Issues (850)

Security Analysis    4 potential vulnerabilities

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Code Injection (1)
Code Injection enables an attacker to execute arbitrary code on the server.
  Variable Injection (2)
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Cross-Site Scripting (1)
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  Header Injection
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class-getpaid-meta-box-discount-details.php (1 issue)

Labels
Severity
1
<?php
2
3
/**
4
 * Discount Details
5
 *
6
 * Display the item data meta box.
7
 *
8
 */
9
10
if ( ! defined( 'ABSPATH' ) ) {
11
	exit; // Exit if accessed directly
12
}
13
14
/**
15
 * GetPaid_Meta_Box_Discount_Details Class.
16
 */
17
class GetPaid_Meta_Box_Discount_Details {
18
19
    /**
20
	 * Output the metabox.
21
	 *
22
	 * @param WP_Post $post
23
	 */
24
    public static function output( $post ) {
25
26
        // Prepare the discount.
27
        $discount = new WPInv_Discount( $post );
28
29
        // Nonce field.
30
        wp_nonce_field( 'getpaid_meta_nonce', 'getpaid_meta_nonce' );
31
32
        do_action( 'wpinv_discount_form_top', $discount );
33
34
        // Set the currency position.
35
        $position = wpinv_currency_position();
36
37
        if ( $position == 'left_space' ) {
38
            $position = 'left';
39
        }
40
41
        if ( $position == 'right_space' ) {
42
            $position = 'right';
43
        }
44
45
        ?>
46
47
        <style>
48
            #poststuff .input-group-text,
49
            #poststuff .form-control {
50
                border-color: #7e8993;
51
            }
52
        </style>
53
        <div class='bsui' style='max-width: 600px;padding-top: 10px;'>
54
55
            <?php do_action( 'wpinv_discount_form_first', $discount ); ?>
56
57
            <?php do_action( 'wpinv_discount_form_before_code', $discount ); ?>
58
59
            <div class="form-group mb-3 row">
60
                <label for="wpinv_discount_code" class="col-sm-3 col-form-label">
61
                    <?php esc_html_e( 'Discount Code', 'invoicing' ); ?>
62
                </label>
63
                <div class="col-sm-8">
64
                    <div class="row">
65
                        <div class="col-sm-12 form-group mb-3">
66
                            <input type="text" value="<?php echo esc_attr( $discount->get_code( 'edit' ) ); ?>" placeholder="SUMMER_SALE" name="wpinv_discount_code" id="wpinv_discount_code" style="width: 100%;" />
67
                        </div>
68
                        <div class="col-sm-12">
69
                            <?php
70
                                do_action( 'wpinv_discount_form_before_single_use', $discount );
71
72
                                aui()->input(
73
                                    array(
74
                                        'id'      => 'wpinv_discount_single_use',
75
                                        'name'    => 'wpinv_discount_single_use',
76
                                        'type'    => 'checkbox',
77
                                        'label'   => __( 'Each customer can only use this discount once', 'invoicing' ),
78
                                        'value'   => '1',
79
                                        'checked' => $discount->is_single_use(),
80
                                    ),
81
                                    true
82
                                );
83
84
                                do_action( 'wpinv_discount_form_single_use', $discount );
85
                            ?>
86
                        </div>
87
                        <div class="col-sm-12">
88
                            <?php
89
                                do_action( 'wpinv_discount_form_before_recurring', $discount );
90
91
                                aui()->input(
92
                                    array(
93
                                        'id'      => 'wpinv_discount_recurring',
94
                                        'name'    => 'wpinv_discount_recurring',
95
                                        'type'    => 'checkbox',
96
                                        'label'   => __( 'Apply this discount to all recurring payments for subscriptions', 'invoicing' ),
97
                                        'value'   => '1',
98
                                        'checked' => $discount->is_recurring(),
99
                                    ),
100
                                    true
101
                                );
102
103
                                do_action( 'wpinv_discount_form_recurring', $discount );
104
                            ?>
105
                        </div>
106
                    </div>
107
                </div>
108
                <div class="col-sm-1 pt-2 pl-0">
109
                    <span class="wpi-help-tip dashicons dashicons-editor-help" title="<?php esc_attr_e( 'Enter a discount code such as 10OFF.', 'invoicing' ); ?>"></span>
110
                </div>
111
            </div>
112
            <?php do_action( 'wpinv_discount_form_code', $discount ); ?>
113
114
            <?php do_action( 'wpinv_discount_form_before_type', $discount ); ?>
115
            <div class="form-group mb-3 row">
116
                <label for="wpinv_discount_type" class="col-sm-3 col-form-label">
117
                    <?php esc_html_e( 'Discount Type', 'invoicing' ); ?>
118
                </label>
119
                <div class="col-sm-8">
120
                    <?php
121
                        aui()->select(
122
                            array(
123
                                'id'               => 'wpinv_discount_type',
124
                                'name'             => 'wpinv_discount_type',
125
                                'label'            => __( 'Discount Type', 'invoicing' ),
126
                                'placeholder'      => __( 'Select Discount Type', 'invoicing' ),
127
                                'value'            => $discount->get_type( 'edit' ),
128
                                'select2'          => true,
129
                                'data-allow-clear' => 'false',
130
                                'options'          => wpinv_get_discount_types(),
131
                            ),
132
                            true
133
                        );
134
                    ?>
135
                </div>
136
                <div class="col-sm-1 pt-2 pl-0">
137
                    <span class="wpi-help-tip dashicons dashicons-editor-help" title="<?php esc_attr_e( 'Discount type.', 'invoicing' ); ?>"></span>
138
                </div>
139
            </div>
140
            <?php do_action( 'wpinv_discount_form_type', $discount ); ?>
141
142
            <?php do_action( 'wpinv_discount_form_before_amount', $discount ); ?>
143
            <div class="form-group mb-3 row <?php echo esc_attr( $discount->get_type( 'edit' ) ); ?>" id="wpinv_discount_amount_wrap">
144
                <label for="wpinv_discount_amount" class="col-sm-3 col-form-label">
145
                    <?php esc_html_e( 'Discount Amount', 'invoicing' ); ?>
146
                </label>
147
                <div class="col-sm-8">
148
                    <div class="input-group input-group-sm">
149
150
                        <?php if ( 'left' == $position ) : ?>
151
                            <?php if ( empty( $GLOBALS['aui_bs5'] ) ) : ?>
152
                                <div class="input-group-prepend left wpinv-if-flat">
153
                                    <span class="input-group-text">
154
                                        <?php echo wp_kses_post( wpinv_currency_symbol() ); ?>
0 ignored issues
show
It seems like wpinv_currency_symbol() can also be of type array; however, parameter $data of wp_kses_post() does only seem to accept string, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

154
                                        <?php echo wp_kses_post( /** @scrutinizer ignore-type */ wpinv_currency_symbol() ); ?>
Loading history...
155
                                    </span>
156
                                </div>
157
                            <?php else : ?>
158
                                <span class="input-group-text left wpinv-if-flat">
159
                                    <?php echo wp_kses_post( wpinv_currency_symbol() ); ?>
160
                                </span>
161
                            <?php endif; ?>
162
                        <?php endif; ?>
163
164
                        <input type="text" name="wpinv_discount_amount" id="wpinv_discount_amount" value="<?php echo esc_attr( $discount->get_amount( 'edit' ) ); ?>" placeholder="0" class="form-control">
165
166
                        <?php if ( 'right' == $position ) : ?>
167
                            <?php if ( empty( $GLOBALS['aui_bs5'] ) ) : ?>
168
                                <div class="input-group-append right wpinv-if-flat">
169
                                    <span class="input-group-text">
170
                                        <?php echo wp_kses_post( wpinv_currency_symbol() ); ?>
171
                                    </span>
172
                                </div>
173
                            <?php else : ?>
174
                                <span class="input-group-text left wpinv-if-flat">
175
                                    <?php echo wp_kses_post( wpinv_currency_symbol() ); ?>
176
                                </span>
177
                            <?php endif; ?>
178
                        <?php endif; ?>
179
                        <?php if ( empty( $GLOBALS['aui_bs5'] ) ) : ?>
180
                            <div class="input-group-append right wpinv-if-percent">
181
                                <span class="input-group-text">%</span>
182
                            </div>
183
                        <?php else : ?>
184
                            <span class="input-group-text right wpinv-if-percent">%</span>
185
                        <?php endif; ?>
186
                    </div>
187
                </div>
188
                <div class="col-sm-1 pt-2 pl-0">
189
                    <span class="wpi-help-tip dashicons dashicons-editor-help" title="<?php esc_attr_e( 'Enter the discount value. Ex: 10', 'invoicing' ); ?>"></span>
190
                </div>
191
            </div>
192
            <?php do_action( 'wpinv_discount_form_amount', $discount ); ?>
193
194
            <?php do_action( 'wpinv_discount_form_before_items', $discount ); ?>
195
            <div class="form-group mb-3 row">
196
                <label for="wpinv_discount_items" class="col-sm-3 col-form-label">
197
                    <?php esc_html_e( 'Items', 'invoicing' ); ?>
198
                </label>
199
                <div class="col-sm-8">
200
                    <?php
201
                        aui()->select(
202
                            array(
203
                                'id'               => 'wpinv_discount_items',
204
                                'name'             => 'wpinv_discount_items[]',
205
                                'label'            => __( 'Items', 'invoicing' ),
206
                                'placeholder'      => __( 'Select Items', 'invoicing' ),
207
                                'value'            => $discount->get_items( 'edit' ),
208
                                'select2'          => true,
209
                                'multiple'         => true,
210
                                'data-allow-clear' => 'false',
211
                                'options'          => wpinv_get_published_items_for_dropdown(),
212
                            ),
213
                            true
214
                        );
215
                    ?>
216
                </div>
217
                <div class="col-sm-1 pt-2 pl-0">
218
                    <span class="wpi-help-tip dashicons dashicons-editor-help" title="<?php esc_attr_e( 'Select the items that are allowed to use this discount or leave blank to use this discount all items.', 'invoicing' ); ?>"></span>
219
                </div>
220
            </div>
221
            <?php do_action( 'wpinv_discount_form_items', $discount ); ?>
222
223
            <?php do_action( 'wpinv_discount_form_before_excluded_items', $discount ); ?>
224
            <div class="form-group mb-3 row">
225
                <label for="wpinv_discount_excluded_items" class="col-sm-3 col-form-label">
226
                    <?php esc_html_e( 'Excluded Items', 'invoicing' ); ?>
227
                </label>
228
                <div class="col-sm-8">
229
                    <?php
230
                        aui()->select(
231
                            array(
232
                                'id'               => 'wpinv_discount_excluded_items',
233
                                'name'             => 'wpinv_discount_excluded_items[]',
234
                                'label'            => __( 'Excluded Items', 'invoicing' ),
235
                                'placeholder'      => __( 'Select Items', 'invoicing' ),
236
                                'value'            => $discount->get_excluded_items( 'edit' ),
237
                                'select2'          => true,
238
                                'multiple'         => true,
239
                                'data-allow-clear' => 'false',
240
                                'options'          => wpinv_get_published_items_for_dropdown(),
241
                            ),
242
                            true
243
                        );
244
                    ?>
245
                </div>
246
                <div class="col-sm-1 pt-2 pl-0">
247
                    <span class="wpi-help-tip dashicons dashicons-editor-help" title="<?php esc_attr_e( 'Select all the items that are not allowed to use this discount.', 'invoicing' ); ?>"></span>
248
                </div>
249
            </div>
250
            <?php do_action( 'wpinv_discount_form_excluded_items', $discount ); ?>
251
252
            <?php do_action( 'wpinv_discount_form_before_required_items', $discount ); ?>
253
            <div class="form-group mb-3 row">
254
                <label for="wpinv_discount_required_items" class="col-sm-3 col-form-label">
255
                    <?php esc_html_e( 'Required Items', 'invoicing' ); ?>
256
                </label>
257
                <div class="col-sm-8">
258
                    <?php
259
                        aui()->select(
260
                            array(
261
                                'id'               => 'wpinv_discount_required_items',
262
                                'name'             => 'wpinv_discount_required_items[]',
263
                                'label'            => __( 'Required Items', 'invoicing' ),
264
                                'placeholder'      => __( 'Select Items', 'invoicing' ),
265
                                'value'            => $discount->get_required_items( 'edit' ),
266
                                'select2'          => true,
267
                                'multiple'         => true,
268
                                'data-allow-clear' => 'false',
269
                                'options'          => wpinv_get_published_items_for_dropdown(),
270
                            ),
271
                            true
272
                        );
273
                    ?>
274
                </div>
275
                <div class="col-sm-1 pt-2 pl-0">
276
                    <span class="wpi-help-tip dashicons dashicons-editor-help" title="<?php esc_attr_e( 'Select all the items that are required to be in the cart before using this discount.', 'invoicing' ); ?>"></span>
277
                </div>
278
            </div>
279
            <?php do_action( 'wpinv_discount_form_required_items', $discount ); ?>
280
281
            <?php do_action( 'wpinv_discount_form_before_start', $discount ); ?>
282
            <div class="form-group mb-3 row">
283
                <label for="wpinv_discount_start" class="col-sm-3 col-form-label">
284
                    <?php esc_html_e( 'Start Date', 'invoicing' ); ?>
285
                </label>
286
                <div class="col-sm-8">
287
                    <?php
288
                        aui()->input(
289
                            array(
290
                                'type'             => 'datepicker',
291
                                'id'               => 'wpinv_discount_start',
292
                                'name'             => 'wpinv_discount_start',
293
                                'label'            => __( 'Start Date', 'invoicing' ),
294
                                'placeholder'      => 'YYYY-MM-DD 00:00',
295
                                'class'            => 'form-control-sm',
296
                                'value'            => $discount->get_start_date( 'edit' ),
297
                                'extra_attributes' => array(
298
                                    'data-enable-time' => 'true',
299
                                    'data-time_24hr'   => 'true',
300
                                    'data-allow-input' => 'true',
301
                                ),
302
                            ),
303
                            true
304
                        );
305
                    ?>
306
                </div>
307
                <div class="col-sm-1 pt-2 pl-0">
308
                    <span class="wpi-help-tip dashicons dashicons-editor-help" title="<?php esc_attr_e( 'For no start date, leave blank. If entered, the discount can only be used after or on this date.', 'invoicing' ); ?>"></span>
309
                </div>
310
            </div>
311
            <?php do_action( 'wpinv_discount_form_start', $discount ); ?>
312
313
            <?php do_action( 'wpinv_discount_form_before_expiration', $discount ); ?>
314
            <div class="form-group mb-3 row">
315
                <label for="wpinv_discount_expiration" class="col-sm-3 col-form-label">
316
                    <?php esc_html_e( 'Expiration Date', 'invoicing' ); ?>
317
                </label>
318
                <div class="col-sm-8">
319
                    <?php
320
                        aui()->input(
321
                            array(
322
                                'type'             => 'datepicker',
323
                                'id'               => 'wpinv_discount_expiration',
324
                                'name'             => 'wpinv_discount_expiration',
325
                                'label'            => __( 'Expiration Date', 'invoicing' ),
326
                                'placeholder'      => 'YYYY-MM-DD 00:00',
327
                                'class'            => 'form-control-sm',
328
                                'value'            => $discount->get_end_date( 'edit' ),
329
                                'extra_attributes' => array(
330
                                    'data-enable-time' => 'true',
331
                                    'data-time_24hr'   => 'true',
332
                                    'data-min-date'    => 'today',
333
                                    'data-allow-input' => 'true',
334
                                    'data-input'       => 'true',
335
                                ),
336
                            ),
337
                            true
338
                        );
339
                    ?>
340
                </div>
341
                <div class="col-sm-1 pt-2 pl-0">
342
                    <span class="wpi-help-tip dashicons dashicons-editor-help" title="<?php esc_attr_e( 'Optionally set the date after which the discount will expire.', 'invoicing' ); ?>"></span>
343
                </div>
344
            </div>
345
            <?php do_action( 'wpinv_discount_form_expiration', $discount ); ?>
346
347
            <?php do_action( 'wpinv_discount_form_before_min_total', $discount ); ?>
348
            <div class="form-group mb-3 row">
349
                <label for="wpinv_discount_min_total" class="col-sm-3 col-form-label">
350
                    <?php esc_html_e( 'Minimum Amount', 'invoicing' ); ?>
351
                </label>
352
                <div class="col-sm-8">
353
                    <div class="input-group input-group-sm">
354
355
                        <?php if ( 'left' == $position ) : ?>
356
                            <?php if ( empty( $GLOBALS['aui_bs5'] ) ) : ?>
357
                                <div class="input-group-prepend">
358
                                    <span class="input-group-text"><?php echo wp_kses_post( wpinv_currency_symbol() ); ?></span>
359
                                </div>
360
                            <?php else : ?>
361
                                <span class="input-group-text">
362
                                    <?php echo wp_kses_post( wpinv_currency_symbol() ); ?>
363
                                </span>
364
                            <?php endif; ?>
365
                        <?php endif; ?>
366
367
                        <input type="text" name="wpinv_discount_min_total" id="wpinv_discount_min_total" value="<?php echo esc_attr( $discount->get_minimum_total( 'edit' ) ); ?>" placeholder="<?php esc_attr_e( 'No minimum', 'invoicing' ); ?>" class="form-control">
368
369
                        <?php if ( 'left' != $position ) : ?>
370
                            <?php if ( empty( $GLOBALS['aui_bs5'] ) ) : ?>
371
                                <div class="input-group-append">
372
                                    <span class="input-group-text"><?php echo wp_kses_post( wpinv_currency_symbol() ); ?></span>
373
                                </div>
374
                            <?php else : ?>
375
                                <span class="input-group-text">
376
                                    <?php echo wp_kses_post( wpinv_currency_symbol() ); ?>
377
                                </span>
378
                            <?php endif; ?>
379
                        <?php endif; ?>
380
                    </div>
381
                </div>
382
                <div class="col-sm-1 pt-2 pl-0">
383
                    <span class="wpi-help-tip dashicons dashicons-editor-help" title="<?php esc_attr_e( 'Optionally set the minimum amount (including taxes) required to use this discount.', 'invoicing' ); ?>"></span>
384
                </div>
385
            </div>
386
            <?php do_action( 'wpinv_discount_form_min_total', $discount ); ?>
387
388
            <?php do_action( 'wpinv_discount_form_before_max_total', $discount ); ?>
389
            <div class="form-group mb-3 row">
390
                <label for="wpinv_discount_max_total" class="col-sm-3 col-form-label">
391
                    <?php esc_html_e( 'Maximum Amount', 'invoicing' ); ?>
392
                </label>
393
                <div class="col-sm-8">
394
                    <div class="input-group input-group-sm">
395
                        <?php if ( 'left' == $position ) : ?>
396
                            <?php if ( empty( $GLOBALS['aui_bs5'] ) ) : ?>
397
                                <div class="input-group-prepend">
398
                                    <span class="input-group-text"><?php echo wp_kses_post( wpinv_currency_symbol() ); ?></span>
399
                                </div>
400
                            <?php else : ?>
401
                                <span class="input-group-text">
402
                                    <?php echo wp_kses_post( wpinv_currency_symbol() ); ?>
403
                                </span>
404
                            <?php endif; ?>
405
                        <?php endif; ?>
406
407
                        <input type="text" name="wpinv_discount_max_total" id="wpinv_discount_max_total" value="<?php echo esc_attr( $discount->get_maximum_total( 'edit' ) ); ?>" placeholder="<?php esc_attr_e( 'No maximum', 'invoicing' ); ?>" class="form-control">
408
409
                        <?php if ( 'left' != $position ) : ?>
410
                            <?php if ( empty( $GLOBALS['aui_bs5'] ) ) : ?>
411
                                <div class="input-group-append">
412
                                    <span class="input-group-text"><?php echo wp_kses_post( wpinv_currency_symbol() ); ?></span>
413
                                </div>
414
                            <?php else : ?>
415
                                <span class="input-group-text">
416
                                    <?php echo wp_kses_post( wpinv_currency_symbol() ); ?>
417
                                </span>
418
                            <?php endif; ?>
419
                        <?php endif; ?>
420
                    </div>
421
                </div>
422
                <div class="col-sm-1 pt-2 pl-0">
423
                    <span class="wpi-help-tip dashicons dashicons-editor-help" title="<?php esc_attr_e( 'Optionally set the maximum amount (including taxes) allowed when using this discount.', 'invoicing' ); ?>"></span>
424
                </div>
425
            </div>
426
            <?php do_action( 'wpinv_discount_form_before_max_total', $discount ); ?>
427
428
            <?php do_action( 'wpinv_discount_form_before_max_uses', $discount ); ?>
429
            <div class="form-group mb-3 row">
430
                <label for="wpinv_discount_max_uses" class="col-sm-3 col-form-label">
431
                    <?php esc_html_e( 'Maximum Uses', 'invoicing' ); ?>
432
                </label>
433
                <div class="col-sm-8">
434
                    <input type="text" value="<?php echo esc_attr( $discount->get_max_uses( 'edit' ) ); ?>" placeholder="<?php esc_attr_e( 'Unlimited', 'invoicing' ); ?>" name="wpinv_discount_max_uses" id="wpinv_discount_max_uses" style="width: 100%;" />
435
                </div>
436
                <div class="col-sm-1 pt-2 pl-0">
437
                    <span class="wpi-help-tip dashicons dashicons-editor-help" title="<?php esc_attr_e( 'Optionally set the maximum number of times that this discount code can be used.', 'invoicing' ); ?>"></span>
438
                </div>
439
            </div>
440
            <?php do_action( 'wpinv_discount_form_max_uses', $discount ); ?>
441
442
            <?php do_action( 'wpinv_discount_form_last', $discount ); ?>
443
444
        </div>
445
        <?php
446
        do_action( 'wpinv_discount_form_bottom', $post );
447
    }
448
449
    /**
450
	 * Save meta box data.
451
	 *
452
	 * @param int $post_id
453
	 */
454
	public static function save( $post_id ) {
455
456
        // Prepare the discount.
457
        $discount = new WPInv_Discount( $post_id );
458
459
        // Load new data.
460
        $discount->set_props(
461
			array(
462
				'code'           => isset( $_POST['wpinv_discount_code'] ) ? wpinv_clean( $_POST['wpinv_discount_code'] ) : null,
463
				'amount'         => isset( $_POST['wpinv_discount_amount'] ) ? floatval( $_POST['wpinv_discount_amount'] ) : null,
464
				'start'          => isset( $_POST['wpinv_discount_start'] ) ? wpinv_clean( $_POST['wpinv_discount_start'] ) : null,
465
				'expiration'     => isset( $_POST['wpinv_discount_expiration'] ) ? wpinv_clean( $_POST['wpinv_discount_expiration'] ) : null,
466
				'is_single_use'  => ! empty( $_POST['wpinv_discount_single_use'] ),
467
                'type'           => isset( $_POST['wpinv_discount_type'] ) ? wpinv_clean( $_POST['wpinv_discount_type'] ) : null,
468
				'is_recurring'   => ! empty( $_POST['wpinv_discount_recurring'] ),
469
				'items'          => isset( $_POST['wpinv_discount_items'] ) ? wpinv_clean( $_POST['wpinv_discount_items'] ) : array(),
470
				'excluded_items' => isset( $_POST['wpinv_discount_excluded_items'] ) ? wpinv_clean( $_POST['wpinv_discount_excluded_items'] ) : array(),
471
                'required_items' => isset( $_POST['wpinv_discount_required_items'] ) ? wpinv_clean( $_POST['wpinv_discount_required_items'] ) : array(),
472
				'max_uses'       => isset( $_POST['wpinv_discount_max_uses'] ) ? intval( $_POST['wpinv_discount_max_uses'] ) : null,
473
				'min_total'      => isset( $_POST['wpinv_discount_min_total'] ) ? floatval( $_POST['wpinv_discount_min_total'] ) : null,
474
				'max_total'      => isset( $_POST['wpinv_discount_max_total'] ) ? floatval( $_POST['wpinv_discount_max_total'] ) : null,
475
			)
476
        );
477
478
		$discount->save();
479
		do_action( 'getpaid_discount_metabox_save', $post_id, $discount );
480
	}
481
}
482