVER as $name => $value ) {
					if ( substr( $name, 0, 5 ) == 'HTTP_' ) {
						$headers[str_replace( ' ', '-', ucwords( strtolower( str_replace( '_', ' ', substr( $name, 5 ) ) ) ) )] = $value;
					} elseif ( $name == 'CONTENT_TYPE' ) {
						$headers['Content-Type'] = $value;
					} elseif ( $name == 'CONTENT_LENGTH' ) {
						$headers['Content-Length'] = $value;
					}
				}
				return $headers;
			 }
		}

		$querystring = preg_replace( '/q=[^&]*&/', '', $_SERVER['QUERY_STRING'] );
		$path = $wp->query_vars['codisto-proxy-route'] . ( preg_match( '/\/(?:\\?|$)/', $_SERVER['REQUEST_URI'] ) ? '/' : '' );

		$storeId = '0';
		$merchantid = get_option( 'codisto_merchantid' );

		if ( isset( $_GET['merchantid'] ) ) {
			$merchantid = (int)$_GET['merchantid'];
		} else {
			$storematch = array();

			if ( preg_match( '/^ebaytab\/(\d+)\/(\d+)(?:\/|$)/', $path, $storematch ) ) {
				$storeId = (int)$storematch[1];
				$merchantid = (int)$storematch[2];

				$path = preg_replace( '/(^ebaytab\/)(\d+\/?)(\d+\/?)/', '$1', $path );
			}
			if ( preg_match( '/^ebaytab\/(\d+)(?:\/|$)/', $path, $storematch ) ) {
				if ( isset( $storematch[2] ) ) {
					$merchantid = (int)$storematch[2];
				}

				$path = preg_replace( '/(^ebaytab\/)(\d+\/?)/', '$1', $path );
			}
		}

		if ( ! $merchantid ) {
			$this->sendHttpHeaders(
				'404 Not Found',
				array(
					'Content-Type' => 'text/html',
					'Cache-Control' => 'no-cache, no-store',
					'Expires' => 'Thu, 01 Jan 1970 00:00:00 GMT',
					'Pragma' => 'no-cache'
				)
			);
			?>
			<h1>Resource Not Found</h1>
			<?php
			exit();
		}

		$remoteUrl = 'https://ui.codisto.com/' . $merchantid . '/'. $path . ( $querystring ? '?'.$querystring : '' );

		$adminUrl = admin_url( 'codisto/ebaytab/'.$storeId.'/'.$merchantid.'/' );

		$requestHeaders = array(
							'X-Codisto-Cart' => 'woocommerce',
							'X-Codisto-Version' => CODISTOCONNECT_VERSION,
							'X-HostKey' => $HostKey,
							'X-Admin-Base-Url' => $adminUrl,
							'Accept-Encoding' => ''
						);

		$incomingHeaders = getallheaders();

		$headerfilter = array(
			'host',
			'connection',
			'accept-encoding'
		);
		if ( $_SERVER['X-LSCACHE'] == 'on' ) {
			$headerfilter[] = 'if-none-match';
		}
		foreach ( $incomingHeaders as $name => $value ) {
			if ( ! in_array( trim( strtolower( $name ) ), $headerfilter ) ) {
				$requestHeaders[$name] = $value;
			}
		}

		$httpOptions = array(
						'method' => $_SERVER['REQUEST_METHOD'],
						'headers' => $requestHeaders,
						'timeout' => 60,
						'httpversion' => '1.0',
						'decompress' => false,
						'redirection' => 0
					);

		$upload_dir = wp_upload_dir();

		if ( is_multisite() ) {
			$certPath = $upload_dir['basedir'].'/sites/'.get_current_blog_id().'/codisto.crt';
		} else {
			$certPath = $upload_dir['basedir'].'/codisto.crt';
		}

		if ( file_exists( $certPath ) ) {
			$httpOptions['sslcertificates'] = $certPath;
		}

		if ( strtolower( $httpOptions['method'] ) == 'post' ) {
			$httpOptions['body'] = file_get_contents( 'php://input' );
		}

		for ( $retry = 0; ; $retry++ ) {

			$response = wp_remote_request( $remoteUrl, $httpOptions );

			if ( is_wp_error( $response ) ) {
				if ( $retry >= 3 ) {
					$this->sendHttpHeaders(
						'500 Server Error',
						array(
							'Content-Type' => 'text/html',
							'Cache-Control' => 'no-cache, no-store',
							'Expires' => 'Thu, 01 Jan 1970 00:00:00 GMT',
							'Pragma' => 'no-cache'
						)
					);
					echo '<h1>Error processing request</h1> <p>'.htmlspecialchars( $response->get_error_message() ).'</p>';
					exit();
				}

				if ( $response->get_error_code() == 'http_request_failed' ) {
					$certResponse = wp_remote_get( 'http://ui.codisto.com/codisto.crt' );

					if ( ! is_wp_error( $certResponse ) ) {
						@file_put_contents( $certPath, $certResponse['body'] );
						$httpOptions['sslcertificates'] = $certPath;
						continue;
					}
				}

				sleep(2);
				continue;
			}

			break;
		}

		if ( defined( 'ADVANCEDCACHEPROBLEM' ) &&
			false == strpos( $_SERVER['REQUEST_URI'], 'wp-admin') ) {
			$_SERVER['REQUEST_URI'] = '/wp-admin'.$_SERVER['REQUEST_URI'];
		}

		status_header( wp_remote_retrieve_response_code( $response ) );

		$filterHeaders = array( 'server', 'content-length', 'transfer-encoding', 'date', 'connection', 'x-storeviewmap', 'content-encoding' );

		if ( function_exists( 'header_remove' ) ) {
			@header_remove( 'Last-Modified' );
			@header_remove( 'Pragma' );
			@header_remove( 'Cache-Control' );
			@header_remove( 'Expires' );
			@header_remove( 'Content-Encoding' );
		}

		foreach ( wp_remote_retrieve_headers( $response ) as $header => $value ) {

			if ( ! in_array( strtolower( $header ), $filterHeaders, true ) ) {
				if ( is_array( $value ) ) {
					header( $header.': '.$value[0], true );

					for ( $i = 1; $i < count( $value ); $i++ ) {
						header( $header.': '.$value[$i], false );
					}
				} else {
					header( $header.': '.$value, true );
				}
			}
		}

		file_put_contents( 'php://output', wp_remote_retrieve_body( $response ) );
		exit();
	}
    July 2, 2020 at 10:39 am #208127

    Edat
    Participant

    It looks like the woodmart-core post-types.php pulled that function from the php.net manual

    https://www.php.net/manual/en/function.getallheaders.php

    Attachments:
    You must be logged in to view attached files.
    July 2, 2020 at 10:47 am #208132

    Edat
    Participant

    As a test I replaced the function in post-types.php with this one.

    if ( ! function_exists( 'getallheaders' ) ) {
			 function getallheaders() {
				$headers = array();
				foreach ( $_SERVER as $name => $value ) {
					if ( substr( $name, 0, 5 ) == 'HTTP_' ) {
						$headers[str_replace( ' ', '-', ucwords( strtolower( str_replace( '_', ' ', substr( $name, 5 ) ) ) ) )] = $value;
					} elseif ( $name == 'CONTENT_TYPE' ) {
						$headers['Content-Type'] = $value;
					} elseif ( $name == 'CONTENT_LENGTH' ) {
						$headers['Content-Length'] = $value;
					}
				}
				return $headers;
			 }
		}

    I’m now not getting any CORS errors, but I don’t know what else I may be affecting in the woodmart-core plugin.

    July 2, 2020 at 11:13 am #208142

    Artem Temos
    Keymaster

    Hello,

    This function is just for backward compatibility. If it is working correctly when you remove it then you can keep it without the function.

    Kind Regards

    July 2, 2020 at 11:47 am #208161

    Edat
    Participant

    That’s great, but it will get added back when I do an update, is there a better way to handle this?

    July 2, 2020 at 11:48 am #208162

    Artem Temos
    Keymaster

    Sorry, but there is no other way to remove this function, unfortunately.

    July 2, 2020 at 10:28 pm #208302

    Edat
    Participant

    Could you replace it with the other sample I have you that does work, and update the plugin?

    if ( ! function_exists( 'getallheaders' ) ) {
			 function getallheaders() {
				$headers = array();
				foreach ( $_SERVER as $name => $value ) {
					if ( substr( $name, 0, 5 ) == 'HTTP_' ) {
						$headers[str_replace( ' ', '-', ucwords( strtolower( str_replace( '_', ' ', substr( $name, 5 ) ) ) ) )] = $value;
					} elseif ( $name == 'CONTENT_TYPE' ) {
						$headers['Content-Type'] = $value;
					} elseif ( $name == 'CONTENT_LENGTH' ) {
						$headers['Content-Length'] = $value;
					}
				}
				return $headers;
			 }
		}
    July 3, 2020 at 6:29 am #208338

    Artem Temos
    Keymaster

    But this code works correctly for our theme and we don’t need to place extra code because it is required for an additional plugin. We took the snippet from PHP documentation examples so it is tested by a lot of people.

  • Author
    Posts

Tagged: ,

Viewing 11 posts - 1 through 11 (of 11 total)