Closed madeincosmos closed 2 years ago
Related: https://stripe.com/docs/connect/statement-descriptors#requirements
An appropriate fix could be to strip non digit non letter non space from any entry before persisting.
In addition, only alpha-numeric characters may be used.
is mentioned in the docs under setup and config.
Stripping non-alpha numeric would be great.
@allendav @dougaitken would it be appropriate here to display some sort of warning and refusing to save this option? If users don't see what they expect in the box after saving the settings without being informed about why it changed, that will definitely be a source of confusion 🙂.
Adding an error to wp-admin is easy enough:
if ( ! empty( $statement_descriptor ) ) {
$setting_link = $this->get_setting_link();
// Check if statement descriptor contains invalid characters.
$allowed_symbols_regex = '/^[a-zA-Z0-9:;\.,[\]\-_\/?|~`!@#$%^&(){}=+\s]+$/';
if ( ! preg_match( $allowed_symbols_regex, $statement_descriptor ) ) {
/* translators: 1) link */
$this->add_admin_notice( 'statement_descriptor', 'notice notice-error', sprintf( __( 'The statement descriptor contains some <a href="%1$s">invalid characters</a>. Store checkout may fail! Please go to your settings and <a href="%2$s">ensure your statement descriptor is alphanumeric</a>.', 'woocommerce-gateway-stripe' ), 'https://stripe.com/docs/connect/statement-descriptors#requirements', $setting_link ), true );
}
// Check if statement descriptor has the right length; between 5 and 22 characters.
if ( strlen( $statement_descriptor ) < 5 || 22 < strlen( $statement_descriptor ) ) {
/* translators: 1) link */
$this->add_admin_notice( 'statement_descriptor', 'notice notice-error', sprintf( __( 'The statement descriptor is either <a href="%1$s">too long or too short</a>. Store checkout may fail! Please go to your settings and <a href="%2$s">ensure your statement descriptor has the right length.</a>', 'woocommerce-gateway-stripe' ), 'https://stripe.com/docs/connect/statement-descriptors#requirements', $setting_link ), true );
}
}
Is punctuation included in the alphanumeric restriction, or is it purely /[a-zA-Z0-9\s]/
?
I'm also wondering if showing errors like these is enough, or if we should automatically strip the descriptor? This includes cutting off the descriptor if it's too long, and padding it if it's too short?
Can we ask Stripe to confirm @reykjalin? I'm unsure about what characters are allowed but it sounds like only alpha-numeric is only allowed now so no punctuation
2590402-zen
In this case the statement descriptor was set to Chinese characters which resulted in the following error:
Invalid UTF-8 characters found in POST body
Neither the settings nor the Stripe documentation indicates which characters can be used: https://stripe.com/docs/statement-descriptors https://stripe.com/docs/api/charges/create
Would be nice to get a final answer from Stripe on that. I assume it's alpha numeric characters since it has to work for every bank.
Another user running into the same problem in 3071324-zen.
They had the É
letter in statement descriptor.
This issue is partially fixed in #1263 and partially fixed by Stripe now accepting these characters:
The part that's not fixed is that we don't let the user know that these characters will either be stripped by Stripe, or will be converted to latin characters. I'll change the name and description of this issue to reflect that.
For reference, here's a doc outlining the requirements of statement descriptors: https://stripe.com/docs/statement-descriptors#requirements
Closing this since we're now letting the merchant know about an acceptable input for the statement descriptor field (via #2283).
Added by @v18:
When receiving statement descriptors with disallowed characters, Stripe will either strip or convert the characters. We should let the merchant know about this when saving the statement descriptor in their settings.
Affected ticket(s)
1894621-zen
What I expected
To process transactions through Stripe.
What happened instead
There's an error on the checkout page
Sorry, we are unable to process your payment at this time. Please retry later.
This turned out to be due to non-UTF-8 characters included in Statement Descriptor, such as
™
:Screenshot: https://cld.wthms.co/bANjrb
Removing the character solved the problem, but it would be great to escape this string anyway as it's breaking the main checkout flow.
Steps to reproduce the issue
Super Awesome Company™