Filter by Stock and Filter by Rating: Fix the potential endless redirection loop when used on a search results page

[kmanijak]

Issue: #8707

Problem statement

If we have the widget 'Filter Products by Stock' enabled (), when we search products and the string contains the single quote character ', the page gets in an infinite reloading loop.

Explanation

Single quote character ' is not encoded by componentURIComponents method (docs), while it is encoded in the URL (%27). So in the Filter by Stock and Filter by Rating, when there's a comparison of URL after augmenting the query params, the search param was never matching (s=' vs s=%27).

Solution

The search term is encoded/normalized using addQueryArgs which does the encoding under the hood. It's used ONLY for comparison purposes.
One caveat is that calling addQueryArgs from @wordpress/url runs encoding on each of the query param, not only the one that's added.

Review

When reviewing please focus on possible security concerns.

Fixes #8707

Screenshots

Before	After
https://user-images.githubusercontent.com/20098064/226333224-f54927c0-7ed4-4cd8-9bf3-490e45c74ec7.mov	https://user-images.githubusercontent.com/20098064/226333413-b8aef6b3-dca3-4b23-ac8b-00e9cf6d1070.mov

Testing

Automated Tests

• Changes in this PR are covered by Automated Tests.
  • Unit tests
  • E2E tests

User Facing Testing

1. Enable TT1 theme
2. Go to Appearance -> Widgets
3. Add there Filter by Stock, Filter by Rating, Active Filters and Product Search blocks
4. Save and go to your store's shop
5. Your blocks should be available in the footer
6. Input in the search term: ' and then some other random terms including letters, numbers, white space, special characters
7. Expected: there's no endless redirections
8. Click on some filters to Filter by Stock and Filter by Rating and confirm there's no redirection loop

• Do not include in the Testing Notes

WooCommerce Visibility

• WooCommerce Core
• Feature plugin
• Experimental

Performance Impact

Changelog

Filter by Stock and Filter by Rating: Fix the potential endless redirection loop when used on a search results page

[github-actions]

The release ZIP for this PR is accessible via:

https://wcblocks.wpcomstaging.com/wp-content/uploads/woocommerce-gutenberg-products-block-8784.zip

Script Dependencies Report

There is no changed script dependency between this branch and trunk.

This comment was automatically generated by the ./github/compare-assets action.

TypeScript Errors Report

• Files with errors: 487
• Total errors: 2307

🎉 🎉 This PR does not introduce new TS errors.

_{comments-aggregator}

[github-actions]

Size Change: +294 B (0%)

Total Size: 1.12 MB

Filename	Size	Change
build/active-filters-frontend.js	7.99 kB	+17 B (0%)
build/active-filters-wrapper-frontend.js	6 kB	+18 B (0%)
build/active-filters.js	7.49 kB	+16 B (0%)
build/all-products-frontend.js	11.7 kB	+5 B (0%)
build/attribute-filter-frontend.js	22.5 kB	+10 B (0%)
build/attribute-filter-wrapper--stock-filter-wrapper-frontend.js	3.38 kB	+22 B (+1%)
build/attribute-filter-wrapper-frontend.js	4.5 kB	+2 B (0%)
build/attribute-filter.js	13.2 kB	+19 B (0%)
build/cart-blocks/cart-accepted-payment-methods-frontend.js	1.38 kB	+1 B (0%)
build/cart-blocks/cart-cross-sells-products-frontend.js	9.75 kB	-2 B (0%)
build/cart-blocks/cart-express-payment--checkout-blocks/express-payment-frontend.js	5.2 kB	+1 B (0%)
build/cart-blocks/order-summary-coupon-form-frontend.js	1.62 kB	-1 B (0%)
build/cart-blocks/order-summary-heading-frontend.js	456 B	+1 B (0%)
build/cart-blocks/order-summary-shipping-frontend.js	11.2 kB	-3 B (0%)
build/cart-blocks/proceed-to-checkout-frontend.js	1.33 kB	-1 B (0%)
build/checkout-blocks/actions-frontend.js	1.85 kB	+1 B (0%)
build/checkout-blocks/billing-address-frontend.js	4.19 kB	-2 B (0%)
build/checkout-blocks/contact-information-frontend.js	2.05 kB	-2 B (0%)
build/checkout-blocks/express-payment-frontend.js	1.14 kB	+1 B (0%)
build/checkout-blocks/order-note-frontend.js	1.14 kB	-1 B (0%)
build/checkout-blocks/order-summary-frontend.js	1.24 kB	+1 B (0%)
build/checkout-blocks/order-summary-shipping-frontend.js	11.2 kB	-4 B (0%)
build/checkout-blocks/shipping-address-frontend.js	4.14 kB	-2 B (0%)
build/checkout-blocks/shipping-method-frontend.js	2.6 kB	-1 B (0%)
build/checkout-frontend.js	30.5 kB	+2 B (0%)
build/mini-cart-component-frontend.js	28 kB	-2 B (0%)
build/mini-cart-contents-block/footer-frontend.js	2.86 kB	+1 B (0%)
build/price-filter-frontend.js	13.9 kB	+24 B (0%)
build/price-filter-wrapper-frontend.js	7 kB	+15 B (0%)
build/price-filter.js	8.4 kB	+20 B (0%)
build/product-button-frontend.js	2.22 kB	+1 B (0%)
build/product-image-frontend.js	2.22 kB	+1 B (0%)
build/product-price-frontend.js	2.38 kB	-1 B (0%)
build/product-title-frontend.js	1.65 kB	+3 B (0%)
build/rating-filter-frontend.js	20.9 kB	+30 B (0%)
build/rating-filter-wrapper-frontend.js	5.64 kB	+25 B (0%)
build/rating-filter.js	7.44 kB	+26 B (0%)
build/reviews-frontend.js	7.13 kB	-1 B (0%)
build/single-product-frontend.js	17.9 kB	-1 B (0%)
build/stock-filter-frontend.js	21.1 kB	+23 B (0%)
build/stock-filter-wrapper-frontend.js	3.16 kB	+5 B (0%)
build/stock-filter.js	8.16 kB	+27 B (0%)
build/vendors--attribute-filter-wrapper--cart-blocks/cart-cross-sells-products--cart-blocks/order-summary--82e4ed06-frontend.js	6.86 kB	+1 B (0%)
build/vendors--attribute-filter-wrapper--rating-filter-wrapper--stock-filter-wrapper-frontend.js	7.69 kB	-1 B (0%)

ℹ️ View Unchanged

Filename	Size
build/all-products.js	37.7 kB
build/all-reviews.js	7.66 kB
build/blocks-checkout.js	43.9 kB
build/breadcrumbs.js	2.04 kB
build/cart-blocks/cart-cross-sells-frontend.js	253 B
build/cart-blocks/cart-express-payment-frontend.js	720 B
build/cart-blocks/cart-items-frontend.js	302 B
build/cart-blocks/cart-line-items--mini-cart-contents-block/products-table-frontend.js	5.36 kB
build/cart-blocks/cart-line-items-frontend.js	1.07 kB
build/cart-blocks/cart-order-summary-frontend.js	1.24 kB
build/cart-blocks/cart-totals-frontend.js	307 B
build/cart-blocks/empty-cart-frontend.js	346 B
build/cart-blocks/filled-cart-frontend.js	654 B
build/cart-blocks/order-summary-discount-frontend.js	2.12 kB
build/cart-blocks/order-summary-fee-frontend.js	274 B
build/cart-blocks/order-summary-subtotal-frontend.js	275 B
build/cart-blocks/order-summary-taxes-frontend.js	434 B
build/cart-frontend.js	29 kB
build/cart.js	48 kB
build/catalog-sorting.js	1.7 kB
build/checkout-blocks/fields-frontend.js	330 B
build/checkout-blocks/order-summary-cart-items-frontend.js	3.68 kB
build/checkout-blocks/order-summary-coupon-form-frontend.js	1.79 kB
build/checkout-blocks/order-summary-discount-frontend.js	2.29 kB
build/checkout-blocks/order-summary-fee-frontend.js	277 B
build/checkout-blocks/order-summary-subtotal-frontend.js	275 B
build/checkout-blocks/order-summary-taxes-frontend.js	435 B
build/checkout-blocks/payment-frontend.js	8.43 kB
build/checkout-blocks/pickup-options-frontend.js	4.04 kB
build/checkout-blocks/shipping-methods-frontend.js	5.26 kB
build/checkout-blocks/terms-frontend.js	1.56 kB
build/checkout-blocks/totals-frontend.js	310 B
build/checkout.js	45.6 kB
build/customer-account.js	3.17 kB
build/featured-category.js	14 kB
build/featured-product.js	14.2 kB
build/filter-wrapper-frontend.js	14.1 kB
build/filter-wrapper.js	2.4 kB
build/general-style-rtl.css	1.31 kB
build/general-style.css	1.31 kB
build/handpicked-products.js	7.91 kB
build/legacy-template.js	5.32 kB
build/mini-cart-contents-block/empty-cart-frontend.js	360 B
build/mini-cart-contents-block/filled-cart-frontend.js	268 B
build/mini-cart-contents-block/items-frontend.js	237 B
build/mini-cart-contents-block/products-table-frontend.js	589 B
build/mini-cart-contents-block/shopping-button-frontend.js	572 B
build/mini-cart-contents-block/title-frontend.js	367 B
build/mini-cart-contents.js	16.9 kB
build/mini-cart-frontend.js	2.02 kB
build/mini-cart.js	4.49 kB
build/price-format.js	1.19 kB
build/product-add-to-cart--product-button--product-category-list--product-image--product-price--product-r--a0326d00.js	253 B
build/product-add-to-cart--product-button--product-image--product-rating--product-title.js	151 B
build/product-add-to-cart-frontend.js	6.69 kB
build/product-add-to-cart.js	8.62 kB
build/product-best-sellers.js	8.25 kB
build/product-button--product-category-list--product-image--product-price--product-rating--product-sale-b--e17c7c01.js	500 B
build/product-button--product-image--product-price--product-rating--product-sale-badge--product-title.js	262 B
build/product-button.js	4.01 kB
build/product-categories.js	2.36 kB
build/product-category-list-frontend.js	1.19 kB
build/product-category-list.js	502 B
build/product-category.js	9.24 kB
build/product-image.js	4.11 kB
build/product-new.js	8.25 kB
build/product-on-sale.js	8.58 kB
build/product-price.js	1.64 kB
build/product-query.js	11 kB
build/product-rating-frontend.js	1.65 kB
build/product-rating.js	919 B
build/product-results-count.js	1.65 kB
build/product-sale-badge-frontend.js	1.45 kB
build/product-sale-badge.js	820 B
build/product-search.js	2.63 kB
build/product-sku-frontend.js	707 B
build/product-sku.js	452 B
build/product-stock-indicator-frontend.js	1.32 kB
build/product-stock-indicator.js	646 B
build/product-summary-frontend.js	1.58 kB
build/product-summary.js	920 B
build/product-tag-list-frontend.js	1.18 kB
build/product-tag-list.js	498 B
build/product-tag.js	8.73 kB
build/product-title.js	3.48 kB
build/product-top-rated.js	8.48 kB
build/products-by-attribute.js	9.58 kB
build/reviews-by-category.js	11.9 kB
build/reviews-by-product.js	13 kB
build/single-product.js	10.6 kB
build/store-notices.js	1.69 kB
build/vendors--cart-blocks/cart-cross-sells-products--cart-blocks/cart-line-items--cart-blocks/cart-order--3c5fe802-frontend.js	5.26 kB
build/vendors--cart-blocks/cart-cross-sells-products--cart-blocks/order-summary-shipping--checkout-blocks--18f9376a-frontend.js	19.4 kB
build/vendors--cart-blocks/cart-cross-sells-products--product-add-to-cart-frontend.js	7.26 kB
build/vendors--cart-blocks/cart-line-items--checkout-blocks/order-summary-cart-items--mini-cart-contents---233ab542-frontend.js	3.14 kB
build/vendors--cart-blocks/order-summary-shipping--checkout-blocks/order-summary-shipping--checkout-block--24d3fc0c-frontend.js	8.24 kB
build/vendors--checkout-blocks/billing-address--checkout-blocks/shipping-address-frontend.js	5.44 kB
build/vendors--checkout-blocks/shipping-method-frontend.js	12 kB
build/wc-blocks-data.js	21.8 kB
build/wc-blocks-editor-style-rtl.css	5.82 kB
build/wc-blocks-editor-style.css	5.82 kB
build/wc-blocks-google-analytics.js	1.56 kB
build/wc-blocks-middleware.js	930 B
build/wc-blocks-registry.js	3.15 kB
build/wc-blocks-shared-context.js	1.52 kB
build/wc-blocks-shared-hocs.js	1.73 kB
build/wc-blocks-style-rtl.css	26.9 kB
build/wc-blocks-style.css	26.9 kB
build/wc-blocks-vendors-style-rtl.css	1.96 kB
build/wc-blocks-vendors-style.css	1.96 kB
build/wc-blocks-vendors.js	64.4 kB
build/wc-blocks.js	2.63 kB
build/wc-payment-method-bacs.js	816 B
build/wc-payment-method-cheque.js	811 B
build/wc-payment-method-cod.js	909 B
build/wc-payment-method-paypal.js	837 B
build/wc-settings.js	2.6 kB
build/wc-shipping-method-pickup-location.js	29.9 kB
build/woo-directives-runtime.js	2.73 kB
build/woo-directives-vendors.js	7.91 kB

_{compressed-size-action}

[nefeline]

Hey @kmanijak ! Regarding:

Go to Appearance -> Widgets
Add there Filter by Stock, Filter by Rating, Active Filters and Search blocks

Do you mind clarifying in which widget these filters should be added? I added them to the Footer widget (which seems to be the correct one based on your follow-up instruction on item number 5), but when I click on search, none of the filter blocks are rendered.

[kmanijak]

Do you mind clarifying in which widget these filters should be added? I added them to the Footer widget (which seems to be the correct one based on your follow-up instruction on item number 5), but when I click on search, none of the filter blocks are rendered.

I made a mistake and wrote to add a Search block, while it has to be a Product Search block which would then show a product result search where filters appear. I'm editing the testing steps. Apologies!

[nefeline]

I made a mistake and wrote to add a Search block, while it has to be a Product Search block which would then show a product result search where filters appear. I'm editing the testing steps. Apologies!

No worries, thanks for clarifying!

Great work here 🎉 ! I can confirm things are working as expected.

Test Results:

Enable TT1 theme
Go to Appearance -> Widgets
Add there Filter by Stock, Filter by Rating, Active Filters and Product Search blocks
Save and go to your store's shop
Your blocks should be available in the footer

✅ Confirmed these blocks are visible in the footer of my shop (the Active filters block is rendered only when a filter is active):

Input in the search term: ' and then some other random terms including letters, numbers, white space, special characters
Expected: there's no endless redirections

✅ Confirmed the search works as expected with no infinite loops.

Screen.Recording.2023-03-22.at.10.00.11.mov

Click on some filters to Filter by Stock and Filter by Rating and confirm there's no redirection loop

✅ Confirmed there's no redirection loop when the filters are used. Sidenote: I noticed that the filter by rating is redirecting to the single product template after search; unsure if this is expected or not, but documenting it just in case:

Screen.Recording.2023-03-22.at.10.03.47.mov

Regarding:

When reviewing please focus on possible security concerns.

I can't think of any potential security issues by adopting this approach, but I would recommend reaching out for a second opinion just in case 👍

[danielwrobert]

This also tests as described for me. Also ran the added unit tests to confirm everything is passing.

I don't see any security issues that jump out at me here either.

Everything LGTM! 🚀