Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Products are not added to cart #306

Closed
AndreeaCristinaRadacina opened this issue May 23, 2024 · 15 comments · Fixed by #310
Closed

Products are not added to cart #306

AndreeaCristinaRadacina opened this issue May 23, 2024 · 15 comments · Fixed by #310
Assignees
@Soare-Robert-Daniel
Labels
bug This label could be used to identify issues that are caused by a defect in the product. customer report Indicates the request came from a customer. medium (1d) - This label is used for issues that can be completed within 1 day or less. Priority-Medium Expected resolution time - up to 1 month. regression Issue represents a change in behavior from a previous version that is not intended or desired..

Comments

@AndreeaCristinaRadacina
Copy link

Description

Many users reported that after the latest update, the products are not added to cart anymore. There is no error triggered, but the cart is empty.

I couldn't replicate the issue.

Step-by-step reproduction instructions

  1. Go to a PPOM product with text input
  2. Configure the product options
  3. Click on add to cart button

Screenshots, screen recording, code snippet or Help Scout ticket

example from a client: https://280.150.myftpupload.com/product/urc-tkp-100-custom-engraved-button-cap/

ref: https://wordpress.org/support/topic/update-to-32-0-1-breaks-add-to-cart/#post-17773318

Environment info

No response

Is the issue you are reporting a regression

Yes, this is a regression.
@AndreeaCristinaRadacina AndreeaCristinaRadacina added the bug This label could be used to identify issues that are caused by a defect in the product. label May 23, 2024
@pirate-bot pirate-bot added customer report Indicates the request came from a customer. regression Issue represents a change in behavior from a previous version that is not intended or desired.. labels May 23, 2024
@AndreeaCristinaRadacina
Copy link
Author

+1 https://secure.helpscout.net/conversation/2601627843/419287?viewId=212385

@AndreeaCristinaRadacina
Copy link
Author

+1 https://secure.helpscout.net/conversation/2601200783/419241?viewId=212390

@AndreeaCristinaRadacina
Copy link
Author

+1 https://secure.helpscout.net/conversation/2604221842/419682?viewId=212390

@AndreeaCristinaRadacina
Copy link
Author

+1 https://secure.helpscout.net/conversation/2603159555/419477?viewId=212390

@vytisbulkevicius vytisbulkevicius added the Priority-High Expected resolution time - up to 2 business days. label May 23, 2024
@GrigoreMihai GrigoreMihai added the medium (1d) - This label is used for issues that can be completed within 1 day or less. label May 23, 2024
@AndreeaCristinaRadacina
Copy link
Author

+1 https://wordpress.org/support/topic/update-to-32-0-1-breaks-add-to-cart/

@vytisbulkevicius
Copy link
Contributor

vytisbulkevicius commented May 28, 2024
edited
Loading

@AndreeaCristinaRadacina,

This happens because we had to patch vulnerability which was allowing to add HTML characters to the input fields.

We no longer allow adding HTML characters so this can't be replicated by new users or when creating new fields but those existing fields that had HTML characters should be re-saved by users.

We need to ask those users to go to the fields that have HTML values added and re-save the fields so HTML values get trimmed.
This should be done for the input fields values or select fields values, basically the fields that send user input to the backend, for labels and description of fields they can use it with no problem.

Example from one of the websites with this problem where HTML is still saved in the value of the field:
image

@AndreeaCristinaRadacina
Copy link
Author

AndreeaCristinaRadacina commented May 28, 2024
edited
Loading

@vytisbulkevicius Now I was able to replicate the issue too. When adding <p>hello</p> in the text input, the product is not added to the cart.

To ensure I understood this correctly, can you please validate the reply below?

`After the latest release, PPOM no longer permits the use of HTML characters in new fields or by new users. However, any existing fields that contain HTML characters will need to be re-saved to ensure correct functioning.

Please go to the fields that contain HTML values and re-save them to ensure the HTML values are trimmed. This applies to input fields and select fields where user input is sent to the backend. HTML characters can still be used without any issues for labels and field descriptions.

Thank you for your cooperation.`

@vytisbulkevicius
Copy link
Contributor

@AndreeaCristinaRadacina,

Yes, it's correct. I would change a few places in your reply to prevent confusion:

After the latest release, PPOM no longer permits the use of HTML characters in the input and select fields. However, any existing fields that contain HTML characters will need to be re-saved to ensure correct functioning since they were not trimmed by the plugin update.

Please go to edit the fields that contain HTML values and re-save them to ensure the HTML values are trimmed on save. This only applies to input fields and select fields where HTML characters are used for value. HTML characters can still be used without any issues for labels and field descriptions.

Thank you for your cooperation.

@AndreeaCristinaRadacina
Copy link
Author

Hey Vytis,

The customers say it doesn't work after updating all the fields:
https://secure.helpscout.net/conversation/2601200783/419241?viewId=212385
https://secure.helpscout.net/conversation/2601627843/419287?viewId=212385
https://secure.helpscout.net/conversation/2613097062/420708?viewId=212385
https://secure.helpscout.net/conversation/2603159555/419477?viewId=212385

@vytisbulkevicius vytisbulkevicius added Priority-Medium Expected resolution time - up to 1 month. and removed Priority-High Expected resolution time - up to 2 business days. labels Jun 9, 2024
@AndreeaCristinaRadacina
Copy link
Author

+1 https://secure.helpscout.net/conversation/2625501215/422156?viewId=212385

@Soare-Robert-Daniel
Copy link
Contributor

We might need to reconsider how we deal with HTML content in the fields since it seems that there are a lot of users who have HTML in their fields.

Instead of hard rejecting the request, I think we can switch to sanitization ( like using sanitize_textarea_field ) to clean up any potential issue.

CC: @preda-bogdan

@AndreeaCristinaRadacina
Copy link
Author

+1 https://secure.helpscout.net/conversation/2630775873/422889?viewId=212385

@Soare-Robert-Daniel Soare-Robert-Daniel mentioned this issue Jun 20, 2024
Merged
6 tasks
@Soare-Robert-Daniel Soare-Robert-Daniel linked a pull request Jun 20, 2024 that will close this issue
fix: cart item sanitization #310
Merged
6 tasks
@AndreeaCristinaRadacina
Copy link
Author

@Soare-Robert-Daniel I tested and now it works. Thank you for taking care!

@AndreeaCristinaRadacina
Copy link
Author

https://secure.helpscout.net/conversation/2634654179/423325?viewId=212385

@vytisbulkevicius
Copy link
Contributor

It's fixed and released @AndreeaCristinaRadacina

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Soare-Robert-Daniel Soare-Robert-Daniel

Labels
bug This label could be used to identify issues that are caused by a defect in the product. customer report Indicates the request came from a customer. medium (1d) - This label is used for issues that can be completed within 1 day or less. Priority-Medium Expected resolution time - up to 1 month. regression Issue represents a change in behavior from a previous version that is not intended or desired..
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: cart item sanitization Codeinwp/woocommerce-product-addon
5 participants
@Soare-Robert-Daniel @vytisbulkevicius @GrigoreMihai @pirate-bot @AndreeaCristinaRadacina