Orders publicly visible

This support ticket is created Il y a 3 années et 4 mois. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Aucun de nos assistants n'est disponible aujourd'hui sur le forum Jeu d'outils. Veuillez créer un ticket, et nous nous le traiterons dès notre prochaine connexion. Merci de votre compréhension.

Ce sujet contient 2 réponses, a 2 voix.

Dernière mise à jour par martijnH Il y a 3 années et 4 mois.

Auteur

Publications

juillet 29, 2021 at 7:47 am #2128563

martijnH

lien caché

All orders are visible.
When I deactivate the "Toolset WooCommerce Blocks" the orders are invisible again.
V3.1.1
The problem is `wcviews_make_shop_order_views_queryable`

How do I solve this?

Jan-Willem

juillet 29, 2021 at 10:48 am #2128755

Nigel

Supporter

Les langues: Anglais (English ) Espagnol (Español )

Fuseau horaire: Europe/London (GMT+00:00)

The Toolset WooCommerce Blocks plugin makes the WC Order post type queryable so that it is possible to create Views to display lists of orders etc.

If you don't want that, it is possible to use the same WC filter that our plugin uses to override the default settings with a later priority to return them to their defaults.

Because the code needs to fire before the WC plugin sets up the Order post type you'll need to add the code as a plugin which runs before WooCommerce.

The easiest way to do that is to add a mu-plugins sub-directory in your wp-content folder, then add the following code inside a file within that directory (e.g. call the file order-settings.php):

<?php
/*
 Plugin Name: Order Settings
 Description: Reset WC Order Settings
 Version: 1.0
 */

add_filter( 'woocommerce_register_post_type_shop_order', 'ts_reset_order_settings', 11, 1 );
function ts_reset_order_settings( $post_type_param = array() ) {

    //Make it public
    if ( isset( $post_type_param['public'] ) ) {
        $post_type_param['public']	= false;
    }
    //Make it publicly queryable
    if ( isset( $post_type_param['publicly_queryable'] ) ) {
        $post_type_param['publicly_queryable'] = false;
    }
    //Enable query vars
    if ( isset( $post_type_param['query_var'] ) ) {
        $post_type_param['query_var'] = false;
    }
    //Enable archives
    if ( isset( $post_type_param['has_archive'] ) ) {
        $post_type_param['has_archive'] = false;
    }
    //Enable rewrite
    if ( isset( $post_type_param['rewrite'] ) ) {
        $post_type_param['rewrite'] = null;
    }

	return $post_type_param;

}

That will return the settings to the WC defaults.

juillet 29, 2021 at 10:55 am #2128759

martijnH

That works, I don't know the site fully so I don't know if/where the woo-views plugin used for.

Shouldn't this be an option?
This is technically a security leak.