MailChimp for Woocommerce Integration. Syncs all data (subscriber, customers, orders, products) and enables marketing automation with email campaigns, automations, ads, postcards and more.
Describe the bug
I'm using version 4.2.1, but I have seen the same code in 4.3.1. In 4.2.1, in admin/partials/tab/api-key.php:45, admin/v2/templates/connect-accounts/create-account-page.php:81, and admin/v2/templates/connect-accounts/create-account-popup.php:30, there is the following input field:
The sanitizing function esc_html should not be used here, because it will convert characters like quotes into HTML entities. For example, my store, The Postman's Knock, is being saved as s:10:"store_name";s:24:"The Postman's Knock"; in mailchimp_woocommerce in wp_options and displays like this in Mailchimp:
The correct function to use to sanitize attributes like value is esc_attr. This should be changed in all 3 instances of this input field.
If I change the value in my database, will that update in Mailchimp? The GUI does not have an option to change the name.
To Reproduce
Steps to reproduce the behavior:
Go to the Connect Account admin page on installation where the input field is located.
Use a store name with an apostrophe.
See how it's stored in the database and displayed on Mailchimp.
Expected behavior
The store name should be displayed correctly without HTML entities, using the correct sanitizing function (esc_attr instead of esc_html).
Operating environment (please complete the following information):
[ ] Verify you are using the most up to date plugin version.
[ ] Enable "Remote Diagnostics" from the plugin's Settings tab (if possible)
[ ] If there any fatal errors in WooCommerce, please provide (WooCommerce -> Status -> Logs)
[x] If you're using the current version of the plugin, it utilizes a queue powered by Action Scheduler. It depends on WP_CRON to be activated with your hosting provider. Please confirm with your host that it's enabled.
[x] Do you have any caching plugins or services running? If you're using Redis, Nginx, or MemCache, see if you or your hosting provider can exclude certain paths to the REST API and /wp-json/mailchimp-for-woocommerce. Visit our Wiki help page on this topic for more information.
[x] If you have a large number of plugins being used, you may need to bump up your memory limit on your server (1GB for example) to accommodate the initial sync.
Describe the bug I'm using version 4.2.1, but I have seen the same code in 4.3.1. In 4.2.1, in
admin/partials/tab/api-key.php:45
,admin/v2/templates/connect-accounts/create-account-page.php:81
, andadmin/v2/templates/connect-accounts/create-account-popup.php:30
, there is the following input field:The sanitizing function
esc_html
should not be used here, because it will convert characters like quotes into HTML entities. For example, my store, The Postman's Knock, is being saved ass:10:"store_name";s:24:"The Postman's Knock";
inmailchimp_woocommerce
inwp_options
and displays like this in Mailchimp:The correct function to use to sanitize attributes like
value
isesc_attr
. This should be changed in all 3 instances of this input field.If I change the value in my database, will that update in Mailchimp? The GUI does not have an option to change the name.
To Reproduce Steps to reproduce the behavior:
Expected behavior The store name should be displayed correctly without HTML entities, using the correct sanitizing function (
esc_attr
instead ofesc_html
).Operating environment (please complete the following information):
Things to verify before submitting a ticket
WP_CRON
to be activated with your hosting provider. Please confirm with your host that it's enabled.REST API
and/wp-json/mailchimp-for-woocommerce
. Visit our Wiki help page on this topic for more information.