From 38a514041c017135e0c0bf75c641bdd71763ae2c Mon Sep 17 00:00:00 2001
From: Nurul Umbhiya <zikubd@gmail.com>
Date: Mon, 1 Feb 2021 09:11:38 +0600
Subject: [PATCH 1/4] fix: fixes conflict with user frontend menu position

---
 includes/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/functions.php b/includes/functions.php
index f90ec1f67e..1a4c623d74 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -7,7 +7,7 @@
  * @return void
  */
 function dokan_admin_menu_position() {
-    return apply_filters( 'dokan_menu_position', 55.4 );
+    return apply_filters( 'dokan_menu_position', '55.4' );
 }
 
 /**

From 067ca44245fbf60aa451813e930b1402f6bfc0f3 Mon Sep 17 00:00:00 2001
From: Nurul Umbhiya <nurul-umbhiya@users.noreply.github.com>
Date: Fri, 12 Feb 2021 16:57:27 +0600
Subject: [PATCH 2/4] fix: fixes nonce checking for some functions (#1089)

* fix: fixes nonce checking for some functions

* fix: fixes dev reviews
---
 includes/Abstracts/DokanPromotion.php     |  2 +-
 includes/Admin/LimitedTimePromotion.php   |  2 +-
 includes/Admin/Settings.php               |  4 +-
 includes/Admin/UserProfile.php            | 21 ++++-----
 includes/Ajax.php                         | 18 +++-----
 includes/Dashboard/Templates/Orders.php   |  8 +---
 includes/Dashboard/Templates/Products.php | 54 +++++++++++------------
 includes/Dashboard/Templates/Settings.php | 28 +++++++-----
 includes/Dashboard/Templates/Withdraw.php |  6 +--
 includes/Product/Hooks.php                |  2 +-
 includes/Registration.php                 | 32 +++++++-------
 includes/Vendor/SetupWizard.php           | 28 ++++--------
 includes/Vendor/UserSwitch.php            |  2 +-
 includes/functions.php                    |  2 +-
 includes/wc-functions.php                 |  4 +-
 includes/wc-template.php                  |  2 +-
 16 files changed, 100 insertions(+), 115 deletions(-)

diff --git a/includes/Abstracts/DokanPromotion.php b/includes/Abstracts/DokanPromotion.php
index 68f717e207..4c2f2acb24 100644
--- a/includes/Abstracts/DokanPromotion.php
+++ b/includes/Abstracts/DokanPromotion.php
@@ -186,7 +186,7 @@ public function dismiss_upgrade_promo() {
             wp_send_json_error( __( 'You have no permission to do that', 'dokan-lite' ) );
         }
 
-        if ( ! wp_verify_nonce( $post_data['nonce'], 'dokan_admin' ) ) {
+        if ( ! isset( $post_data['nonce'] ) || ! wp_verify_nonce( sanitize_key( $post_data['nonce'] ), 'dokan_admin' ) ) {
             wp_send_json_error( __( 'Invalid nonce', 'dokan-lite' ) );
         }
 
diff --git a/includes/Admin/LimitedTimePromotion.php b/includes/Admin/LimitedTimePromotion.php
index 1e222658b8..9498f05718 100644
--- a/includes/Admin/LimitedTimePromotion.php
+++ b/includes/Admin/LimitedTimePromotion.php
@@ -200,7 +200,7 @@ public function dismiss_limited_time_promo() {
             wp_send_json_error( __( 'You have no permission to do that', 'dokan-lite' ) );
         }
 
-        if ( ! wp_verify_nonce( $post_data['nonce'], 'dokan_admin' ) ) {
+        if ( ! isset( $post_data['nonce'] ) || ! wp_verify_nonce( sanitize_key( $post_data['nonce'] ), 'dokan_admin' ) ) {
             wp_send_json_error( __( 'Invalid nonce', 'dokan-lite' ) );
         }
 
diff --git a/includes/Admin/Settings.php b/includes/Admin/Settings.php
index d8ed82d68a..e9cb5041f7 100644
--- a/includes/Admin/Settings.php
+++ b/includes/Admin/Settings.php
@@ -68,7 +68,7 @@ public function get_settings_value() {
 
         $_post_data = wp_unslash( $_POST );
 
-        if ( ! wp_verify_nonce( sanitize_text_field( $_post_data['nonce'] ), 'dokan_admin' ) ) {
+        if ( ! isset( $_post_data['nonce'] ) || ! wp_verify_nonce( sanitize_key( $_post_data['nonce'] ), 'dokan_admin' ) ) {
             wp_send_json_error( __( 'Invalid nonce', 'dokan-lite' ) );
         }
 
@@ -96,7 +96,7 @@ public function save_settings_value() {
 
             $_post_data = wp_unslash( $_POST );
 
-            if ( ! wp_verify_nonce( sanitize_text_field( $_post_data['nonce'] ), 'dokan_admin' ) ) {
+            if ( ! isset( $_post_data['nonce'] ) || ! wp_verify_nonce( sanitize_key( $_post_data['nonce'] ), 'dokan_admin' ) ) {
                 throw new DokanException( 'dokan_settings_invalid_nonce', __( 'Invalid nonce', 'dokan-lite' ), 403 );
             }
 
diff --git a/includes/Admin/UserProfile.php b/includes/Admin/UserProfile.php
index 7c3c2fe2ab..4da3fa0775 100755
--- a/includes/Admin/UserProfile.php
+++ b/includes/Admin/UserProfile.php
@@ -26,8 +26,8 @@ public function __construct() {
      *
      * @return void
      */
-    function enqueue_scripts( $page ) {
-        if ( in_array( $page, array( 'profile.php', 'user-edit.php' ) ) ) {
+    public function enqueue_scripts( $page ) {
+        if ( in_array( $page, array( 'profile.php', 'user-edit.php' ), true ) ) {
             wp_enqueue_media();
 
             $admin_admin_script = array(
@@ -52,7 +52,7 @@ function enqueue_scripts( $page ) {
      *
      * @return void|false
      */
-    function add_meta_fields( $user ) {
+    public function add_meta_fields( $user ) {
         if ( ! current_user_can( 'manage_woocommerce' ) ) {
             return;
         }
@@ -81,7 +81,7 @@ function add_meta_fields( $user ) {
 
         $banner_width    = dokan_get_option( 'store_banner_width', 'dokan_appearance', 625 );
         $banner_height   = dokan_get_option( 'store_banner_height', 'dokan_appearance', 300 );
-        $admin_commission = ( 'flat' == $admin_commission_type ) ? wc_format_localized_price( $admin_commission ) : wc_format_localized_decimal( $admin_commission );
+        $admin_commission = ( 'flat' === $admin_commission_type ) ? wc_format_localized_price( $admin_commission ) : wc_format_localized_decimal( $admin_commission );
 
         $country_state = array(
             'country' => array(
@@ -119,6 +119,7 @@ function add_meta_fields( $user ) {
                                 <p class="description">
                                     <?php
                                     echo sprintf(
+                                        /* translators: %1$s: banner width, %2$s: banner height in integers */
                                         esc_attr__( 'Upload a banner for your store. Banner size is (%1$sx%2$s) pixels.', 'dokan-lite' ),
                                         esc_attr( $banner_width ),
                                         esc_attr( $banner_height )
@@ -177,10 +178,10 @@ function add_meta_fields( $user ) {
                     <tr>
                         <th><label for="<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $field['label'] ); ?></label></th>
                         <td>
-                            <?php if ( ! empty( $field['type'] ) && 'select' == $field['type'] ) : ?>
+                            <?php if ( ! empty( $field['type'] ) && 'select' === (string) $field['type'] ) : ?>
                             <select name="dokan_store_address[<?php echo esc_attr( $key ); ?>]" id="<?php echo esc_attr( $key ); ?>" class="<?php echo ( ! empty( $field['class'] ) ? esc_attr( $field['class'] ) : '' ); ?>" style="width: 25em;">
                                     <?php
-									if ( 'country' == $key ) {
+									if ( 'country' === (string) $key ) {
 										$selected = esc_attr( $address_country );
 									} else {
 										$selected = esc_attr( $address_state );
@@ -192,7 +193,7 @@ function add_meta_fields( $user ) {
                                 </select>
                             <?php else : ?>
                                 <?php
-                                if ( 'country' == $key ) {
+                                if ( 'country' === (string) $key ) {
                                     $value = esc_attr( $address_country );
                                 } else {
                                     $value = esc_attr( $address_state );
@@ -531,14 +532,14 @@ function add_meta_fields( $user ) {
      *
      * @return void
      */
-    function save_meta_fields( $user_id ) {
+    public function save_meta_fields( $user_id ) {
         if ( ! current_user_can( 'manage_woocommerce' ) ) {
             return;
         }
 
         $post_data = wp_unslash( $_POST );
 
-        if ( isset( $post_data['dokan_update_user_profile_info_nonce'] ) && ! wp_verify_nonce( $post_data['dokan_update_user_profile_info_nonce'], 'dokan_update_user_profile_info' ) ) {
+        if ( ! isset( $post_data['dokan_update_user_profile_info_nonce'] ) || ! wp_verify_nonce( sanitize_key( $post_data['dokan_update_user_profile_info_nonce'] ), 'dokan_update_user_profile_info' ) ) {
             return;
         }
 
@@ -548,7 +549,7 @@ function save_meta_fields( $user_id ) {
 
         $selling         = sanitize_text_field( $post_data['dokan_enable_selling'] );
         $publishing      = sanitize_text_field( $post_data['dokan_publish'] );
-        $percentage      = isset( $post_data['dokan_admin_percentage'] ) && $post_data['dokan_admin_percentage'] != '' ? $post_data['dokan_admin_percentage'] : '';
+        $percentage      = isset( $post_data['dokan_admin_percentage'] ) && $post_data['dokan_admin_percentage'] !== '' ? $post_data['dokan_admin_percentage'] : '';
         $percentage_type = empty( $post_data['dokan_admin_percentage_type'] ) ? 'percentage' : sanitize_text_field( $post_data['dokan_admin_percentage_type'] );
         $feature_seller  = sanitize_text_field( $post_data['dokan_feature'] );
         $store_settings  = dokan_get_store_info( $user_id );
diff --git a/includes/Ajax.php b/includes/Ajax.php
index 56b0206402..94b0fa806b 100755
--- a/includes/Ajax.php
+++ b/includes/Ajax.php
@@ -101,11 +101,7 @@ public function create_product() {
      * @return void
      */
     public function shop_url_check() {
-        global $user_ID;
-
-        $nonce = isset( $_POST['_nonce'] ) ? sanitize_text_field( wp_unslash( $_POST['_nonce'] ) ) : '';
-
-        if ( ! wp_verify_nonce( $nonce, 'dokan_reviews' ) ) {
+        if ( ! isset( $_POST['_nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['_nonce'] ), 'dokan_reviews' ) ) {
             wp_send_json_error(
                 [
 					'type'    => 'nonce',
@@ -114,6 +110,8 @@ public function shop_url_check() {
             );
         }
 
+        global $user_ID;
+
         $url_slug = isset( $_POST['url_slug'] ) ? sanitize_text_field( wp_unslash( $_POST['url_slug'] ) ) : '';
         $check    = true;
         $user     = get_user_by( 'slug', $url_slug );
@@ -418,7 +416,7 @@ public function add_order_note() {
      * Add shipping tracking info via ajax
      */
     public function add_shipping_tracking_info() {
-        if ( isset( $_POST['dokan_security_nonce'] ) && ! wp_verify_nonce( sanitize_key( $_POST['dokan_security_nonce'] ), 'dokan_security_action' ) ) {
+        if ( ! isset( $_POST['dokan_security_nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['dokan_security_nonce'] ), 'dokan_security_action' ) ) {
             die( -1 );
         }
 
@@ -518,9 +516,7 @@ public function delete_order_note() {
      * @return void
      */
     public function seller_listing_search() {
-        $nonce = isset( $_REQUEST['_wpnonce'] ) ? sanitize_key( $_REQUEST['_wpnonce'] ) : '';
-
-        if ( ! $nonce || ! wp_verify_nonce( $nonce, 'dokan-seller-listing-search' ) ) {
+        if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'dokan-seller-listing-search' ) ) {
             wp_send_json_error( __( 'Error: Nonce verification failed', 'dokan-lite' ) );
         }
 
@@ -538,7 +534,7 @@ public function seller_listing_search() {
         $per_row         = isset( $_REQUEST['per_row'] ) ? absint( $_REQUEST['per_row'] ) : '3';
 
         if ( '' !== $search_term ) {
-            $seller_args['meta_query'] = [
+            $seller_args['meta_query'] = [ // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query
                 [
                     'key'     => 'dokan_store_name',
                     'value'   => $search_term,
@@ -947,7 +943,7 @@ public static function login_user() {
 
         foreach ( $headers as $header ) {
             if ( 0 === strpos( $header, 'Set-Cookie: ' . LOGGED_IN_COOKIE ) ) {
-                $value = str_replace( '&', urlencode( '&' ), substr( $header, 12 ) );
+                $value = str_replace( '&', rawurlencode( '&' ), substr( $header, 12 ) );
                 parse_str( current( explode( ';', $value, 1 ) ), $pair );
                 $_COOKIE[ LOGGED_IN_COOKIE ] = $pair[ LOGGED_IN_COOKIE ];
                 break;
diff --git a/includes/Dashboard/Templates/Orders.php b/includes/Dashboard/Templates/Orders.php
index c801d3c297..fa383e14bb 100644
--- a/includes/Dashboard/Templates/Orders.php
+++ b/includes/Dashboard/Templates/Orders.php
@@ -61,7 +61,7 @@ public function order_main_content() {
         $order_id = isset( $_GET['order_id'] ) ? intval( $_GET['order_id'] ) : 0;
 
         if ( $order_id ) {
-            $_nonce = isset( $_REQUEST['_wpnonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['_wpnonce'] ) ) : '';
+            $_nonce = isset( $_REQUEST['_wpnonce'] ) ? sanitize_key( $_REQUEST['_wpnonce'] ) : '';
 
             if ( wp_verify_nonce( $_nonce, 'dokan_view_order' ) && current_user_can( 'dokan_view_order' ) ) {
                 dokan_get_template_part( 'orders/details' );
@@ -95,11 +95,7 @@ function handle_order_export() {
 
         $post_data = wp_unslash( $_POST );
 
-        if ( ! isset( $post_data['dokan_vendor_order_export_nonce'] ) ) {
-            return;
-        }
-
-        if ( ! wp_verify_nonce( sanitize_text_field( $post_data['dokan_vendor_order_export_nonce'] ), 'dokan_vendor_order_export_action' ) ) {
+        if ( ! isset( $post_data['dokan_vendor_order_export_nonce'] ) || ! wp_verify_nonce( sanitize_key( $post_data['dokan_vendor_order_export_nonce'] ), 'dokan_vendor_order_export_action' ) ) {
             return;
         }
 
diff --git a/includes/Dashboard/Templates/Products.php b/includes/Dashboard/Templates/Products.php
index df52bed56b..1bf381f123 100644
--- a/includes/Dashboard/Templates/Products.php
+++ b/includes/Dashboard/Templates/Products.php
@@ -220,16 +220,12 @@ public function handle_product_add() {
             return;
         }
 
-        if ( ! isset( $_POST['dokan_add_new_product_nonce'] ) ) {
+        if ( ! isset( $_POST['dokan_add_new_product_nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['dokan_add_new_product_nonce'] ), 'dokan_add_new_product' )  ) {
             return;
         }
 
         $postdata = wp_unslash( $_POST );
 
-        if ( ! wp_verify_nonce( sanitize_key( $postdata['dokan_add_new_product_nonce'] ), 'dokan_add_new_product' ) ) {
-            return;
-        }
-
         $errors             = array();
         self::$product_cat  = -1;
         self::$post_content = __( 'Details of your product ...', 'dokan-lite' );
@@ -379,12 +375,12 @@ public function handle_product_update() {
             return;
         }
 
-        $postdata = wp_unslash( $_POST );
-
-        if ( ! wp_verify_nonce( sanitize_key( $postdata['dokan_edit_product_nonce'] ), 'dokan_edit_product' ) ) {
+        if ( ! isset( $_POST['dokan_edit_product_nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['dokan_edit_product_nonce'] ), 'dokan_edit_product' ) ) {
             return;
         }
 
+        $postdata = wp_unslash( $_POST );
+
         $errors     = array();
         $post_title = sanitize_text_field( $postdata['post_title'] );
 
@@ -500,35 +496,35 @@ public function handle_delete_product() {
             return;
         }
 
-        if ( isset( $_GET['action'] ) && $_GET['action'] == 'dokan-delete-product' ) {
-            $product_id = isset( $_GET['product_id'] ) ? (int) $_GET['product_id'] : 0;
+        if ( ! isset( $_GET['action'] ) || $_GET['action'] !== 'dokan-delete-product' ) {
+            return;
+        }
 
-            $getdata = wp_unslash( $_GET );
+        if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $_GET['_wpnonce'] ), 'dokan-delete-product' ) ) {
+            wp_redirect( add_query_arg( array( 'message' => 'error' ), dokan_get_navigation_url( 'products' ) ) );
+            exit;
+        }
 
-            if ( ! $product_id ) {
-                wp_redirect( add_query_arg( array( 'message' => 'error' ), dokan_get_navigation_url( 'products' ) ) );
-                return;
-            }
+        $product_id = isset( $_GET['product_id'] ) ? (int) wp_unslash( $_GET['product_id'] ) : 0;
 
-            if ( ! wp_verify_nonce( $getdata['_wpnonce'], 'dokan-delete-product' ) ) {
-                wp_redirect( add_query_arg( array( 'message' => 'error' ), dokan_get_navigation_url( 'products' ) ) );
-                return;
-            }
+        if ( ! $product_id ) {
+            wp_redirect( add_query_arg( array( 'message' => 'error' ), dokan_get_navigation_url( 'products' ) ) );
+            exit;
+        }
 
-            if ( ! dokan_is_product_author( $product_id ) ) {
-                wp_redirect( add_query_arg( array( 'message' => 'error' ), dokan_get_navigation_url( 'products' ) ) );
-                return;
-            }
+        if ( ! dokan_is_product_author( $product_id ) ) {
+            wp_redirect( add_query_arg( array( 'message' => 'error' ), dokan_get_navigation_url( 'products' ) ) );
+            exit;
+        }
 
-            dokan()->product->delete( $product_id, true );
+        dokan()->product->delete( $product_id, true );
 
-            do_action( 'dokan_product_deleted', $product_id );
+        do_action( 'dokan_product_deleted', $product_id );
 
-            $redirect = apply_filters( 'dokan_add_new_product_redirect', dokan_get_navigation_url( 'products' ), '' );
+        $redirect = apply_filters( 'dokan_add_new_product_redirect', dokan_get_navigation_url( 'products' ), '' );
 
-            wp_redirect( add_query_arg( array( 'message' => 'product_deleted' ), $redirect ) );
-            exit;
-        }
+        wp_redirect( add_query_arg( array( 'message' => 'product_deleted' ), $redirect ) );
+        exit;
     }
 
 }
diff --git a/includes/Dashboard/Templates/Settings.php b/includes/Dashboard/Templates/Settings.php
index 3c6ac52b5a..25e021bd18 100755
--- a/includes/Dashboard/Templates/Settings.php
+++ b/includes/Dashboard/Templates/Settings.php
@@ -213,6 +213,10 @@ function ajax_settings() {
             wp_send_json_error( __( 'Are you cheating?', 'dokan-lite' ) );
         }
 
+        if ( ! isset( $_POST['_wpnonce'] ) ) {
+            wp_send_json_error( __( 'Are you cheating?', 'dokan-lite' ) );
+        }
+
         $post_data = wp_unslash( $_POST );
 
         $post_data['dokan_update_profile'] = '';
@@ -223,7 +227,7 @@ function ajax_settings() {
                     wp_send_json_error( __( 'Pemission denied social', 'dokan-lite' ) );
                 }
 
-                if ( ! wp_verify_nonce( $post_data['_wpnonce'], 'dokan_profile_settings_nonce' ) ) {
+                if ( ! wp_verify_nonce( sanitize_key( $post_data['_wpnonce'] ), 'dokan_profile_settings_nonce' ) ) {
                     wp_send_json_error( __( 'Are you cheating?', 'dokan-lite' ) );
                 }
 
@@ -235,7 +239,7 @@ function ajax_settings() {
                     wp_send_json_error( __( 'Pemission denied', 'dokan-lite' ) );
                 }
 
-                if ( ! wp_verify_nonce( $post_data['_wpnonce'], 'dokan_store_settings_nonce' ) ) {
+                if ( ! wp_verify_nonce( sanitize_key( $post_data['_wpnonce'] ), 'dokan_store_settings_nonce' ) ) {
                     wp_send_json_error( __( 'Are you cheating?', 'dokan-lite' ) );
                 }
 
@@ -247,7 +251,7 @@ function ajax_settings() {
                     wp_send_json_error( __( 'Pemission denied', 'dokan-lite' ) );
                 }
 
-                if ( ! wp_verify_nonce( $post_data['_wpnonce'], 'dokan_payment_settings_nonce' ) ) {
+                if ( ! wp_verify_nonce( sanitize_key( $post_data['_wpnonce'] ), 'dokan_payment_settings_nonce' ) ) {
                     wp_send_json_error( __( 'Are you cheating?', 'dokan-lite' ) );
                 }
 
@@ -284,7 +288,7 @@ function validate() {
             return false;
         }
 
-        if ( ! wp_verify_nonce( $post_data['_wpnonce'], 'dokan_settings_nonce' ) ) {
+        if ( ! isset( $post_data['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $post_data['_wpnonce'] ), 'dokan_settings_nonce' ) ) {
             wp_die( esc_attr__( 'Are you cheating?', 'dokan-lite' ) );
         }
 
@@ -350,7 +354,7 @@ function profile_validate() {
             return false;
         }
 
-        if ( ! wp_verify_nonce( $post_data['_wpnonce'], 'dokan_profile_settings_nonce' ) ) {
+        if ( ! isset( $post_data['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $post_data['_wpnonce'] ), 'dokan_profile_settings_nonce' ) ) {
             wp_die( esc_attr__( 'Are you cheating?', 'dokan-lite' ) );
         }
 
@@ -391,7 +395,7 @@ function store_validate() {
             return false;
         }
 
-        if ( ! wp_verify_nonce( $post_data['_wpnonce'], 'dokan_store_settings_nonce' ) ) {
+        if ( ! isset( $post_data['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $post_data['_wpnonce'] ), 'dokan_store_settings_nonce' ) ) {
             wp_die( esc_attr__( 'Are you cheating?', 'dokan-lite' ) );
         }
 
@@ -441,7 +445,7 @@ function payment_validate() {
             return false;
         }
 
-        if ( ! wp_verify_nonce( $post_data['_wpnonce'], 'dokan_payment_settings_nonce' ) ) {
+        if ( ! isset( $post_data['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $post_data['_wpnonce'] ), 'dokan_payment_settings_nonce' ) ) {
             wp_die( esc_attr__( 'Are you cheating?', 'dokan-lite' ) );
         }
 
@@ -474,7 +478,11 @@ function insert_settings_info() {
         $prev_dokan_settings     = ! empty( $existing_dokan_settings ) ? $existing_dokan_settings : array();
         $post_data               = wp_unslash( $_POST );
 
-        if ( wp_verify_nonce( $post_data['_wpnonce'], 'dokan_profile_settings_nonce' ) ) {
+        if ( ! isset( $post_data['_wpnonce'] ) ) {
+            return;
+        }
+
+        if ( wp_verify_nonce( sanitize_key( $post_data['_wpnonce'] ), 'dokan_profile_settings_nonce' ) ) {
 
             // update profile settings info
             $social         = $post_data['settings']['social'];
@@ -489,7 +497,7 @@ function insert_settings_info() {
                 }
             }
 
-        } elseif ( wp_verify_nonce( $post_data['_wpnonce'], 'dokan_store_settings_nonce' ) ) {
+        } elseif ( wp_verify_nonce( sanitize_key( $post_data['_wpnonce'] ), 'dokan_store_settings_nonce' ) ) {
 
             $default_locations = dokan_get_option( 'location', 'dokan_geolocation' );
             $find_address      = ! empty( $post_data['find_address'] ) ? sanitize_text_field( $post_data['find_address'] ) : $default_locations['address'];
@@ -554,7 +562,7 @@ function insert_settings_info() {
 
             update_user_meta( $store_id, 'dokan_store_name', $dokan_settings['store_name'] );
 
-        } elseif ( wp_verify_nonce( $post_data['_wpnonce'], 'dokan_payment_settings_nonce' ) ) {
+        } elseif ( wp_verify_nonce( sanitize_key( $post_data['_wpnonce'] ), 'dokan_payment_settings_nonce' ) ) {
 
             //update payment settings info
             $dokan_settings = array(
diff --git a/includes/Dashboard/Templates/Withdraw.php b/includes/Dashboard/Templates/Withdraw.php
index 14a56bd565..ee4fcabef1 100755
--- a/includes/Dashboard/Templates/Withdraw.php
+++ b/includes/Dashboard/Templates/Withdraw.php
@@ -102,7 +102,7 @@ public function handle_request() {
     protected function handle_cancel_request() {
         $get_data = wp_unslash( $_GET );
 
-        if ( ! wp_verify_nonce( $get_data['_wpnonce'], 'dokan_cancel_withdraw' ) ) {
+        if ( ! isset( $get_data['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $get_data['_wpnonce'] ), 'dokan_cancel_withdraw' ) ) {
             $this->add_error( esc_html__( 'Are you cheating?', 'dokan-lite' ) );
         }
 
@@ -110,7 +110,7 @@ protected function handle_cancel_request() {
             $this->add_error( esc_html__( 'You have no permission to do this action', 'dokan-lite' ) );
         }
 
-        if ( empty( $get_data['id'] ) ) {
+        if ( empty( wp_unslash( $get_data['id'] ) ) ) {
             $this->add_error( esc_html__( 'Missing withdraw id.', 'dokan-lite' ) );
         }
 
@@ -119,7 +119,7 @@ protected function handle_cancel_request() {
         }
 
         $user_id     = get_current_user_id();
-        $withdraw_id = absint( $get_data['id'] );
+        $withdraw_id = absint( wp_unslash( $get_data['id'] ) );
 
         if ( ! dokan_is_seller_enabled( $user_id ) ) {
             return $this->add_error( esc_html__( 'Your account is not enabled for selling, please contact the admin', 'dokan-lite' ) );
diff --git a/includes/Product/Hooks.php b/includes/Product/Hooks.php
index 34a5efc0a2..f806f64937 100644
--- a/includes/Product/Hooks.php
+++ b/includes/Product/Hooks.php
@@ -35,7 +35,7 @@ function bulk_product_status_change() {
 
         $post_data = wp_unslash( $_POST );
 
-        if ( ! isset( $post_data['security'] ) || ! wp_verify_nonce( $post_data['security'], 'bulk_product_status_change' ) ) {
+        if ( ! isset( $post_data['security'] ) || ! wp_verify_nonce( sanitize_key( $post_data['security'] ), 'bulk_product_status_change' ) ) {
             return;
         }
         if ( ! isset( $post_data['status'] ) || ! isset( $post_data['bulk_products'] ) ) {
diff --git a/includes/Registration.php b/includes/Registration.php
index 7f74fa6fa0..74e105cbeb 100644
--- a/includes/Registration.php
+++ b/includes/Registration.php
@@ -11,7 +11,7 @@
  */
 class Registration {
 
-    function __construct() {
+    public function __construct() {
         // validate registration
         add_filter( 'woocommerce_process_registration_errors', array( $this, 'validate_registration' ) );
         add_filter( 'woocommerce_registration_errors', array( $this, 'validate_registration' ) );
@@ -28,7 +28,7 @@ function __construct() {
      *
      * @return \WP_Error
      */
-    function validate_registration( $error ) {
+    public function validate_registration( $error ) {
         if ( is_checkout() ) {
             return $error;
         }
@@ -41,10 +41,10 @@ function validate_registration( $error ) {
         $nonce_check = apply_filters( 'dokan_register_nonce_check', true );
 
         if ( $nonce_check ) {
-            $nonce_value = isset( $post_data['_wpnonce'] ) ? $post_data['_wpnonce'] : '';
-            $nonce_value = isset( $post_data['woocommerce-register-nonce'] ) ? $post_data['woocommerce-register-nonce'] : $nonce_value;
+            $nonce_value = isset( $post_data['_wpnonce'] ) ? sanitize_key( $post_data['_wpnonce'] ) : '';
+            $nonce_value = isset( $post_data['woocommerce-register-nonce'] ) ? sanitize_key( $post_data['woocommerce-register-nonce'] ) : $nonce_value;
 
-            if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-register' ) ) {
+            if ( empty( $nonce_value ) || ! wp_verify_nonce( $nonce_value, 'woocommerce-register' ) ) {
                 return new WP_Error( 'nonce_verification_failed', __( 'Nonce verification failed', 'dokan-lite' ) );
             }
         }
@@ -52,7 +52,7 @@ function validate_registration( $error ) {
         $allowed_roles = apply_filters( 'dokan_register_user_role', array( 'customer', 'seller' ) );
 
         // is the role name allowed or user is trying to manipulate?
-        if ( isset( $post_data['role'] ) && ! in_array( $post_data['role'], $allowed_roles ) ) {
+        if ( isset( $post_data['role'] ) && ! in_array( $post_data['role'], $allowed_roles, true ) ) {
             return new WP_Error( 'role-error', __( 'Cheating, eh?', 'dokan-lite' ) );
         }
 
@@ -67,7 +67,7 @@ function validate_registration( $error ) {
             )
         );
 
-        if ( $role == 'seller' ) {
+        if ( $role === 'seller' ) {
             foreach ( $required_fields as $field => $msg ) {
                 if ( empty( trim( $post_data[ $field ] ) ) ) {
                     return new WP_Error( "$field-error", $msg );
@@ -84,20 +84,20 @@ function validate_registration( $error ) {
      * @param array $data
      * @return array
      */
-    function set_new_vendor_names( $data ) {
-        $post_data = wp_unslash( $_POST ); // WPCS: CSRF ok.
+    public function set_new_vendor_names( $data ) {
+        $post_data = wp_unslash( $_POST ); // phpcs:ignore WordPress.Security.NonceVerification
 
         $allowed_roles = apply_filters( 'dokan_register_user_role', array( 'customer', 'seller' ) );
-        $role          = ( isset( $post_data['role'] ) && in_array( $post_data['role'], $allowed_roles ) ) ? $post_data['role'] : 'customer';
+        $role          = ( isset( $post_data['role'] ) && in_array( $post_data['role'], $allowed_roles, true ) ) ? $post_data['role'] : 'customer';
 
         $data['role'] = $role;
 
-        if ( $role != 'seller' ) {
+        if ( $role !== 'seller' ) {
             return $data;
         }
 
-        $data['first_name']    = strip_tags( $post_data['fname'] );
-        $data['last_name']     = strip_tags( $post_data['lname'] );
+        $data['first_name']    = wp_strip_all_tags( $post_data['fname'] );
+        $data['last_name']     = wp_strip_all_tags( $post_data['lname'] );
         $data['user_nicename'] = sanitize_user( $post_data['shopurl'] );
 
         return $data;
@@ -111,10 +111,10 @@ function set_new_vendor_names( $data ) {
      *
      * @return void
      */
-    function save_vendor_info( $user_id, $data ) {
-        $post_data = wp_unslash( $_POST ); // WPCS: CSRF ok.
+    public function save_vendor_info( $user_id, $data ) {
+        $post_data = wp_unslash( $_POST ); // phpcs:ignore WordPress.Security.NonceVerification
 
-        if ( ! isset( $data['role'] ) || $data['role'] != 'seller' ) {
+        if ( ! isset( $data['role'] ) || $data['role'] !== 'seller' ) {
             return;
         }
 
diff --git a/includes/Vendor/SetupWizard.php b/includes/Vendor/SetupWizard.php
index 90d9644472..7710510003 100644
--- a/includes/Vendor/SetupWizard.php
+++ b/includes/Vendor/SetupWizard.php
@@ -330,13 +330,7 @@ public function dokan_setup_store() {
      * Save store options.
      */
     public function dokan_setup_store_save() {
-        if ( ! isset( $_POST['_wpnonce'] ) ) {
-            return;
-        }
-
-        $nonce = sanitize_text_field( wp_unslash( $_POST['_wpnonce'] ) );
-
-        if ( ! wp_verify_nonce( $nonce, 'dokan-seller-setup' ) ) {
+        if ( ! isset( $_POST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['_wpnonce'] ), 'dokan-seller-setup' ) ) {
             return;
         }
 
@@ -350,14 +344,14 @@ public function dokan_setup_store_save() {
         if ( $dokan_settings['address'] ) {
             $dokan_settings['profile_completion']['address']   = 10;
             $profile_settings                                  = get_user_meta( $this->store_id, 'dokan_profile_settings', true );
-            
+
             if ( ! empty( $profile_settings['profile_completion']['progress'] ) ) {
-                $dokan_settings['profile_completion']['progress'] = $profile_settings['profile_completion']['progress'] + 10; 
+                $dokan_settings['profile_completion']['progress'] = $profile_settings['profile_completion']['progress'] + 10;
             }
         }
 
         update_user_meta( $this->store_id, 'dokan_profile_settings', $dokan_settings );
-        
+
         do_action( 'dokan_seller_wizard_store_field_save', $this );
 
         wp_redirect( esc_url_raw( $this->get_next_step_link() ) );
@@ -407,22 +401,16 @@ public function dokan_setup_payment() {
      * Save payment options.
      */
     public function dokan_setup_payment_save() {
-        $posted_data = wp_unslash( $_POST );
-
-        if ( ! isset( $posted_data['_wpnonce'] ) ) {
+        if ( ! isset( $_POST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['_wpnonce'] ), 'dokan-seller-setup' ) ) {
             return;
         }
 
-        $nonce = sanitize_text_field( wp_unslash( $posted_data['_wpnonce'] ) );
-
-        if ( ! wp_verify_nonce( $nonce, 'dokan-seller-setup' ) ) {
-            return;
-        }
+        $posted_data = wp_unslash( $_POST );
 
         $dokan_settings = $this->store_info;
 
         if ( isset( $posted_data['settings']['bank'] ) ) {
-            $bank = array_map( 'sanitize_text_field', array_map( 'wp_unslash', $posted_data['settings']['bank'] ) );
+            $bank = $posted_data['settings']['bank'];
 
             $dokan_settings['payment']['bank'] = array(
                 'ac_name'        => sanitize_text_field( $bank['ac_name'] ),
@@ -455,7 +443,7 @@ public function dokan_setup_payment_save() {
         if ( isset( $posted_data['settings']['paypal'] ) || isset( $posted_data['settings']['skrill'] ) ) {
             $profile_settings = get_user_meta( $this->store_id, 'dokan_profile_settings', true );
             if ( ! empty( $profile_settings['profile_completion']['progress'] ) ) {
-                $dokan_settings['profile_completion']['progress'] = $profile_settings['profile_completion']['progress'] + 15; 
+                $dokan_settings['profile_completion']['progress'] = $profile_settings['profile_completion']['progress'] + 15;
             }
         }
 
diff --git a/includes/Vendor/UserSwitch.php b/includes/Vendor/UserSwitch.php
index aec8018f10..a14df79bab 100644
--- a/includes/Vendor/UserSwitch.php
+++ b/includes/Vendor/UserSwitch.php
@@ -118,7 +118,7 @@ public function activation_notice() {
      * @return void
      * */
     public function install_user_switching() {
-        if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'user-switching-installer-nonce' ) ) {
+        if ( ! isset( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'user-switching-installer-nonce' ) ) {
             wp_send_json_error( __( 'Error: Nonce verification failed', 'dokan-lite' ) );
         }
 
diff --git a/includes/functions.php b/includes/functions.php
index 1a4c623d74..132c65e1ef 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -2274,7 +2274,7 @@ function dokan_product_search_by_sku( $where ) {
 
     $getdata = wp_unslash( $_GET );
 
-    if ( ! isset( $getdata['product_search_name'] ) || empty( $getdata['product_search_name'] ) || ! isset( $getdata['dokan_product_search_nonce'] ) || ! wp_verify_nonce( wc_clean( $getdata['dokan_product_search_nonce'] ), 'dokan_product_search' ) ) {
+    if ( empty( $getdata['product_search_name'] ) || ! isset( $getdata['dokan_product_search_nonce'] ) || ! wp_verify_nonce( sanitize_key( $getdata['dokan_product_search_nonce'] ), 'dokan_product_search' ) ) {
         return $where;
     }
 
diff --git a/includes/wc-functions.php b/includes/wc-functions.php
index 575b24b216..429af929a8 100755
--- a/includes/wc-functions.php
+++ b/includes/wc-functions.php
@@ -842,7 +842,7 @@ function dokan_save_account_details() {
 
     $postdata = wp_unslash( $_POST );
 
-    if ( empty( $postdata['_wpnonce'] ) || ! wp_verify_nonce( $postdata['_wpnonce'], 'dokan_save_account_details' ) ) {
+    if ( empty( $postdata['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $postdata['_wpnonce'] ), 'dokan_save_account_details' ) ) {
         return;
     }
 
@@ -1092,7 +1092,7 @@ function dokan_bulk_order_status_change() {
 
     $postdata = wp_unslash( $_POST );
 
-    if ( ! isset( $postdata['security'] ) || ! wp_verify_nonce( $postdata['security'], 'bulk_order_status_change' ) ) {
+    if ( ! isset( $postdata['security'] ) || ! wp_verify_nonce( sanitize_key( $postdata['security'] ), 'bulk_order_status_change' ) ) {
         return;
     }
 
diff --git a/includes/wc-template.php b/includes/wc-template.php
index 2b6b3a5661..d67d254afc 100755
--- a/includes/wc-template.php
+++ b/includes/wc-template.php
@@ -246,7 +246,7 @@ function dokan_save_quick_edit_vendor_data( $product ) {
 
     $get_data = wp_unslash( $_REQUEST );
 
-    if ( ! isset( $get_data['woocommerce_quick_edit_nonce'] ) || ! wp_verify_nonce( $get_data['woocommerce_quick_edit_nonce'], 'woocommerce_quick_edit_nonce' ) ) {
+    if ( ! isset( $get_data['woocommerce_quick_edit_nonce'] ) || ! wp_verify_nonce( sanitize_key( $get_data['woocommerce_quick_edit_nonce'] ), 'woocommerce_quick_edit_nonce' ) ) {
         return;
     }
 

From 33dc3f67bb8f779b508881d7e128494a09b63c87 Mon Sep 17 00:00:00 2001
From: Alamgir Hossain <alamgircse.bd@gmail.com>
Date: Fri, 12 Feb 2021 16:58:56 +0600
Subject: [PATCH 3/4] Fix/some codes optimized (#1090)

* Some codes optimized on product listing page and add some descriptions on store per page field

* - Fixed some phpcs errors

* - Removed some extra codes
---
 includes/Admin/Settings.php             | 2 +-
 templates/products/products-listing.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/Admin/Settings.php b/includes/Admin/Settings.php
index e9cb5041f7..4f41d30381 100644
--- a/includes/Admin/Settings.php
+++ b/includes/Admin/Settings.php
@@ -360,6 +360,7 @@ public function get_settings_fields() {
                 'store_products_per_page' => [
                     'name'    => 'store_products_per_page',
                     'label'   => __( 'Store Products Per Page', 'dokan-lite' ),
+                    'desc'    => __( 'Set how many products to display per page on the vendor store page. It will affect only if the vendor isn\'t set this value on their vendor setting page.', 'dokan-lite' ),
                     'type'    => 'number',
                     'default' => '12',
                 ],
@@ -512,7 +513,6 @@ public function get_settings_fields() {
                 'reg_tc_page'   => [
                     'name'        => 'reg_tc_page',
                     'label'       => __( 'Terms and Conditions Page', 'dokan-lite' ),
-                    //'desc'        => __( 'Select a page to show Terms and Conditions', 'dokan-lite' ),
                     'type'        => 'select',
                     'placeholder' => __( 'Select page', 'dokan-lite' ),
                     'options'     => $pages_array,
diff --git a/templates/products/products-listing.php b/templates/products/products-listing.php
index 491d2ddd39..f8cabdada6 100755
--- a/templates/products/products-listing.php
+++ b/templates/products/products-listing.php
@@ -36,7 +36,7 @@
                 <article class="dokan-product-listing-area">
 
                     <?php
-                    $product_query = dokan()->product->all( [ 'author' => dokan_get_current_user_id() ] );
+                    $product_query = dokan()->product->all( [ 'author' => dokan_get_current_user_id(), 'posts_per_page' => 1 ] );
 
                     if ( $product_query->have_posts() ) {
                     ?>

From 6455137f52094ddb91231aa5e38ca1e62600e9bc Mon Sep 17 00:00:00 2001
From: Nurul Umbhiya <zikubd@gmail.com>
Date: Fri, 12 Feb 2021 18:20:32 +0600
Subject: [PATCH 4/4] chore: Bump version to 3.2.1

---
 README.md                |  12 +-
 dokan.php                |   6 +-
 languages/dokan-lite.pot | 262 ++++++++++++++++++++-------------------
 package.json             |   2 +-
 readme.txt               |  12 +-
 5 files changed, 157 insertions(+), 137 deletions(-)

diff --git a/README.md b/README.md
index e20ea73a60..9b7f50b2e5 100644
--- a/README.md
+++ b/README.md
@@ -3,11 +3,11 @@
 **Donate Link:** http://tareq.co/donate/  
 **Tags:** WooCommerce multivendor marketplace, multi vendor marketplace, multi seller store, multi-vendor, multi seller, commissions, multivendor, marketplace, product vendors, woocommerce vendor, commission rate, e-commerce, woocommerce, ebay, ecommerce, yith, yithemes  
 **Requires at least:** 4.4  
-**Tested up to:** 5.6  
+**Tested up to:** 5.6.1  
 **WC requires at least:** 3.0  
-**WC tested up to:** 4.9.2  
+**WC tested up to:** 5.0.0  
 **Requires PHP:** 5.6  
-**Stable tag:** 3.2.0  
+**Stable tag:** 3.2.1  
 **License:** GPLv2 or later  
 **License URI:** http://www.gnu.org/licenses/gpl-2.0.html  
 
@@ -292,6 +292,12 @@ A. Just install and activate the PRO version without deleting the free plugin. A
 
 ## Changelog ##
 
+### v3.2.1 ( February 12, 2021 ) ###
+
+**fix:** Optimized code for better security
+**update:** performance improvements on vendor dashboard end
+**fix:** fixed conflict with user frontend menu position with Dokan
+
 ### v3.2.0 ( January 29, 2021 ) ###
 
 **new** Added blank product page new UI on vendor dashboard
diff --git a/dokan.php b/dokan.php
index b8154f4269..dffffa8e7d 100755
--- a/dokan.php
+++ b/dokan.php
@@ -3,12 +3,12 @@
  * Plugin Name: Dokan
  * Plugin URI: https://wordpress.org/plugins/dokan-lite/
  * Description: An e-commerce marketplace plugin for WordPress. Powered by WooCommerce and weDevs.
- * Version: 3.2.0
+ * Version: 3.2.1
  * Author: weDevs
  * Author URI: https://wedevs.com/
  * Text Domain: dokan-lite
  * WC requires at least: 3.0
- * WC tested up to: 4.9.2
+ * WC tested up to: 5.0.0
  * Domain Path: /languages/
  * License: GPL2
  */
@@ -56,7 +56,7 @@ final class WeDevs_Dokan {
      *
      * @var string
      */
-    public $version = '3.2.0';
+    public $version = '3.2.1';
 
     /**
      * Instance of self
diff --git a/languages/dokan-lite.pot b/languages/dokan-lite.pot
index 5c027e59ef..69043af9d7 100644
--- a/languages/dokan-lite.pot
+++ b/languages/dokan-lite.pot
@@ -2,9 +2,9 @@
 # This file is distributed under the GPL2.
 msgid ""
 msgstr ""
-"Project-Id-Version: Dokan 3.2.0\n"
+"Project-Id-Version: Dokan 3.2.1\n"
 "Report-Msgid-Bugs-To: https://wedevs.com/contact/\n"
-"POT-Creation-Date: 2021-01-29 11:32:18+00:00\n"
+"POT-Creation-Date: 2021-02-12 11:34:02+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -121,7 +121,7 @@ msgid "Dokan"
 msgstr ""
 
 #: includes/Admin/AdminBar.php:54 includes/Admin/Menu.php:43
-#: includes/Admin/Settings.php:490 includes/Install/Installer.php:157
+#: includes/Admin/Settings.php:491 includes/Install/Installer.php:157
 #: includes/template-tags.php:378 src/admin/pages/Dashboard.vue:5
 msgid "Dashboard"
 msgstr ""
@@ -143,7 +143,7 @@ msgstr ""
 
 #: includes/Admin/Hooks.php:64 includes/Admin/Hooks.php:70
 #: includes/Admin/Hooks.php:357 includes/Admin/Hooks.php:379
-#: includes/Admin/Settings.php:401 includes/Admin/Settings.php:412
+#: includes/Admin/Settings.php:402 includes/Admin/Settings.php:413
 #: includes/Admin/SetupWizard.php:345 includes/Install/Installer.php:93
 #: includes/wc-template.php:17 includes/wc-template.php:172
 #: includes/wc-template.php:321 src/admin/pages/Dashboard.vue:38
@@ -422,136 +422,142 @@ msgstr ""
 msgid "Store Products Per Page"
 msgstr ""
 
-#: includes/Admin/Settings.php:373
+#: includes/Admin/Settings.php:363
+msgid ""
+"Set how many products to display per page on the vendor store page. It will "
+"affect only if the vendor isn't set this value on their vendor setting page."
+msgstr ""
+
+#: includes/Admin/Settings.php:374
 msgid "Commission"
 msgstr ""
 
-#: includes/Admin/Settings.php:378
+#: includes/Admin/Settings.php:379
 msgid "Commission Type "
 msgstr ""
 
-#: includes/Admin/Settings.php:379
+#: includes/Admin/Settings.php:380
 msgid "Select a commission type for Vendor"
 msgstr ""
 
-#: includes/Admin/Settings.php:386 src/admin/pages/VendorPaymentFields.vue:69
+#: includes/Admin/Settings.php:387 src/admin/pages/VendorPaymentFields.vue:69
 #: src/admin/pages/VendorPaymentFields.vue:78
 #: templates/admin-setup-wizard/step-selling.php:31
 msgid "Admin Commission"
 msgstr ""
 
-#: includes/Admin/Settings.php:387
+#: includes/Admin/Settings.php:388
 msgid "Amount you get from each sale"
 msgstr ""
 
-#: includes/Admin/Settings.php:397
+#: includes/Admin/Settings.php:398
 #: templates/admin-setup-wizard/step-store.php:14
 msgid "Shipping Fee Recipient"
 msgstr ""
 
-#: includes/Admin/Settings.php:398
+#: includes/Admin/Settings.php:399
 msgid "Who will be receiving the Shipping fees"
 msgstr ""
 
-#: includes/Admin/Settings.php:402 includes/Admin/Settings.php:413
+#: includes/Admin/Settings.php:403 includes/Admin/Settings.php:414
 #: includes/Admin/SetupWizard.php:346
 msgid "Admin"
 msgstr ""
 
-#: includes/Admin/Settings.php:408
+#: includes/Admin/Settings.php:409
 #: templates/admin-setup-wizard/step-store.php:28
 msgid "Tax Fee Recipient"
 msgstr ""
 
-#: includes/Admin/Settings.php:409
+#: includes/Admin/Settings.php:410
 msgid "Who will be receiving the Tax fees"
 msgstr ""
 
-#: includes/Admin/Settings.php:424
+#: includes/Admin/Settings.php:425
 msgid "Vendor Capability"
 msgstr ""
 
-#: includes/Admin/Settings.php:429
+#: includes/Admin/Settings.php:430
 msgid "New Vendor Product Upload"
 msgstr ""
 
-#: includes/Admin/Settings.php:430
+#: includes/Admin/Settings.php:431
 msgid "Allow newly registered vendors to add products"
 msgstr ""
 
-#: includes/Admin/Settings.php:436
+#: includes/Admin/Settings.php:437
 msgid "Disable Product Popup"
 msgstr ""
 
-#: includes/Admin/Settings.php:437
+#: includes/Admin/Settings.php:438
 msgid "Disable add new product in popup view"
 msgstr ""
 
-#: includes/Admin/Settings.php:443 src/admin/pages/VendorCapabilities.vue:89
+#: includes/Admin/Settings.php:444 src/admin/pages/VendorCapabilities.vue:89
 #: templates/admin-setup-wizard/step-selling.php:39
 msgid "Order Status Change"
 msgstr ""
 
-#: includes/Admin/Settings.php:444
+#: includes/Admin/Settings.php:445
 msgid "Allow vendor to update order status"
 msgstr ""
 
-#: includes/Admin/Settings.php:463 includes/Admin/SetupWizard.php:465
+#: includes/Admin/Settings.php:464 includes/Admin/SetupWizard.php:465
 msgid "Withdraw Methods"
 msgstr ""
 
-#: includes/Admin/Settings.php:464
+#: includes/Admin/Settings.php:465
 msgid "Select suitable Withdraw methods for Vendors"
 msgstr ""
 
-#: includes/Admin/Settings.php:471 includes/Admin/SetupWizard.php:502
+#: includes/Admin/Settings.php:472 includes/Admin/SetupWizard.php:502
 msgid "Minimum Withdraw Limit"
 msgstr ""
 
-#: includes/Admin/Settings.php:472
+#: includes/Admin/Settings.php:473
 msgid ""
 "Minimum balance required to make a withdraw request. Leave blank to set no "
 "minimum limits."
 msgstr ""
 
-#: includes/Admin/Settings.php:481
+#: includes/Admin/Settings.php:482
 msgid "Exclude COD Payments"
 msgstr ""
 
-#: includes/Admin/Settings.php:482
+#: includes/Admin/Settings.php:483
 msgid ""
 "If an order is paid with Cash on Delivery (COD), then exclude that payment "
 "from vendor balance."
 msgstr ""
 
-#: includes/Admin/Settings.php:491
+#: includes/Admin/Settings.php:492
 msgid "Select a page to show Vendor Dashboard"
 msgstr ""
 
-#: includes/Admin/Settings.php:493 includes/Admin/Settings.php:501
-#: includes/Admin/Settings.php:509 includes/Admin/Settings.php:517
+#: includes/Admin/Settings.php:494 includes/Admin/Settings.php:502
+#: includes/Admin/Settings.php:510 includes/Admin/Settings.php:517
 #: includes/Admin/Settings.php:627
 msgid "Select page"
 msgstr ""
 
-#: includes/Admin/Settings.php:498 includes/Install/Installer.php:169
+#: includes/Admin/Settings.php:499 includes/Install/Installer.php:169
 #: templates/global/header-menu.php:46
 msgid "My Orders"
 msgstr ""
 
-#: includes/Admin/Settings.php:499
+#: includes/Admin/Settings.php:500
 msgid "Select a page to show My Orders"
 msgstr ""
 
-#: includes/Admin/Settings.php:506
+#: includes/Admin/Settings.php:507
 msgid "Store Listing"
 msgstr ""
 
-#: includes/Admin/Settings.php:507
+#: includes/Admin/Settings.php:508
 msgid "Select a page to show all Stores"
 msgstr ""
 
-#: includes/Admin/Settings.php:514
+#: includes/Admin/Settings.php:515
 msgid "Terms and Conditions Page"
 msgstr ""
 
@@ -650,7 +656,7 @@ msgstr ""
 msgid "Email Address"
 msgstr ""
 
-#: includes/Admin/Settings.php:609 includes/Admin/UserProfile.php:211
+#: includes/Admin/Settings.php:609 includes/Admin/UserProfile.php:212
 #: src/admin/pages/VendorAccountFields.vue:64
 #: templates/account/vendor-registration.php:33
 #: templates/global/seller-registration-form.php:36
@@ -701,7 +707,7 @@ msgstr ""
 msgid "Store"
 msgstr ""
 
-#: includes/Admin/SetupWizard.php:155 includes/Admin/UserProfile.php:294
+#: includes/Admin/SetupWizard.php:155 includes/Admin/UserProfile.php:295
 msgid "Selling"
 msgstr ""
 
@@ -791,14 +797,14 @@ msgstr ""
 
 #: includes/Admin/SetupWizard.php:537 includes/Admin/SetupWizard.php:600
 #: includes/Admin/SetupWizardWCAdmin.php:232
-#: includes/Vendor/SetupWizard.php:243 includes/Vendor/SetupWizard.php:396
+#: includes/Vendor/SetupWizard.php:243 includes/Vendor/SetupWizard.php:390
 #: templates/admin-setup-wizard/step-selling.php:53
 #: templates/admin-setup-wizard/step-store.php:100
 msgid "Continue"
 msgstr ""
 
 #: includes/Admin/SetupWizard.php:538 includes/Vendor/SetupWizard.php:244
-#: includes/Vendor/SetupWizard.php:397
+#: includes/Vendor/SetupWizard.php:391
 #: templates/admin-setup-wizard/step-selling.php:54
 #: templates/admin-setup-wizard/step-store.php:101
 msgid "Skip this step"
@@ -942,7 +948,7 @@ msgstr ""
 msgid "We'll use %1$s for product weight and %2$s for product dimensions."
 msgstr ""
 
-#: includes/Admin/UserProfile.php:38 includes/Ajax.php:145
+#: includes/Admin/UserProfile.php:38 includes/Ajax.php:143
 #: includes/Assets.php:413 src/admin/pages/VendorAccountFields.vue:279
 #: src/admin/pages/VendorAccountFields.vue:311
 #: src/admin/pages/VendorAccountFields.vue:343
@@ -986,121 +992,122 @@ msgstr ""
 msgid "Upload banner"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:122
+#: includes/Admin/UserProfile.php:123
+#. translators: %1$s: banner width, %2$s: banner height in integers
 msgid "Upload a banner for your store. Banner size is (%1$sx%2$s) pixels."
 msgstr ""
 
-#: includes/Admin/UserProfile.php:134
+#: includes/Admin/UserProfile.php:135
 msgid "Store name"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:141
+#: includes/Admin/UserProfile.php:142
 #: src/admin/pages/VendorAccountFields.vue:53
 msgid "Store URL"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:149 includes/Privacy.php:223
+#: includes/Admin/UserProfile.php:150 includes/Privacy.php:223
 msgid "Address 1"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:156 includes/Privacy.php:224
+#: includes/Admin/UserProfile.php:157 includes/Privacy.php:224
 msgid "Address 2"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:163
+#: includes/Admin/UserProfile.php:164
 msgid "Town/City"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:170
+#: includes/Admin/UserProfile.php:171
 msgid "Zip Code"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:229
+#: includes/Admin/UserProfile.php:230
 msgid "Payment Options : "
 msgstr ""
 
-#: includes/Admin/UserProfile.php:234
+#: includes/Admin/UserProfile.php:235
 msgid "Paypal Email "
 msgstr ""
 
-#: includes/Admin/UserProfile.php:242
+#: includes/Admin/UserProfile.php:243
 msgid "Skrill Email "
 msgstr ""
 
-#: includes/Admin/UserProfile.php:251
+#: includes/Admin/UserProfile.php:252
 msgid "Bank name "
 msgstr ""
 
-#: includes/Admin/UserProfile.php:257
+#: includes/Admin/UserProfile.php:258
 msgid "Account Name "
 msgstr ""
 
-#: includes/Admin/UserProfile.php:263
+#: includes/Admin/UserProfile.php:264
 msgid "Account Number "
 msgstr ""
 
-#: includes/Admin/UserProfile.php:269
+#: includes/Admin/UserProfile.php:270
 msgid "Bank Address "
 msgstr ""
 
-#: includes/Admin/UserProfile.php:275 includes/Privacy.php:279
+#: includes/Admin/UserProfile.php:276 includes/Privacy.php:279
 #: src/admin/pages/VendorPaymentFields.vue:30
 msgid "Routing Number"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:281
+#: includes/Admin/UserProfile.php:282
 msgid "Bank IBAN "
 msgstr ""
 
-#: includes/Admin/UserProfile.php:287
+#: includes/Admin/UserProfile.php:288
 msgid "Bank Swift "
 msgstr ""
 
-#: includes/Admin/UserProfile.php:299
+#: includes/Admin/UserProfile.php:300
 msgid "Enable Adding Products"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:302
+#: includes/Admin/UserProfile.php:303
 msgid "Enable or disable product adding capability"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:307
+#: includes/Admin/UserProfile.php:308
 msgid "Publishing"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:312
+#: includes/Admin/UserProfile.php:313
 msgid "Publish product directly"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:315
+#: includes/Admin/UserProfile.php:316
 msgid "Bypass pending, publish products directly"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:320
+#: includes/Admin/UserProfile.php:321
 msgid "Admin Commission Type "
 msgstr ""
 
-#: includes/Admin/UserProfile.php:327
+#: includes/Admin/UserProfile.php:328
 msgid "Set the commmission type admin gets from this seller"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:331
+#: includes/Admin/UserProfile.php:332
 msgid "Admin Commission "
 msgstr ""
 
-#: includes/Admin/UserProfile.php:335
+#: includes/Admin/UserProfile.php:336
 msgid "It will override the default commission admin gets from each sales"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:340
+#: includes/Admin/UserProfile.php:341
 msgid "Featured vendor"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:345
+#: includes/Admin/UserProfile.php:346
 msgid "Mark as featured vendor"
 msgstr ""
 
-#: includes/Admin/UserProfile.php:348
+#: includes/Admin/UserProfile.php:349
 msgid "This vendor will be marked as a featured vendor."
 msgstr ""
 
@@ -1131,7 +1138,7 @@ msgstr ""
 msgid "Commision: "
 msgstr ""
 
-#: includes/Ajax.php:72 includes/Ajax.php:1003 includes/Ajax.php:1033
+#: includes/Ajax.php:72 includes/Ajax.php:999 includes/Ajax.php:1029
 #: includes/Dashboard/Templates/Withdraw.php:110
 #: includes/Dashboard/Templates/Withdraw.php:175
 msgid "You have no permission to do this action"
@@ -1141,98 +1148,99 @@ msgstr ""
 msgid "Something wrong, please try again later"
 msgstr ""
 
-#: includes/Ajax.php:112 includes/Dashboard/Templates/Settings.php:213
-#: includes/Dashboard/Templates/Settings.php:227
-#: includes/Dashboard/Templates/Settings.php:239
-#: includes/Dashboard/Templates/Settings.php:251
-#: includes/Dashboard/Templates/Settings.php:288
-#: includes/Dashboard/Templates/Settings.php:354
-#: includes/Dashboard/Templates/Settings.php:395
-#: includes/Dashboard/Templates/Settings.php:445
+#: includes/Ajax.php:108 includes/Dashboard/Templates/Settings.php:213
+#: includes/Dashboard/Templates/Settings.php:217
+#: includes/Dashboard/Templates/Settings.php:231
+#: includes/Dashboard/Templates/Settings.php:243
+#: includes/Dashboard/Templates/Settings.php:255
+#: includes/Dashboard/Templates/Settings.php:292
+#: includes/Dashboard/Templates/Settings.php:358
+#: includes/Dashboard/Templates/Settings.php:399
+#: includes/Dashboard/Templates/Settings.php:449
 #: includes/Dashboard/Templates/Withdraw.php:106
 #: includes/Dashboard/Templates/Withdraw.php:171
 msgid "Are you cheating?"
 msgstr ""
 
-#: includes/Ajax.php:163 includes/Ajax.php:198
+#: includes/Ajax.php:161 includes/Ajax.php:196
 msgid "You do not have sufficient permissions to access this page."
 msgstr ""
 
-#: includes/Ajax.php:167 includes/Ajax.php:202
+#: includes/Ajax.php:165 includes/Ajax.php:200
 msgid "You have taken too long. Please go back and retry."
 msgstr ""
 
-#: includes/Ajax.php:177 includes/Ajax.php:212
+#: includes/Ajax.php:175 includes/Ajax.php:210
 msgid "You do not have permission to change this order"
 msgstr ""
 
-#: includes/Ajax.php:275
+#: includes/Ajax.php:273
 #. translators: numeric number of files
 msgid "File %d"
 msgstr ""
 
-#: includes/Ajax.php:296
+#: includes/Ajax.php:294
 msgid "You have no permission to manage this order"
 msgstr ""
 
-#: includes/Ajax.php:332 includes/Ajax.php:337
+#: includes/Ajax.php:330 includes/Ajax.php:335
 msgid "Please provide your name."
 msgstr ""
 
-#: includes/Ajax.php:344 includes/template-tags.php:161
+#: includes/Ajax.php:342 includes/template-tags.php:161
 msgid "Something went wrong!"
 msgstr ""
 
-#: includes/Ajax.php:350 includes/REST/StoreController.php:812
+#: includes/Ajax.php:348 includes/REST/StoreController.php:812
 msgid "Email sent successfully!"
 msgstr ""
 
-#: includes/Ajax.php:409 templates/orders/details.php:293
+#: includes/Ajax.php:407 templates/orders/details.php:293
 msgid "Delete note"
 msgstr ""
 
-#: includes/Ajax.php:439
+#: includes/Ajax.php:437
 msgid "Shipping provider: "
 msgstr ""
 
-#: includes/Ajax.php:439
+#: includes/Ajax.php:437
 msgid "Shipping number: "
 msgstr ""
 
-#: includes/Ajax.php:439
+#: includes/Ajax.php:437
 msgid "Shipped date: "
 msgstr ""
 
-#: includes/Ajax.php:481 includes/woo-views/html-product-download.php:14
+#: includes/Ajax.php:479 includes/woo-views/html-product-download.php:14
 msgid "Delete"
 msgstr ""
 
-#: includes/Ajax.php:524 includes/Vendor/UserSwitch.php:122
+#: includes/Ajax.php:520 includes/Vendor/UserSwitch.php:122
 msgid "Error: Nonce verification failed"
 msgstr ""
 
-#: includes/Ajax.php:614
+#: includes/Ajax.php:610
 msgid "Image could not be processed. Please go back and try again."
 msgstr ""
 
-#: includes/Ajax.php:771
+#: includes/Ajax.php:767
 #. translators: 1. Customer name, 2. Customer ID, 3: Customer email
 msgid "%1$s (#%2$s &ndash; %3$s)"
 msgstr ""
 
-#: includes/Ajax.php:919
+#: includes/Ajax.php:915
 msgid "Invalid username or password."
 msgstr ""
 
-#: includes/Ajax.php:930
+#: includes/Ajax.php:926
 msgid "Wrong username or password."
 msgstr ""
 
-#: includes/Ajax.php:959
+#: includes/Ajax.php:955
 msgid "User logged in successfully."
 msgstr ""
 
-#: includes/Ajax.php:1009
+#: includes/Ajax.php:1005
 msgid "id param is required"
 msgstr ""
 
@@ -1666,33 +1674,33 @@ msgstr ""
 msgid "Delete Permanently"
 msgstr ""
 
-#: includes/Dashboard/Templates/Products.php:235
+#: includes/Dashboard/Templates/Products.php:231
 msgid "Details of your product ..."
 msgstr ""
 
-#: includes/Dashboard/Templates/Products.php:244
-#: includes/Dashboard/Templates/Products.php:392
+#: includes/Dashboard/Templates/Products.php:240
+#: includes/Dashboard/Templates/Products.php:388
 #: includes/Product/functions.php:31
 msgid "Please enter product title"
 msgstr ""
 
-#: includes/Dashboard/Templates/Products.php:251
-#: includes/Dashboard/Templates/Products.php:399
+#: includes/Dashboard/Templates/Products.php:247
+#: includes/Dashboard/Templates/Products.php:395
 #: includes/Product/functions.php:36
 msgid "Please select a category"
 msgstr ""
 
-#: includes/Dashboard/Templates/Products.php:256
-#: includes/Dashboard/Templates/Products.php:404
+#: includes/Dashboard/Templates/Products.php:252
+#: includes/Dashboard/Templates/Products.php:400
 #: includes/Product/functions.php:40
 msgid "Please select AT LEAST ONE category"
 msgstr ""
 
-#: includes/Dashboard/Templates/Products.php:411
+#: includes/Dashboard/Templates/Products.php:407
 msgid "No product found!"
 msgstr ""
 
-#: includes/Dashboard/Templates/Products.php:415
+#: includes/Dashboard/Templates/Products.php:411
 #: includes/Product/functions.php:64
 msgid "I swear this is not your product!"
 msgstr ""
@@ -1708,50 +1716,50 @@ msgid ""
 "payments seamlessly."
 msgstr ""
 
-#: includes/Dashboard/Templates/Settings.php:223
+#: includes/Dashboard/Templates/Settings.php:227
 msgid "Pemission denied social"
 msgstr ""
 
-#: includes/Dashboard/Templates/Settings.php:235
-#: includes/Dashboard/Templates/Settings.php:247
+#: includes/Dashboard/Templates/Settings.php:239
+#: includes/Dashboard/Templates/Settings.php:251
 msgid "Pemission denied"
 msgstr ""
 
-#: includes/Dashboard/Templates/Settings.php:265
+#: includes/Dashboard/Templates/Settings.php:269
 msgid "Your information has been saved successfully"
 msgstr ""
 
-#: includes/Dashboard/Templates/Settings.php:296
-#: includes/Dashboard/Templates/Settings.php:403
+#: includes/Dashboard/Templates/Settings.php:300
+#: includes/Dashboard/Templates/Settings.php:407
 msgid "Store name required"
 msgstr ""
 
-#: includes/Dashboard/Templates/Settings.php:302
-#: includes/Dashboard/Templates/Settings.php:362
-#: includes/Dashboard/Templates/Settings.php:409
+#: includes/Dashboard/Templates/Settings.php:306
+#: includes/Dashboard/Templates/Settings.php:366
+#: includes/Dashboard/Templates/Settings.php:413
 msgid "Store type required"
 msgstr ""
 
-#: includes/Dashboard/Templates/Settings.php:310
-#: includes/Dashboard/Templates/Settings.php:370
-#: includes/Dashboard/Templates/Settings.php:417
-#: includes/Dashboard/Templates/Settings.php:454
+#: includes/Dashboard/Templates/Settings.php:314
+#: includes/Dashboard/Templates/Settings.php:374
+#: includes/Dashboard/Templates/Settings.php:421
+#: includes/Dashboard/Templates/Settings.php:458
 msgid "Invalid email"
 msgstr ""
 
-#: includes/Dashboard/Templates/Settings.php:329
+#: includes/Dashboard/Templates/Settings.php:333
 msgid "Address field for %s is required"
 msgstr ""
 
-#: includes/Dashboard/Templates/Settings.php:611
+#: includes/Dashboard/Templates/Settings.php:619
 msgid "Book"
 msgstr ""
 
-#: includes/Dashboard/Templates/Settings.php:612
+#: includes/Dashboard/Templates/Settings.php:620
 msgid "Dress"
 msgstr ""
 
-#: includes/Dashboard/Templates/Settings.php:613
+#: includes/Dashboard/Templates/Settings.php:621
 msgid "Electronic"
 msgstr ""
 
@@ -4019,15 +4027,15 @@ msgstr ""
 msgid "Select an option&hellip;"
 msgstr ""
 
-#: includes/Vendor/SetupWizard.php:374
+#: includes/Vendor/SetupWizard.php:368
 msgid "Payment Setup"
 msgstr ""
 
-#: includes/Vendor/SetupWizard.php:478
+#: includes/Vendor/SetupWizard.php:466
 msgid "Your Store is Ready!"
 msgstr ""
 
-#: includes/Vendor/SetupWizard.php:483
+#: includes/Vendor/SetupWizard.php:471
 msgid "Go to your Store Dashboard!"
 msgstr ""
 
diff --git a/package.json b/package.json
index 7b9f531d98..0ba28ff673 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "dokan",
-  "version": "3.2.0",
+  "version": "3.2.1",
   "description": "A WordPress marketplace plugin",
   "author": "weDevs",
   "license": "GPL",
diff --git a/readme.txt b/readme.txt
index cd09de441d..2a8ff70d51 100644
--- a/readme.txt
+++ b/readme.txt
@@ -3,11 +3,11 @@ Contributors: tareq1988, wedevs, nizamuddinbabu
 Donate Link: http://tareq.co/donate/
 Tags: WooCommerce multivendor marketplace, multi vendor marketplace, multi seller store, multi-vendor, multi seller, commissions, multivendor, marketplace, product vendors, woocommerce vendor, commission rate, e-commerce, woocommerce, ebay, ecommerce, yith, yithemes
 Requires at least: 4.4
-Tested up to: 5.6
+Tested up to: 5.6.1
 WC requires at least: 3.0
-WC tested up to: 4.9.2
+WC tested up to: 5.0.0
 Requires PHP: 5.6
-Stable tag: 3.2.0
+Stable tag: 3.2.1
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -292,6 +292,12 @@ A. Just install and activate the PRO version without deleting the free plugin. A
 
 == Changelog ==
 
+= v3.2.1 ( February 12, 2021 ) =
+
+**fix:** Optimized code for better security
+**update:** performance improvements on vendor dashboard end
+**fix:** fixed conflict with user frontend menu position with Dokan
+
 = v3.2.0 ( January 29, 2021 ) =
 
 **new** Added blank product page new UI on vendor dashboard