From 22a45b0393c7d78cce19e9ce1cf455807ba9b042 Mon Sep 17 00:00:00 2001
From: Asad Nur <asaduzzamannur.dev@gmail.com>
Date: Fri, 18 Aug 2023 08:53:57 +0600
Subject: [PATCH 1/4] fix: Backend validation of phone numbers all over the
 plugin

---
 includes/Admin/UserProfile.php                | 2 +-
 includes/Dashboard/Templates/Settings.php     | 2 +-
 includes/Frontend/MyAccount/BecomeAVendor.php | 2 +-
 includes/Registration.php                     | 2 +-
 includes/functions.php                        | 2 +-
 includes/template-tags.php                    | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/includes/Admin/UserProfile.php b/includes/Admin/UserProfile.php
index 3df81deaad..00a86458f6 100755
--- a/includes/Admin/UserProfile.php
+++ b/includes/Admin/UserProfile.php
@@ -561,7 +561,7 @@ public function save_meta_fields( $user_id ) {
         $store_settings['banner']     = isset( $_POST['dokan_banner'] ) ? intval( $_POST['dokan_banner'] ) : '';
         $store_settings['store_name'] = isset( $_POST['dokan_store_name'] ) ? sanitize_text_field( wp_unslash( $_POST['dokan_store_name'] ) ) : '';
         $store_settings['address']    = isset( $_POST['dokan_store_address'] ) ? array_map( 'sanitize_text_field', wp_unslash( $_POST['dokan_store_address'] ) ) : [];
-        $store_settings['phone']      = isset( $_POST['dokan_store_phone'] ) ? sanitize_text_field( wp_unslash( $_POST['dokan_store_phone'] ) ) : '';
+        $store_settings['phone']      = isset( $_POST['dokan_store_phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['dokan_store_phone'] ) ) : '';
 
         // social settings
         $social        = isset( $_POST['dokan_social'] ) ? array_map( 'esc_url_raw', (array) wp_unslash( $_POST['dokan_social'] ) ) : [];
diff --git a/includes/Dashboard/Templates/Settings.php b/includes/Dashboard/Templates/Settings.php
index 5e2f7e0799..dc96c5ceab 100644
--- a/includes/Dashboard/Templates/Settings.php
+++ b/includes/Dashboard/Templates/Settings.php
@@ -614,7 +614,7 @@ public function insert_settings_info() {
                 'location'                 => $location,
                 'find_address'             => $find_address,
                 'banner'                   => isset( $_POST['dokan_banner'] ) ? absint( $_POST['dokan_banner'] ) : 0,
-                'phone'                    => isset( $_POST['setting_phone'] ) ? sanitize_text_field( wp_unslash( $_POST['setting_phone'] ) ) : 'no',
+                'phone'                    => isset( $_POST['setting_phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['setting_phone'] ) ) : 'no',
                 'show_email'               => isset( $_POST['setting_show_email'] ) ? sanitize_text_field( wp_unslash( $_POST['setting_show_email'] ) ) : 'no',
                 'show_more_ptab'           => isset( $_POST['setting_show_more_ptab'] ) ? sanitize_text_field( wp_unslash( $_POST['setting_show_more_ptab'] ) ) : 'no',
                 'gravatar'                 => isset( $_POST['dokan_gravatar'] ) ? absint( $_POST['dokan_gravatar'] ) : 0,
diff --git a/includes/Frontend/MyAccount/BecomeAVendor.php b/includes/Frontend/MyAccount/BecomeAVendor.php
index 81ce61fdd4..f29e6bccf0 100644
--- a/includes/Frontend/MyAccount/BecomeAVendor.php
+++ b/includes/Frontend/MyAccount/BecomeAVendor.php
@@ -116,7 +116,7 @@ public function become_a_seller_form_handler() {
                 'lname'    => isset( $_POST['lname'] ) ? sanitize_text_field( wp_unslash( $_POST['lname'] ) ) : '',
                 'shopname' => isset( $_POST['shopname'] ) ? sanitize_text_field( wp_unslash( $_POST['shopname'] ) ) : '',
                 'address'  => isset( $_POST['address'] ) ? sanitize_text_field( wp_unslash( $_POST['address'] ) ) : '',
-                'phone'    => isset( $_POST['phone'] ) ? sanitize_text_field( wp_unslash( $_POST['phone'] ) ) : '',
+                'phone'    => isset( $_POST['phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['phone'] ) ) : '',
                 'shopurl'  => isset( $_POST['shopurl'] ) ? sanitize_text_field( wp_unslash( $_POST['shopurl'] ) ) : '',
             ]
         );
diff --git a/includes/Registration.php b/includes/Registration.php
index 1f492c0e80..939f72a466 100644
--- a/includes/Registration.php
+++ b/includes/Registration.php
@@ -146,7 +146,7 @@ public function save_vendor_info( $user_id, $data ) {
             'social'         => $social_profiles,
             'payment'        => [],
             'address'        => isset( $_POST['dokan_address'] ) ? wc_clean( wp_unslash( $_POST['dokan_address'] ) ) : '',
-            'phone'          => isset( $_POST['phone'] ) ? sanitize_text_field( wp_unslash( $_POST['phone'] ) ) : '',
+            'phone'          => isset( $_POST['phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['phone'] ) ) : '',
             'show_email'     => 'no',
             'location'       => '',
             'find_address'   => '',
diff --git a/includes/functions.php b/includes/functions.php
index 88f474add5..22abb4511b 100755
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -4580,7 +4580,7 @@ function dokan_apply_bulk_order_status_change( $postdata ) {
  * @return string
  */
 function dokan_sanitize_phone_number( $phone ) {
-    return filter_var( $phone, FILTER_SANITIZE_NUMBER_INT );
+	return preg_replace( '/[^0-9()._+-]/', '', $phone );
 }
 
 /**
diff --git a/includes/template-tags.php b/includes/template-tags.php
index 06afa1f014..ded8a67a84 100755
--- a/includes/template-tags.php
+++ b/includes/template-tags.php
@@ -970,7 +970,7 @@ function dokan_get_seller_registration_form_data() {
             'lname'    => isset( $_POST['lname'] ) ? sanitize_text_field( wp_unslash( $_POST['lname'] ) ) : '',
             'username' => isset( $_POST['username'] ) ? sanitize_user( wp_unslash( $_POST['username'] ) ) : '',
             'email'    => isset( $_POST['email'] ) ? sanitize_email( wp_unslash( $_POST['email'] ) ) : '',
-            'phone'    => isset( $_POST['phone'] ) ? sanitize_text_field( wp_unslash( $_POST['phone'] ) ) : '',
+            'phone'    => isset( $_POST['phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['phone'] ) ) : '',
             'password' => isset( $_POST['password'] ) ? wp_unslash( $_POST['password'] ) : '', // phpcs:ignore
             'shopname' => isset( $_POST['shopname'] ) ? sanitize_text_field( wp_unslash( $_POST['shopname'] ) ) : '',
             'shopurl'  => isset( $_POST['shopurl'] ) ? sanitize_title( wp_unslash( $_POST['shopurl'] ) ) : '',

From 82a71ec5f6db4934ebd15026b5682e43440226f8 Mon Sep 17 00:00:00 2001
From: Asad Nur <asaduzzamannur.dev@gmail.com>
Date: Fri, 18 Aug 2023 15:39:01 +0600
Subject: [PATCH 2/4] enhance: Integration of phone number validator on admin
 dashboard vendor creating form

---
 src/admin/pages/VendorAccountFields.vue | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/admin/pages/VendorAccountFields.vue b/src/admin/pages/VendorAccountFields.vue
index c4ad7a8c37..4ee6f0a883 100644
--- a/src/admin/pages/VendorAccountFields.vue
+++ b/src/admin/pages/VendorAccountFields.vue
@@ -63,7 +63,7 @@
 
                 <div class="column">
                     <label for="store-phone">{{ __( 'Phone Number', 'dokan-lite') }}</label>
-                    <input type="number" id="store-phone" class="dokan-form-input" v-model="vendorInfo.phone" :placeholder="__( '123456789', 'dokan-lite')">
+                    <input type="text" id="store-phone" class="dokan-form-input" v-model="vendorInfo.phone" @input.prevent="validatePhoneInput" :placeholder="__( '+123456789', 'dokan-lite')">
                 </div>
 
                 <div class="column">
@@ -374,8 +374,20 @@ export default {
             let height = dokan.store_banner_dimension.height;
 
             return this.__( `Upload banner for your store. Banner size is (${width}x${height}) pixels.`, 'dokan-lite' );
-        }
+        },
+
+        validatePhoneInput( event ) {
+            if ( ! event.data ) {
+                return;
+            }
+
+            const allowedChars = [ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '(', ')', '+', '-', '_', '.' ];
 
+            // If the input character is valid.
+            if ( ! allowedChars.includes( event.data.at( -1 ) ) ) {
+                this.vendorInfo.phone = this.vendorInfo.phone.slice(0, -1);
+            }
+        }
     }
 };
 </script>

From 2d0139de2cbf1bda4a4335559fdb97d1fca3d2eb Mon Sep 17 00:00:00 2001
From: Asad Nur <asaduzzamannur.dev@gmail.com>
Date: Fri, 18 Aug 2023 17:04:56 +0600
Subject: [PATCH 3/4] update: Optimized phone validator component with regex

---
 src/admin/pages/VendorAccountFields.vue | 13 ++-----------
 1 file changed, 2 insertions(+), 11 deletions(-)

diff --git a/src/admin/pages/VendorAccountFields.vue b/src/admin/pages/VendorAccountFields.vue
index 4ee6f0a883..363f9fbc81 100644
--- a/src/admin/pages/VendorAccountFields.vue
+++ b/src/admin/pages/VendorAccountFields.vue
@@ -63,7 +63,7 @@
 
                 <div class="column">
                     <label for="store-phone">{{ __( 'Phone Number', 'dokan-lite') }}</label>
-                    <input type="text" id="store-phone" class="dokan-form-input" v-model="vendorInfo.phone" @input.prevent="validatePhoneInput" :placeholder="__( '+123456789', 'dokan-lite')">
+                    <input type="text" id="store-phone" class="dokan-form-input" v-model="vendorInfo.phone" @input.prevent="validatePhoneInput" :placeholder="__( '+123456789', 'dokan-lite' )">
                 </div>
 
                 <div class="column">
@@ -377,16 +377,7 @@ export default {
         },
 
         validatePhoneInput( event ) {
-            if ( ! event.data ) {
-                return;
-            }
-
-            const allowedChars = [ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '(', ')', '+', '-', '_', '.' ];
-
-            // If the input character is valid.
-            if ( ! allowedChars.includes( event.data.at( -1 ) ) ) {
-                this.vendorInfo.phone = this.vendorInfo.phone.slice(0, -1);
-            }
+            this.vendorInfo.phone = this.vendorInfo.phone.replace( /[^0-9\\.\-\_\(\)\+]+/g, '' );
         }
     }
 };

From 2fd4736571911fa6a66ec0bd79823e3a12b375c0 Mon Sep 17 00:00:00 2001
From: Asad Nur <asaduzzamannur.dev@gmail.com>
Date: Wed, 30 Aug 2023 10:27:32 +0600
Subject: [PATCH 4/4] new: Added dokan_sanitize_phone_number() method to the
 phpcs.xml file

---
 phpcs.xml.dist | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/phpcs.xml.dist b/phpcs.xml.dist
index c3b654a0fa..46785cf57c 100755
--- a/phpcs.xml.dist
+++ b/phpcs.xml.dist
@@ -128,6 +128,9 @@
             <property name="customSanitizingFunctions" type="array">
                 <element value="wc_clean"/>
             </property>
+            <property name="customSanitizingFunctions" type="string">
+                <element value="dokan_sanitize_phone_number"/>
+            </property>
         </properties>
     </rule>
     <rule ref="Squiz.PHP.CommentedOutCode.Found">