search

woocommerce / woocommerce

A customizable, open-source ecommerce platform built on WordPress. Build any commerce solution you can imagine.
https://woocommerce.com
9.41k stars 10.77k forks source link

Coupon code starting with % and followed by numeral get's sanitised #22937

Closed addedlovely closed 5 years ago

addedlovely commented 5 years ago

Describe the bug Adding a coupon that starts with % and a number, e.g. %15test - get's mutated into 'test'.

The coupon is named correctly on the edit coupon screen, but incorrectly on the coupons listing screen.

Applying the coupon code fails on the frontend, unless you enter 'test'.

Note, creating a coupon that starts with a '%' and is followed by a letter works fine.

To Reproduce

  1. Goto 'WooCommerce > Coupons' - add a new coupon titled %15test
  2. Goto 'WooCommerce > Coupons' - note the coupon is now called 'test'
  3. Edit the coupon, note that the coupon is correctly titled %15test
  4. Add another coupon called %20test and you'll get a validation message 'Coupon code already exists - customers will use the latest coupon with this code.'

Expected behavior Either validation before publishing to pick up invalid characters, or allow the coupon code as entered.

Isolating the problem (mark completed items with an [x]):

WordPress Environment WC Version: 3.5.5 Log Directory Writable: ✔ WP Version: 5.1 WP Multisite: – WP Memory Limit: 768 MB WP Debug Mode: ✔ WP Cron: ✔ Language: en_GB External object cache: –

Server Environment

Server Info: Apache PHP Version: 7.2.15 PHP Post Max Size: 128 MB PHP Time Limit: 0 PHP Max Input Vars: 1000 cURL Version: 7.59.0 OpenSSL/1.0.2q

SUHOSIN Installed: – MySQL Version: 5.6.40-84.0-log Max Upload Size: 128 MB Default Timezone is UTC: ✔ fsockopen/cURL: ✔ SoapClient: ✔ DOMDocument: ✔ GZip: ✔ Multibyte String: ✔ Remote Post: ✔ Remote Get: ✔

Database

WC Database Version: 3.5.5 WC Database Prefix: wphg Total Database Size: 14.94MB Database Data Size: 10.80MB Database Index Size: 4.14MB wp_hg_woocommerce_sessions: Data: 0.02MB + Index: 0.02MB wp_hg_woocommerce_api_keys: Data: 0.02MB + Index: 0.03MB wp_hg_woocommerce_attribute_taxonomies: Data: 0.02MB + Index: 0.02MB wp_hg_woocommerce_downloadable_product_permissions: Data: 0.02MB + Index: 0.05MB wp_hg_woocommerce_order_items: Data: 0.02MB + Index: 0.02MB wp_hg_woocommerce_order_itemmeta: Data: 0.02MB + Index: 0.03MB wp_hg_woocommerce_tax_rates: Data: 0.02MB + Index: 0.06MB wp_hg_woocommerce_tax_rate_locations: Data: 0.02MB + Index: 0.03MB wp_hg_woocommerce_shipping_zones: Data: 0.02MB + Index: 0.00MB wp_hg_woocommerce_shipping_zone_locations: Data: 0.02MB + Index: 0.03MB wp_hg_woocommerce_shipping_zone_methods: Data: 0.02MB + Index: 0.00MB wp_hg_woocommerce_payment_tokens: Data: 0.02MB + Index: 0.02MB wp_hg_woocommerce_payment_tokenmeta: Data: 0.02MB + Index: 0.03MB wp_hg_woocommerce_log: Data: 0.02MB + Index: 0.02MB wp_hg_aelia_dismissed_messages: Data: 0.02MB + Index: 0.00MB wp_hg_commentmeta: Data: 0.02MB + Index: 0.03MB wp_hg_comments: Data: 0.02MB + Index: 0.09MB wp_hg_imagify_files: Data: 0.02MB + Index: 0.08MB wp_hg_imagify_folders: Data: 0.02MB + Index: 0.03MB wp_hg_links: Data: 0.02MB + Index: 0.02MB wp_hg_options: Data: 2.03MB + Index: 0.06MB wp_hg_postmeta: Data: 7.45MB + Index: 2.72MB wp_hg_posts: Data: 0.28MB + Index: 0.13MB wp_hg_swp_cf: Data: 0.02MB + Index: 0.05MB wp_hg_swp_index: Data: 0.23MB + Index: 0.16MB wp_hg_swp_log: Data: 0.02MB + Index: 0.05MB wp_hg_swp_tax: Data: 0.05MB + Index: 0.05MB wp_hg_swp_terms: Data: 0.05MB + Index: 0.05MB wp_hg_termmeta: Data: 0.02MB + Index: 0.03MB wp_hg_terms: Data: 0.02MB + Index: 0.03MB wp_hg_term_relationships: Data: 0.09MB + Index: 0.02MB wp_hg_term_taxonomy: Data: 0.02MB + Index: 0.03MB wp_hg_usermeta: Data: 0.02MB + Index: 0.03MB wp_hg_users: Data: 0.02MB + Index: 0.05MB wp_hg_wc_download_log: Data: 0.02MB + Index: 0.03MB wp_hg_wc_webhooks: Data: 0.02MB + Index: 0.02MB wp_hg_yoast_seo_links: Data: 0.02MB + Index: 0.02MB wp_hg_yoast_seo_meta: Data: 0.02MB + Index: 0.00MB

Post Type Counts

acf-field: 54 acf-field-group: 6 attachment: 432 customize_changeset: 2 mc4wp-form: 1 nav_menu_item: 11 page: 14 post: 10 product: 47 product_variation: 50 revision: 154 shop_coupon: 8 shop_order: 1

Security

Secure connection (HTTPS): ✔ Hide errors from visitors: ❌Error messages should not be shown to visitors.

Active Plugins (1)

WooCommerce: by Automattic – 3.5.5

Settings

API Enabled: – Force SSL: – Currency: GBP (£) Currency Position: left Thousand Separator: , Decimal Separator: . Number of Decimals: 2 Taxonomies: Product Types: external (external) grouped (grouped) simple (simple) variable (variable)

Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog) exclude-from-search (exclude-from-search) featured (featured) outofstock (outofstock) rated-1 (rated-1) rated-2 (rated-2) rated-3 (rated-3) rated-4 (rated-4) rated-5 (rated-5)

WC Pages

Shop base: #15 - /store/ Basket: #16 - /basket/ Checkout: #17 - /checkout/ My account: #18 - /my-account/ Terms and conditions: ❌ Page not set

Theme

Name: Storefront Version: 2.4.3 Author URL: https://woocommerce.com/ Child Theme: ❌ – If you are modifying WooCommerce on a parent theme that you did not build personally we recommend using a child theme. See: How to create a child theme

WooCommerce Support: ✔

Templates

Overrides: –

mikejolley commented 5 years ago

See https://github.com/woocommerce/woocommerce/pull/22945