wc_sanitize_coupon_code()
Sanitize a coupon code.
Uses sanitize_post_field since coupon codes are stored as post_titles - the sanitization and escaping must match.
Due to the unfiltered_html captability that some (admin) users have, we need to account for slashes.
The html_entity_decode() call handles coupon codes that contain special characters like ampersands (&), quotes ("), and other HTML entities. Without this decoding step, coupon codes with special characters would fail to match during application, causing legitimate coupons to be rejected.
Хуков нет.
Возвращает
Строку.
Использование
wc_sanitize_coupon_code( $value );
- $value(строка) (обязательный)
- Coupon code to format.
Заметки
- Смотрите: WC_Cart_Test::test_coupon_codes_with_special_characters
Список изменений
| С версии 3.6.0 | Введена. |
| С версии 10.0.0 | Decode HTML entities here instead of via woocommerce_coupon_code filter. |
Код wc_sanitize_coupon_code() wc sanitize coupon code WC 10.3.4
function wc_sanitize_coupon_code( $value ) {
$value = wp_kses( sanitize_post_field( 'post_title', html_entity_decode( $value ?? '', ENT_COMPAT, get_bloginfo( 'charset' ) ), 0, 'db' ), 'entities' );
return current_user_can( 'unfiltered_html' ) ? $value : stripslashes( $value );
}