[BUG] esc_html used instead of esc_attr, causing incorrect store name in Mailchimp

[chvillanuevap]

Describe the bug I'm using version 4.2.1, but I have seen the same code in 4.3.1. In 4.2.1, in admin/partials/tab/api-key.php:45, admin/v2/templates/connect-accounts/create-account-page.php:81, and admin/v2/templates/connect-accounts/create-account-popup.php:30, there is the following input field:

<input id="org" name="org" type="hidden" value="<?php echo esc_html( get_bloginfo( 'name' ) ); ?>">

The sanitizing function esc_html should not be used here, because it will convert characters like quotes into HTML entities. For example, my store, The Postman's Knock, is being saved as s:10:"store_name";s:24:"The Postman's Knock"; in mailchimp_woocommerce in wp_options and displays like this in Mailchimp:

The correct function to use to sanitize attributes like value is esc_attr. This should be changed in all 3 instances of this input field.

If I change the value in my database, will that update in Mailchimp? The GUI does not have an option to change the name.

To Reproduce Steps to reproduce the behavior:

1. Go to the Connect Account admin page on installation where the input field is located.
2. Use a store name with an apostrophe.
3. See how it's stored in the database and displayed on Mailchimp.

Expected behavior The store name should be displayed correctly without HTML entities, using the correct sanitizing function (esc_attr instead of esc_html).

Operating environment (please complete the following information):

• Store URL: https://thepostmansknock.com
• Plugin version: 4.2.1
• WooCommerce version: 8.7.0
• Wordpress version: 6.4.5
• PHP version: 8.2.19

Things to verify before submitting a ticket

• [ ] Verify you are using the most up to date plugin version.
• [ ] Enable "Remote Diagnostics" from the plugin's Settings tab (if possible)
• [ ] If there any fatal errors in WooCommerce, please provide (WooCommerce -> Status -> Logs)
• [x] If you're using the current version of the plugin, it utilizes a queue powered by Action Scheduler. It depends on WP_CRON to be activated with your hosting provider. Please confirm with your host that it's enabled.
• [x] Do you have any caching plugins or services running? If you're using Redis, Nginx, or MemCache, see if you or your hosting provider can exclude certain paths to the REST API and /wp-json/mailchimp-for-woocommerce. Visit our Wiki help page on this topic for more information.
• [x] If you have a large number of plugins being used, you may need to bump up your memory limit on your server (1GB for example) to accommodate the initial sync.

[kjvextras]

Hi @chvillanuevap - Thanks for reaching out. We will check this out and circle back.

[ryanhungate]

We've started a new branch 4.4 which will address this. Thanks for reporting.