Merge pull request #1510 from woocommerce/PCP-1873-complex-form-fields

Handle complex form fields when submitting checkout form
2025-09-06 14:57:26 +08:00 · 2023-07-18 15:37:57 +02:00 · 2023-07-18 15:37:57 +02:00 · 24a40a283c
commit 24a40a283c
parent 9d906a1f4b 6694c79617
4 changed files with 29 additions and 15 deletions
--- a/modules/ppcp-button/resources/js/modules/ActionHandler/CheckoutActionHandler.js
+++ b/modules/ppcp-button/resources/js/modules/ActionHandler/CheckoutActionHandler.js
@ -50,8 +50,6 @@ class CheckoutActionHandler {

            const formSelector = this.config.context === 'checkout' ? 'form.checkout' : 'form#order_review';
            const formData = new FormData(document.querySelector(formSelector));
-            // will not handle fields with multiple values (checkboxes, <select multiple>), but we do not care about this here
-            const formJsonObj = Object.fromEntries(formData.entries());

            const createaccount = jQuery('#createaccount').is(":checked") ? true : false;

@ -72,7 +70,8 @@ class CheckoutActionHandler {
                    order_id:this.config.order_id,
                    payment_method: paymentMethod,
                    funding_source: fundingSource,
-                    form: formJsonObj,
+                    // send as urlencoded string to handle complex fields via PHP functions the same as normal form submit
+                    form_encoded: new URLSearchParams(formData).toString(),
                    createaccount: createaccount
                })
            }).then(function (res) {
--- a/modules/ppcp-button/resources/js/modules/Helper/FormValidator.js
+++ b/modules/ppcp-button/resources/js/modules/Helper/FormValidator.js
@ -6,7 +6,6 @@ export default class FormValidator {

    async validate(form) {
        const formData = new FormData(form);
-        const formJsonObj = Object.fromEntries(formData.entries());

        const res = await fetch(this.url, {
            method: 'POST',
@ -16,7 +15,7 @@ export default class FormValidator {
            credentials: 'same-origin',
            body: JSON.stringify({
                nonce: this.nonce,
-                form: formJsonObj,
+                form_encoded: new URLSearchParams(formData).toString(),
            }),
        });

--- a/modules/ppcp-button/src/Endpoint/CreateOrderEndpoint.php
+++ b/modules/ppcp-button/src/Endpoint/CreateOrderEndpoint.php
@ -166,6 +166,13 @@ class CreateOrderEndpoint implements EndpointInterface {
 	 */
 	protected $logger;

+	/**
+	 * The form data, or empty if not available.
+	 *
+	 * @var array
+	 */
+	private $form = array();
+
 	/**
 	 * CreateOrderEndpoint constructor.
 	 *
@ -282,18 +289,20 @@ class CreateOrderEndpoint implements EndpointInterface {

 			$this->set_bn_code( $data );

-			$form_fields = $data['form'] ?? null;
+			if ( isset( $data['form'] ) ) {
+				$this->form = $data['form'];
+			}

 			if ( $this->early_validation_enabled
-				&& is_array( $form_fields )
+				&& $this->form
 				&& 'checkout' === $data['context']
 				&& in_array( $payment_method, array( PayPalGateway::ID, CardButtonGateway::ID ), true )
 			) {
-				$this->validate_form( $form_fields );
+				$this->validate_form( $this->form );
 			}

-			if ( 'pay-now' === $data['context'] && is_array( $form_fields ) && get_option( 'woocommerce_terms_page_id', '' ) !== '' ) {
-				$this->validate_paynow_form( $form_fields );
+			if ( 'pay-now' === $data['context'] && $this->form && get_option( 'woocommerce_terms_page_id', '' ) !== '' ) {
+				$this->validate_paynow_form( $this->form );
 			}

 			try {
@ -516,11 +525,9 @@ class CreateOrderEndpoint implements EndpointInterface {
 			$payer = $this->payer_factory->from_paypal_response( json_decode( wp_json_encode( $data['payer'] ) ) );
 		}

-		if ( ! $payer && isset( $data['form'] ) ) {
-			$form_fields = $data['form'];
-
-			if ( is_array( $form_fields ) && isset( $form_fields['billing_email'] ) && '' !== $form_fields['billing_email'] ) {
-				return $this->payer_factory->from_checkout_form( $form_fields );
+		if ( ! $payer && $this->form ) {
+			if ( isset( $this->form['billing_email'] ) && '' !== $this->form['billing_email'] ) {
+				return $this->payer_factory->from_checkout_form( $this->form );
 			}
 		}

--- a/modules/ppcp-button/src/Endpoint/RequestData.php
+++ b/modules/ppcp-button/src/Endpoint/RequestData.php
@ -53,6 +53,11 @@ class RequestData {
 		}
 		$this->dequeue_nonce_fix();

+		if ( isset( $json['form_encoded'] ) ) {
+			$json['form'] = array();
+			parse_str( $json['form_encoded'], $json['form'] );
+		}
+
 		$sanitized = $this->sanitize( $json );
 		return $sanitized;
 	}
@ -80,6 +85,10 @@ class RequestData {
 	private function sanitize( array $assoc_array ): array {
 		$data = array();
 		foreach ( (array) $assoc_array as $raw_key => $raw_value ) {
+			if ( $raw_key === 'form_encoded' ) {
+				$data[ $raw_key ] = $raw_value;
+				continue;
+			}
 			if ( ! is_array( $raw_value ) ) {
 				// Not sure if it is a good idea to sanitize everything at this level,
 				// but should be fine for now since we do not send any HTML or multi-line texts via ajax.