fix: Backend validation of phone numbers all over the plugin

getdokan · Aug 18, 2023 · 22a45b0 · 22a45b0
1 parent e188af2
commit 22a45b0
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 6 deletions.
diff --git a/includes/Admin/UserProfile.php b/includes/Admin/UserProfile.php
@@ -561,7 +561,7 @@ public function save_meta_fields( $user_id ) {
         $store_settings['banner']     = isset( $_POST['dokan_banner'] ) ? intval( $_POST['dokan_banner'] ) : '';
         $store_settings['store_name'] = isset( $_POST['dokan_store_name'] ) ? sanitize_text_field( wp_unslash( $_POST['dokan_store_name'] ) ) : '';
         $store_settings['address']    = isset( $_POST['dokan_store_address'] ) ? array_map( 'sanitize_text_field', wp_unslash( $_POST['dokan_store_address'] ) ) : [];
-        $store_settings['phone']      = isset( $_POST['dokan_store_phone'] ) ? sanitize_text_field( wp_unslash( $_POST['dokan_store_phone'] ) ) : '';
+        $store_settings['phone']      = isset( $_POST['dokan_store_phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['dokan_store_phone'] ) ) : '';
 
         // social settings
         $social        = isset( $_POST['dokan_social'] ) ? array_map( 'esc_url_raw', (array) wp_unslash( $_POST['dokan_social'] ) ) : [];

diff --git a/includes/Dashboard/Templates/Settings.php b/includes/Dashboard/Templates/Settings.php
@@ -614,7 +614,7 @@ public function insert_settings_info() {
                 'location'                 => $location,
                 'find_address'             => $find_address,
                 'banner'                   => isset( $_POST['dokan_banner'] ) ? absint( $_POST['dokan_banner'] ) : 0,
-                'phone'                    => isset( $_POST['setting_phone'] ) ? sanitize_text_field( wp_unslash( $_POST['setting_phone'] ) ) : 'no',
+                'phone'                    => isset( $_POST['setting_phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['setting_phone'] ) ) : 'no',
                 'show_email'               => isset( $_POST['setting_show_email'] ) ? sanitize_text_field( wp_unslash( $_POST['setting_show_email'] ) ) : 'no',
                 'show_more_ptab'           => isset( $_POST['setting_show_more_ptab'] ) ? sanitize_text_field( wp_unslash( $_POST['setting_show_more_ptab'] ) ) : 'no',
                 'gravatar'                 => isset( $_POST['dokan_gravatar'] ) ? absint( $_POST['dokan_gravatar'] ) : 0,

diff --git a/includes/Frontend/MyAccount/BecomeAVendor.php b/includes/Frontend/MyAccount/BecomeAVendor.php
@@ -116,7 +116,7 @@ public function become_a_seller_form_handler() {
                 'lname'    => isset( $_POST['lname'] ) ? sanitize_text_field( wp_unslash( $_POST['lname'] ) ) : '',
                 'shopname' => isset( $_POST['shopname'] ) ? sanitize_text_field( wp_unslash( $_POST['shopname'] ) ) : '',
                 'address'  => isset( $_POST['address'] ) ? sanitize_text_field( wp_unslash( $_POST['address'] ) ) : '',
-                'phone'    => isset( $_POST['phone'] ) ? sanitize_text_field( wp_unslash( $_POST['phone'] ) ) : '',
+                'phone'    => isset( $_POST['phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['phone'] ) ) : '',
                 'shopurl'  => isset( $_POST['shopurl'] ) ? sanitize_text_field( wp_unslash( $_POST['shopurl'] ) ) : '',
             ]
         );

diff --git a/includes/Registration.php b/includes/Registration.php
@@ -146,7 +146,7 @@ public function save_vendor_info( $user_id, $data ) {
             'social'         => $social_profiles,
             'payment'        => [],
             'address'        => isset( $_POST['dokan_address'] ) ? wc_clean( wp_unslash( $_POST['dokan_address'] ) ) : '',
-            'phone'          => isset( $_POST['phone'] ) ? sanitize_text_field( wp_unslash( $_POST['phone'] ) ) : '',
+            'phone'          => isset( $_POST['phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['phone'] ) ) : '',
             'show_email'     => 'no',
             'location'       => '',
             'find_address'   => '',

diff --git a/includes/functions.php b/includes/functions.php
@@ -4580,7 +4580,7 @@ function dokan_apply_bulk_order_status_change( $postdata ) {
  * @return string
  */
 function dokan_sanitize_phone_number( $phone ) {
-    return filter_var( $phone, FILTER_SANITIZE_NUMBER_INT );
+	return preg_replace( '/[^0-9()._+-]/', '', $phone );
 }
 
 /**

diff --git a/includes/template-tags.php b/includes/template-tags.php
@@ -970,7 +970,7 @@ function dokan_get_seller_registration_form_data() {
             'lname'    => isset( $_POST['lname'] ) ? sanitize_text_field( wp_unslash( $_POST['lname'] ) ) : '',
             'username' => isset( $_POST['username'] ) ? sanitize_user( wp_unslash( $_POST['username'] ) ) : '',
             'email'    => isset( $_POST['email'] ) ? sanitize_email( wp_unslash( $_POST['email'] ) ) : '',
-            'phone'    => isset( $_POST['phone'] ) ? sanitize_text_field( wp_unslash( $_POST['phone'] ) ) : '',
+            'phone'    => isset( $_POST['phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['phone'] ) ) : '',
             'password' => isset( $_POST['password'] ) ? wp_unslash( $_POST['password'] ) : '', // phpcs:ignore
             'shopname' => isset( $_POST['shopname'] ) ? sanitize_text_field( wp_unslash( $_POST['shopname'] ) ) : '',
             'shopurl'  => isset( $_POST['shopurl'] ) ? sanitize_title( wp_unslash( $_POST['shopurl'] ) ) : '',