Are you accepting patch submissions or do you have any contributor guidelines?
The only information on contributing I could find on the project page was a link to the SVN repo and an RSS feed.
If your accepting contributions what is the process for submitting changes upstream?
When will these be released or how to we get them?
]]>Support status for HPOS tables for WC have not been declared, and support for recent WP and WC versions has not been clarified which would be courteous to users.
Pretty useful plugin though which is why I’m here to provide some assistance and suggestion for improvement.
As some commenters have asked about there are some holes in this method – no shade on author, he’s just using a builtin hook in woo but implementing it nicely as a plugin.
The holes are as stated about yith wishlist – and I can confirm also with CommerceGurus Commercekit wishlist function (and probably others) – that if a customer adds a “non-purchasable” product to their wishlist, then visits the wishlist page, they will be presented with an “add to cart” button, which dutifully and blindly bypasses the plugins intended purpose, and allows purchase of ostensibly ‘non-purchasable’ products.
The second hole is of course that by inspecting a product page using developer tools in any browser, a sneaky customer could still retrieve the product ID (eg:59) and then visit “www.exampleshop.com/?add-to-cart=59&quantity=1” whereby the product will be added to cart anyway.
Although I have personally patched my CommerceKit plugin to render a “Non-purchasable” button instead of rendering the add to cart button in the wishlist table, I thought I might also share a solution which may “head em off at the pass” so to speak.
The below code will run a check when visiting the cart page and remove any “non-purchasable” products that may’ve been added to the cart via either of the above (or other) means.
// This function checks for items that are non-purchasable but have been added to the cart via sneaky methods (wishlist plugs and or direct url additions).
function check_for_sneaky_non_purchasable_products_added() {
if ( WC()->cart->is_empty() ) {
return;
}
$removed_products = [];
foreach ( WC()->cart->get_cart() as $cart_item_key => $cart_item ) {
$product_obj = $cart_item['data'];
$nonbuyablecheck = get_post_meta($product_obj->get_id(), '_not_buyable', yes);
if ( $nonbuyablecheck == 'yes' ) {
WC()->cart->remove_cart_item( $cart_item_key );
$removed_products[] = $product_obj;
}
}
if (!empty($removed_products)) {
wc_clear_notices(); // remove any WC notice about sorry about out of stock products to be removed from cart.
foreach ( $removed_products as $idx => $product_obj ) {
$product_name = $product_obj->get_title();
$msg = sprintf( __( "The product '%s' was removed from your cart because it is non-purchasable online. Not sure how you added it to cart, but it is now removed.", 'woocommerce' ), $product_name);
wc_add_notice( $msg, 'error' );
}
}
}
add_action('woocommerce_before_cart', 'check_for_sneaky_non_purchasable_products_added');
add_action('woocommerce_review_order_before_cart_contents', 'check_for_sneaky_non_purchasable_products_added');The above code is a quick hacky solution, but is confirmed working as of time of writing. It can be implemented using a code snippet plugin, a standalone snippet plugin of you own making, or by adding to functions.php of your theme.
I hope this might help out anyone scratching their head as to how a customer ordered a product which they defined as not buyable.
Please use it with caution – if you’re not comfortable with code snippets at least, then i recommend passing it to a developer to implement in a safe way – you really don’t wanna be breaking cart or checkout pages so please be careful.
Of course if anyone has additions to the code or suggestions or something I’ve missed please do reply and help everyone out – me included!
Hope this helps someone, have a great day everyone! 
I’m not sure where Gutenberg support stands at this point (the Gutenberg/Events Manager blog post is pretty old…), but it would be great if em_posts.php were updated to include this fix.
I, for one, use WordFence security to make sure there’s been no malicious changes to plugin files, so it alerts me to the fact that my version of em_posts.php (edited to include the fix) doesn’t match the WordPress repository version. I’m sure I could kludge something together via some functions.php code, but just incorporating the fix would be better.
I’d be happy to supply a specific patch or pull request (but it’s just adding one line to the two register_taxonomy calls).
]]>I’d give this more credence because of his background if it weren’t for the fact that I’ve been working with WordPress for over 10 years and I have no memory of seeing this sort of discussion come up in any articles, developer communities, or support forums. Maybe I just missed it all and I’ve been negligent this whole time, but it feels fishy to me.
Do we really need to be doing manual security patches???
I can see this maybe applying with free plugins that aren’t getting updated regularly but what about for premium ones from reputable sites that offer extended support and all that? And if so, I’ve seen some premium security plugins floating around, are there any of those that are worth their salt or is it a money dump?
Nothing like a question like this to make you question your whole career.
]]>I tried to contact you through: twitter, linkedin, cramer.co.za, …
I have been through the whole “disable all plugins, re-enable one by one” business, and this is definitely the culprit.
I have a possibly unusual case, however: I am using the BP Groups Hierarchy with patches by @r-a-y located here. I used that one (instead of the one here on WP.org) because it was recommended that I apply all the patches for the BP Group Hierarchy plugin….and a helpful soul over at the CBOX support forum informed me that @r-a-y had combined them all into one fork.
I will report this issue on github as well, and hopefully there will be some movement to fix it, or consolidate all the patches into a single fix that works. This is obviously a much appreciated plugin, so it would be great to have it fully functional and supported.
Thanks!
]]>I have installed and tested near one hundred of plugins.
With a few ones : what they describe what they do , but with other important ones (as TOC+), I found bugs or limitations without any solution else than development.
I could not get answers from the authors, and the post list of their plugins post box show that they seem not to follow their product anymore or with not the requested attention.
For several ones I either debug or enhanced the plugin, and for one a lot (spent two weeks of work).
What are the rules of WordPress team in such case ?
I found one user who had the same problems as me (there are probably many others who have worked around), how to communicate the update or patches descriptions ? (most of time there are not simple patches, there is a lot of changes and added pieces of code).
Sometimes, it could be possible to create a new plugin, but it is not a priority for me because it cost a lot of time to package and maintain it. I was first a user which had developed a project of publication with WordPress and designed to use WordPress without any development, but able to develop nevertheless.
Thanks for the solution or reference of a document (which I have not found) about this subject.
Must I just respect GPL2 license (it seems that most of author uses this license) ?
Best regards
Trebly
]]>“Your /wp-admin/user-new.php file could NOT be patched. Unverifiable.”
I have a number of other plugins running, but have not tried to find any incompatibilities.
https://www.ads-software.com/plugins/s2member/
]]>https://mods.mybb.com/view/patches
]]>