This repository has been archived by the owner on Feb 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 219
Replace sanitization functions to enforce string values #10242
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mikejolley
added
status: needs review
type: bug
The issue/PR concerns a confirmed bug.
focus: rest api
Work impacting REST api routes.
labels
Jul 17, 2023
woocommercebot
requested review from
a team and
nielslange
and removed request for
a team
July 17, 2023 14:15
The release ZIP for this PR is accessible via:
Script Dependencies ReportThe
This comment was automatically generated by the TypeScript Errors Report
🎉 🎉 This PR does not introduce new TS errors. |
Size Change: 0 B Total Size: 1.36 MB ℹ️ View Unchanged
|
senadir
approved these changes
Jul 17, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR checks out.
github-actions
bot
added
status: ready to merge
and removed
status: needs review
labels
Jul 17, 2023
senadir
force-pushed
the
fix/store-api-format-customer-data
branch
from
July 17, 2023 14:34
9b7dc5b
to
71baeb9
Compare
senadir
force-pushed
the
fix/store-api-format-customer-data
branch
from
July 17, 2023 15:16
71baeb9
to
3fbebc3
Compare
wavvves
approved these changes
Jul 17, 2023
opr
pushed a commit
that referenced
this pull request
Jul 17, 2023
opr
pushed a commit
that referenced
this pull request
Jul 17, 2023
opr
added a commit
that referenced
this pull request
Jul 18, 2023
* Empty commit for release pull request * Stop reading Product IDs from asset store in filter blocks (#10195) * Remove queries that fetch all products for manipulating the results returned by the Store API for certain use-cases. * Remove the code that's supposed to read product ids for filter context and logic around that in useCollectionData * Fix incorrect merge --------- Co-authored-by: Patricia Hillebrandt <[email protected]> * fix migration (#10205) * Add cherry picked PRs and add testing link * Cherry pick aa9312d and resolve conflict for version 10.4.6 as the add_support_for_filter_blocks function was introduced in an older version (10.6) * Merge pull request from GHSA-gxfx-93xq-pr6p * Add cors check * refactor logic * Refactor add_cors_headers to allow null and allowed hosts * Move remove_filter inline * Revert unrelated code style changes * Add explainer to docblock * Remove access for null origin * Move CORS handling to auth class so it applies API wide * Move only Authentication to priority 11 * Handle preflight requests so cart-tokens work --------- Co-authored-by: Mike Jolley <[email protected]> * Add testing notes * Add testing zip to notes * Add changelog to readme * Update version numbers * Update testing zip * Replace sanitization functions to enforce string values (#10242) * Update testing zip * Update testing zip --------- Co-authored-by: github-actions <[email protected]> Co-authored-by: Karol Manijak <[email protected]> Co-authored-by: Patricia Hillebrandt <[email protected]> Co-authored-by: Luigi Teschio <[email protected]> Co-authored-by: Thomas Roberts <[email protected]> Co-authored-by: Seghir Nadir <[email protected]> Co-authored-by: Mike Jolley <[email protected]>
opr
added a commit
that referenced
this pull request
Jul 18, 2023
* Empty commit for release pull request * Product Filters > Fix Performance issue and Fatal error on stores with a high volume of products (#10198) * Remove queries that fetch all products for manipulating the results returned by the Store API for certain use-cases. * Keep support for Product Collection block * Stop reading Product IDs from asset store in filter blocks (#10195) * Remove queries that fetch all products for manipulating the results returned by the Store API for certain use-cases. * Remove the code that's supposed to read product ids for filter context and logic around that in useCollectionData * Fix incorrect merge --------- Co-authored-by: Patricia Hillebrandt <[email protected]> * Add testing instructions for 10.6.1 * Fix margin issue with the Proceed to checkout button on the site editor (#10182) * Fix margin issue with the Proceed to checkout button on the site editor * Remove unecessary selector * Merge pull request from GHSA-gxfx-93xq-pr6p * Add cors check * refactor logic * Refactor add_cors_headers to allow null and allowed hosts * Move remove_filter inline * Revert unrelated code style changes * Add explainer to docblock * Remove access for null origin * Move CORS handling to auth class so it applies API wide * Move only Authentication to priority 11 * Handle preflight requests so cart-tokens work --------- Co-authored-by: Mike Jolley <[email protected]> * Add changelog to readme * Bump versions, readme, changelog, and testing notes * Add testing zip * fix migration (#10205) * New testing zip * Don't send headers early in Store API (#10241) * Replace sanitization functions to enforce string values (#10242) * New testing zip * Update changelog --------- Co-authored-by: github-actions <[email protected]> Co-authored-by: Patricia Hillebrandt <[email protected]> Co-authored-by: Karol Manijak <[email protected]> Co-authored-by: Thomas Roberts <[email protected]> Co-authored-by: Alex Florisca <[email protected]> Co-authored-by: Seghir Nadir <[email protected]> Co-authored-by: Mike Jolley <[email protected]> Co-authored-by: Luigi Teschio <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR ensures that address data posted to the Store API is correctly formatted as a string.
Previously data was sanitized by
wc_clean
which supports arrays of data also. In this case, we need to enforce string values to match the Store API schema, so the fix here is to instead usesanitize_text_field
directly.Testing
Automated Tests
User Facing Testing
To test, use a rest API client to add something to your cart and then post the following to the wp-json/wc/store/checkout endpoint:
This should come back with a 400 bad request after this PR is merged. I have added a unit test to confirm this.
WooCommerce Visibility
Changelog