woocommerce-external-product-embed icon indicating copy to clipboard operation
woocommerce-external-product-embed copied to clipboard

Published 20 hours ago verified publisher icon WPprodigy

Sanitize the product permalink w/ esc_url_raw()

Open MoeMauhphie opened this issue 7 years ago • 9 comments
trafficstars

Hi there,

Thanks for this awesome plugin. I installed it today and it looks great. The only problem is that all the permalinks start with three extra dashes (---) that make links return a 404.

Could you please look into this problem.

Many Thanks

MoeMauhphie avatar Feb 14 '18 15:02 MoeMauhphie

Hmm, so here I request the permalink from the API: https://github.com/WPprodigy/woocommerce-external-product-embed/blob/master/classes/class-wcepe-api-client.php#L79-L102

You can see the property here: http://woocommerce.github.io/woocommerce-rest-api-docs/#list-all-products

So I'm thinking it's coming from the API already "corrupted". Unless it's breaking when being saved to the database after sanitization with this: https://developer.wordpress.org/reference/functions/sanitize_text_field/

What is the correct permalink?

WPprodigy avatar Feb 14 '18 17:02 WPprodigy

Thank your very much for your reply,

Maybe it's because of non-English characters in my URLs, I just noticed it's not only about the extra dashes the links are totally corrupted.

Here is the original link: http://tennisfa.com/shop/product/کوله-تنیس-بابولات-pure-drive-blue-backpack/

And here is the produced link: http://tennisfa.com/shop/product/---pure-drive-blue-backpack/

And here is where the product is displayed: http://tennisfa.com/2018/02/13/فدرر-صدر-رده%E2%80%8Cبندی-جهانی/

Regards

MoeMauhphie avatar Feb 14 '18 17:02 MoeMauhphie

Okay, so here: https://github.com/WPprodigy/woocommerce-external-product-embed/blob/c4dad8180923bdfc541e776da76b26c88b0e4578/classes/class-wcepe-data-store.php#L103

Temporarily remove the sanitize_text_field(). Then clear transients. See if the permalinks come through then.

Could also try making a request to the WC site directly with an API client following this guide: https://github.com/woocommerce/woocommerce/wiki/Getting-started-with-the-REST-API#making-a-basic-request. See if the permalink is corrupted at that point or not.

WPprodigy avatar Feb 14 '18 18:02 WPprodigy

Thanks.

Removing sanitize_text_field() returns a white page.

I'm very sorry I'm not a coder and I'm not familiar with the stuff you explained in the second part of your reply. :-(

MoeMauhphie avatar Feb 14 '18 18:02 MoeMauhphie

That line should become:

$product_data[ sanitize_key( $key ) ] = $value;

This won't be the correct long-term solution, but just want to see if that solves the problem. If it does, I'm thinking this needs to be used for permalinks: https://developer.wordpress.org/reference/functions/esc_url_raw/

WPprodigy avatar Feb 14 '18 19:02 WPprodigy

Yes! That solved the problem. Thanks for your help. I really appreciate it.

MoeMauhphie avatar Feb 14 '18 19:02 MoeMauhphie

If you don't mind testing, could you replace that whole function with this: https://gist.github.com/WPprodigy/5f0a7238d074c4f0d00fffa33767d832 and see if it still works (clear transients before testing)

Would be helpful towards getting a real fix in place :)

WPprodigy avatar Feb 14 '18 19:02 WPprodigy

It works like a charm! Perfect! I can't thank you enough mate, I really really appreciate your help.

MoeMauhphie avatar Feb 14 '18 19:02 MoeMauhphie

Thanks for your help as well :)

WPprodigy avatar Feb 14 '18 19:02 WPprodigy