Send form data as json object to fix decoding

was decoded twice, in RequestData and by parse_str
2025-09-03 08:37:53 +08:00 · 2022-06-08 15:53:30 +03:00 · 2022-06-08 15:53:30 +03:00 · fdbbe6afb3
commit fdbbe6afb3
parent 77230fefa8
3 changed files with 9 additions and 13 deletions
--- a/modules/ppcp-button/resources/js/modules/ActionHandler/CheckoutActionHandler.js
+++ b/modules/ppcp-button/resources/js/modules/ActionHandler/CheckoutActionHandler.js
@ -20,7 +20,9 @@ class CheckoutActionHandler {
            const errorHandler = this.errorHandler;

            const formSelector = this.config.context === 'checkout' ? 'form.checkout' : 'form#order_review';
-            const formValues = jQuery(formSelector).serialize();
+            const formData = new FormData(document.querySelector(formSelector));
+            // will not handle fields with multiple values (checkboxes, <select multiple>), but we do not care about this here
+            const formJsonObj = Object.fromEntries(formData);

            const createaccount = jQuery('#createaccount').is(":checked") ? true : false;

@ -34,7 +36,7 @@ class CheckoutActionHandler {
                    order_id:this.config.order_id,
                    payment_method: getCurrentPaymentMethod(),
                    funding_source: window.ppcpFundingSource,
-                    form:formValues,
+                    form: formJsonObj,
                    createaccount: createaccount
                })
            }).then(function (res) {
--- a/modules/ppcp-button/src/Endpoint/CreateOrderEndpoint.php
+++ b/modules/ppcp-button/src/Endpoint/CreateOrderEndpoint.php
@ -403,9 +403,9 @@ class CreateOrderEndpoint implements EndpointInterface {
 		}

 		if ( ! $payer && isset( $data['form'] ) ) {
-			parse_str( $data['form'], $form_fields );
+			$form_fields = $data['form'];

-			if ( isset( $form_fields['billing_email'] ) && '' !== $form_fields['billing_email'] ) {
+			if ( is_array( $form_fields ) && isset( $form_fields['billing_email'] ) && '' !== $form_fields['billing_email'] ) {
 				return $this->payer_factory->from_checkout_form( $form_fields );
 			}
 		}
--- a/modules/ppcp-button/src/Endpoint/RequestData.php
+++ b/modules/ppcp-button/src/Endpoint/RequestData.php
@ -81,15 +81,9 @@ class RequestData {
 		$data = array();
 		foreach ( (array) $assoc_array as $raw_key => $raw_value ) {
 			if ( ! is_array( $raw_value ) ) {
-				/**
-				 * The 'form' key is preserved for url encoded data and needs different
-				 * sanitization.
-				 */
-				if ( 'form' !== $raw_key ) {
-					$data[ sanitize_text_field( (string) $raw_key ) ] = sanitize_text_field( (string) $raw_value );
-				} else {
-					$data[ sanitize_text_field( (string) $raw_key ) ] = sanitize_text_field( urldecode( (string) $raw_value ) );
-				}
+				// Not sure if it is a good idea to sanitize everything at this level,
+				// but should be fine for now since we do not send any HTML or multi-line texts via ajax.
+				$data[ sanitize_text_field( (string) $raw_key ) ] = sanitize_text_field( (string) $raw_value );
 				continue;
 			}
 			$data[ sanitize_text_field( (string) $raw_key ) ] = $this->sanitize( $raw_value );