Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

☎️ enhance: Backend validation of phone numbers all over the plugin #1969

Merged
merged 5 commits into from
Sep 25, 2023
Merged

☎️ enhance: Backend validation of phone numbers all over the plugin #1969

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
22a45b0
fix: Backend validation of phone numbers all over the plugin
devAsadNur Aug 18, 2023
82a71ec
enhance: Integration of phone number validator on admin dashboard ven…
devAsadNur Aug 18, 2023
2d0139d
update: Optimized phone validator component with regex
devAsadNur Aug 18, 2023
2fd4736
new: Added dokan_sanitize_phone_number() method to the phpcs.xml file
devAsadNur Aug 30, 2023
84cdff4
Merge branch 'develop' into enhance/backend-validation-of-phone-numbe…
devAsadNur Sep 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion includes/Admin/UserProfile.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,11 +53,11 @@
* @return void|false
*/
public function add_meta_fields( $user ) {
if ( ! current_user_can( 'manage_woocommerce' ) ) {

Check warning on line 56 in includes/Admin/UserProfile.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Found unknown capability "manage_woocommerce" in function call to current_user_can(). Please check the spelling of the capability. If this is a custom capability, please verify the capability is registered with WordPress via a call to WP_Role(s)->add_cap().
Custom capabilities can be made known to this sniff by setting the "custom_capabilities" property in the PHPCS ruleset.
return;
}

if ( ! user_can( $user, 'dokandar' ) ) {

Check warning on line 60 in includes/Admin/UserProfile.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Found unknown capability "dokandar" in function call to user_can(). Please check the spelling of the capability. If this is a custom capability, please verify the capability is registered with WordPress via a call to WP_Role(s)->add_cap().
Custom capabilities can be made known to this sniff by setting the "custom_capabilities" property in the PHPCS ruleset.
return;
}

Expand Down Expand Up @@ -117,7 +117,7 @@
<a href="#" class="dokan-banner-drag button button-primary"><?php esc_html_e( 'Upload banner', 'dokan-lite' ); ?></a>
<p class="description">
<?php
echo sprintf(

Check failure on line 120 in includes/Admin/UserProfile.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Unnecessary "echo sprintf(...)" found. Use "printf(...)" instead.
/* translators: %1$s: banner width, %2$s: banner height in integers */
esc_attr__( 'Upload a banner for your store. Banner size is (%1$sx%2$s) pixels.', 'dokan-lite' ),
esc_attr( $banner_width ),
Expand Down Expand Up @@ -539,7 +539,7 @@
* @return void
*/
public function save_meta_fields( $user_id ) {
if ( ! current_user_can( 'manage_woocommerce' ) ) {

Check warning on line 542 in includes/Admin/UserProfile.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Found unknown capability "manage_woocommerce" in function call to current_user_can(). Please check the spelling of the capability. If this is a custom capability, please verify the capability is registered with WordPress via a call to WP_Role(s)->add_cap().
Custom capabilities can be made known to this sniff by setting the "custom_capabilities" property in the PHPCS ruleset.
return;
}

Expand All @@ -561,7 +561,7 @@
$store_settings['banner'] = isset( $_POST['dokan_banner'] ) ? intval( $_POST['dokan_banner'] ) : '';
$store_settings['store_name'] = isset( $_POST['dokan_store_name'] ) ? sanitize_text_field( wp_unslash( $_POST['dokan_store_name'] ) ) : '';
$store_settings['address'] = isset( $_POST['dokan_store_address'] ) ? array_map( 'sanitize_text_field', wp_unslash( $_POST['dokan_store_address'] ) ) : [];
$store_settings['phone'] = isset( $_POST['dokan_store_phone'] ) ? sanitize_text_field( wp_unslash( $_POST['dokan_store_phone'] ) ) : '';
$store_settings['phone'] = isset( $_POST['dokan_store_phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['dokan_store_phone'] ) ) : '';

Check failure on line 564 in includes/Admin/UserProfile.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Detected usage of a non-sanitized input variable: $_POST['dokan_store_phone']

// social settings
$social = isset( $_POST['dokan_social'] ) ? array_map( 'esc_url_raw', (array) wp_unslash( $_POST['dokan_social'] ) ) : [];
Expand Down
2 changes: 1 addition & 1 deletion includes/Dashboard/Templates/Settings.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@
}

// check if user have permission to view settings page
if ( ! current_user_can( 'dokan_view_store_settings_menu' ) ) {

Check warning on line 134 in includes/Dashboard/Templates/Settings.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Found unknown capability "dokan_view_store_settings_menu" in function call to current_user_can(). Please check the spelling of the capability. If this is a custom capability, please verify the capability is registered with WordPress via a call to WP_Role(s)->add_cap().
Custom capabilities can be made known to this sniff by setting the "custom_capabilities" property in the PHPCS ruleset.
dokan_get_template_part(
'global/dokan-error', '', [
'deleted' => false,
Expand Down Expand Up @@ -317,7 +317,7 @@

switch ( sanitize_text_field( wp_unslash( $_POST['form_id'] ) ) ) { // phpcs:ignore
case 'profile-form':
if ( ! current_user_can( 'dokan_view_store_social_menu' ) ) {

Check warning on line 320 in includes/Dashboard/Templates/Settings.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Found unknown capability "dokan_view_store_social_menu" in function call to current_user_can(). Please check the spelling of the capability. If this is a custom capability, please verify the capability is registered with WordPress via a call to WP_Role(s)->add_cap().
Custom capabilities can be made known to this sniff by setting the "custom_capabilities" property in the PHPCS ruleset.
wp_send_json_error( __( 'Pemission denied social', 'dokan-lite' ) );
}

Expand All @@ -329,7 +329,7 @@
break;

case 'store-form':
if ( ! current_user_can( 'dokan_view_store_settings_menu' ) ) {

Check warning on line 332 in includes/Dashboard/Templates/Settings.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Found unknown capability "dokan_view_store_settings_menu" in function call to current_user_can(). Please check the spelling of the capability. If this is a custom capability, please verify the capability is registered with WordPress via a call to WP_Role(s)->add_cap().
Custom capabilities can be made known to this sniff by setting the "custom_capabilities" property in the PHPCS ruleset.
wp_send_json_error( __( 'Pemission denied', 'dokan-lite' ) );
}

Expand All @@ -341,7 +341,7 @@
break;

case 'payment-form':
if ( ! current_user_can( 'dokan_view_store_payment_menu' ) ) {

Check warning on line 344 in includes/Dashboard/Templates/Settings.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Found unknown capability "dokan_view_store_payment_menu" in function call to current_user_can(). Please check the spelling of the capability. If this is a custom capability, please verify the capability is registered with WordPress via a call to WP_Role(s)->add_cap().
Custom capabilities can be made known to this sniff by setting the "custom_capabilities" property in the PHPCS ruleset.
wp_send_json_error( __( 'Pemission denied', 'dokan-lite' ) );
}

Expand Down Expand Up @@ -563,8 +563,8 @@

// Get & set 7 days opening & closing time for update dokan store time.
foreach ( $dokan_days as $day_key => $day ) {
$opening_time = isset( $_POST['opening_time'][ $day_key ] ) ? wc_clean( wp_unslash( $_POST['opening_time'][ $day_key ] ) ) : '';

Check failure on line 566 in includes/Dashboard/Templates/Settings.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Detected usage of a non-sanitized input variable: $_POST['opening_time'][$day_key]
$closing_time = isset( $_POST['closing_time'][ $day_key ] ) ? wc_clean( wp_unslash( $_POST['closing_time'][ $day_key ] ) ) : '';

Check failure on line 567 in includes/Dashboard/Templates/Settings.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Detected usage of a non-sanitized input variable: $_POST['closing_time'][$day_key]
$store_status = ! empty( $_POST[ $day_key ]['working_status'] ) ? sanitize_text_field( wp_unslash( $_POST[ $day_key ]['working_status'] ) ) : 'close';

// If open or closing time is array then return from here.
Expand Down Expand Up @@ -610,11 +610,11 @@
$dokan_settings = [
'store_name' => isset( $_POST['dokan_store_name'] ) ? sanitize_text_field( wp_unslash( $_POST['dokan_store_name'] ) ) : '',
'store_ppp' => isset( $_POST['dokan_store_ppp'] ) ? absint( $_POST['dokan_store_ppp'] ) : 10,
'address' => isset( $_POST['dokan_address'] ) ? wc_clean( wp_unslash( $_POST['dokan_address'] ) ) : $prev_dokan_settings['address'],

Check failure on line 613 in includes/Dashboard/Templates/Settings.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Detected usage of a non-sanitized input variable: $_POST['dokan_address']
'location' => $location,
'find_address' => $find_address,
'banner' => isset( $_POST['dokan_banner'] ) ? absint( $_POST['dokan_banner'] ) : 0,
'phone' => isset( $_POST['setting_phone'] ) ? sanitize_text_field( wp_unslash( $_POST['setting_phone'] ) ) : 'no',
'phone' => isset( $_POST['setting_phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['setting_phone'] ) ) : 'no',

Check failure on line 617 in includes/Dashboard/Templates/Settings.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Detected usage of a non-sanitized input variable: $_POST['setting_phone']
'show_email' => isset( $_POST['setting_show_email'] ) ? sanitize_text_field( wp_unslash( $_POST['setting_show_email'] ) ) : 'no',
'show_more_ptab' => isset( $_POST['setting_show_more_ptab'] ) ? sanitize_text_field( wp_unslash( $_POST['setting_show_more_ptab'] ) ) : 'no',
'gravatar' => isset( $_POST['dokan_gravatar'] ) ? absint( $_POST['dokan_gravatar'] ) : 0,
Expand All @@ -635,7 +635,7 @@
];

if ( isset( $_POST['settings']['bank'] ) ) {
$bank = wc_clean( wp_unslash( $_POST['settings']['bank'] ) );

Check failure on line 638 in includes/Dashboard/Templates/Settings.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Detected usage of a non-sanitized input variable: $_POST['settings']['bank']

$dokan_settings['payment']['bank'] = [
'ac_name' => $bank['ac_name'],
Expand Down Expand Up @@ -823,7 +823,7 @@
*
* @return string
*/
public function get_method_frontend_title( $title, $method ) {

Check warning on line 826 in includes/Dashboard/Templates/Settings.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

The method parameter $method is never used
if ( 0 === stripos( $title, 'Dokan ' ) ) {
return substr( $title, 6 );
}
Expand Down
2 changes: 1 addition & 1 deletion includes/Frontend/MyAccount/BecomeAVendor.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -116,7 +116,7 @@
'lname' => isset( $_POST['lname'] ) ? sanitize_text_field( wp_unslash( $_POST['lname'] ) ) : '',
'shopname' => isset( $_POST['shopname'] ) ? sanitize_text_field( wp_unslash( $_POST['shopname'] ) ) : '',
'address' => isset( $_POST['address'] ) ? sanitize_text_field( wp_unslash( $_POST['address'] ) ) : '',
'phone' => isset( $_POST['phone'] ) ? sanitize_text_field( wp_unslash( $_POST['phone'] ) ) : '',
'phone' => isset( $_POST['phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['phone'] ) ) : '',

Check failure on line 119 in includes/Frontend/MyAccount/BecomeAVendor.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Detected usage of a non-sanitized input variable: $_POST['phone']
'shopurl' => isset( $_POST['shopurl'] ) ? sanitize_text_field( wp_unslash( $_POST['shopurl'] ) ) : '',
]
);
Expand Down
2 changes: 1 addition & 1 deletion includes/Registration.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,8 +145,8 @@
'store_name' => isset( $_POST['shopname'] ) ? sanitize_text_field( wp_unslash( $_POST['shopname'] ) ) : '',
'social' => $social_profiles,
'payment' => [],
'address' => isset( $_POST['dokan_address'] ) ? wc_clean( wp_unslash( $_POST['dokan_address'] ) ) : '',

Check failure on line 148 in includes/Registration.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Detected usage of a non-sanitized input variable: $_POST['dokan_address']
'phone' => isset( $_POST['phone'] ) ? sanitize_text_field( wp_unslash( $_POST['phone'] ) ) : '',
'phone' => isset( $_POST['phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['phone'] ) ) : '',

Check failure on line 149 in includes/Registration.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Detected usage of a non-sanitized input variable: $_POST['phone']
'show_email' => 'no',
'location' => '',
'find_address' => '',
Expand Down
2 changes: 1 addition & 1 deletion includes/functions.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
* @return int
*/
function dokan_get_current_user_id() {
if ( current_user_can( 'vendor_staff' ) ) {

Check warning on line 36 in includes/functions.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

Found unknown capability "vendor_staff" in function call to current_user_can(). Please check the spelling of the capability. If this is a custom capability, please verify the capability is registered with WordPress via a call to WP_Role(s)->add_cap().
Custom capabilities can be made known to this sniff by setting the "custom_capabilities" property in the PHPCS ruleset.
$staff_id = get_current_user_id();
$vendor_id = (int) get_user_meta( $staff_id, '_vendor_id', true );

Expand Down Expand Up @@ -4190,7 +4190,7 @@
* @return string
*/
function dokan_sanitize_phone_number( $phone ) {
return filter_var( $phone, FILTER_SANITIZE_NUMBER_INT );
return preg_replace( '/[^0-9()._+-]/', '', $phone );
}

/**
Expand Down
3 changes: 2 additions & 1 deletion includes/template-tags.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -657,7 +657,7 @@
*
* @return void
*/
function dokan_store_category_menu( $seller_id, $title = '' ) {

Check warning on line 660 in includes/template-tags.php

View workflow job for this annotation

GitHub Actions / Run PHPCS inspection 

The method parameter $title is never used
?>
<div class="store-cat-stack-dokan cat-drop-stack">
<?php
Expand Down Expand Up @@ -975,7 +975,8 @@
'lname' => isset( $_POST['lname'] ) ? sanitize_text_field( wp_unslash( $_POST['lname'] ) ) : '',
'username' => isset( $_POST['username'] ) ? sanitize_user( wp_unslash( $_POST['username'] ) ) : '',
'email' => isset( $_POST['email'] ) ? sanitize_email( wp_unslash( $_POST['email'] ) ) : '',
'phone' => isset( $_POST['phone'] ) ? sanitize_text_field( wp_unslash( $_POST['phone'] ) ) : '',
'phone' => isset( $_POST['phone'] ) ? dokan_sanitize_phone_number( wp_unslash( $_POST['phone'] ) ) : '',
'password' => isset( $_POST['password'] ) ? wp_unslash( $_POST['password'] ) : '', // phpcs:ignore
'shopname' => isset( $_POST['shopname'] ) ? sanitize_text_field( wp_unslash( $_POST['shopname'] ) ) : '',
'shopurl' => isset( $_POST['shopurl'] ) ? sanitize_title( wp_unslash( $_POST['shopurl'] ) ) : '',
];
Expand Down
3 changes: 3 additions & 0 deletions phpcs.xml.dist
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,9 @@
<property name="customSanitizingFunctions" type="array">
<element value="wc_clean"/>
</property>
<property name="customSanitizingFunctions" type="string">
<element value="dokan_sanitize_phone_number"/>
</property>
</properties>
</rule>
<rule ref="Squiz.PHP.CommentedOutCode.Found">
Expand Down
7 changes: 5 additions & 2 deletions src/admin/pages/VendorAccountFields.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@

<div class="column">
<label for="store-phone">{{ __( 'Phone Number', 'dokan-lite') }}</label>
<input type="number" id="store-phone" class="dokan-form-input" v-model="vendorInfo.phone" :placeholder="__( '123456789', 'dokan-lite')">
<input type="text" id="store-phone" class="dokan-form-input" v-model="vendorInfo.phone" @input.prevent="validatePhoneInput" :placeholder="__( '+123456789', 'dokan-lite' )">
</div>

<div class="column">
Expand Down Expand Up @@ -374,8 +374,11 @@ export default {
let height = dokan.store_banner_dimension.height;

return this.__( `Upload banner for your store. Banner size is (${width}x${height}) pixels.`, 'dokan-lite' );
}
},

validatePhoneInput( event ) {
this.vendorInfo.phone = this.vendorInfo.phone.replace( /[^0-9\\.\-\_\(\)\+]+/g, '' );
}
}
};
</script>
Loading