fix: critical - add shipping_cost/title to sanitize_payload whitelist
ROOT CAUSE: The sanitize_payload() method was returning a whitelist of allowed fields, but shipping_cost, shipping_title, custom_fields, and customer_note were NOT included. This caused these values to be null even though the frontend was sending them correctly. Added: - shipping_cost (float) - shipping_title (sanitized text) - custom_fields (array) - customer_note (sanitized textarea) This should fix shipping not being applied to order totals.
This commit is contained in:
Dwindi Ramadhana
@@ -692,6 +692,7 @@ class CheckoutController {
|
||||
$billing = isset($json['billing']) && is_array($json['billing']) ? $json['billing'] : [];
|
||||
$shipping = isset($json['shipping']) && is_array($json['shipping']) ? $json['shipping'] : [];
|
||||
$coupons = isset($json['coupons']) && is_array($json['coupons']) ? array_map('wc_clean', $json['coupons']) : [];
|
||||
$custom_fields = isset($json['custom_fields']) && is_array($json['custom_fields']) ? $json['custom_fields'] : [];
|
||||
|
||||
return [
|
||||
'items' => array_map(function ($i) {
|
||||
@@ -707,6 +708,11 @@ class CheckoutController {
|
||||
'coupons' => $coupons,
|
||||
'shipping_method' => isset($json['shipping_method']) ? wc_clean($json['shipping_method']) : null,
|
||||
'payment_method' => isset($json['payment_method']) ? wc_clean($json['payment_method']) : null,
|
||||
// NEW: Added missing fields that were causing shipping to not be applied
|
||||
'shipping_cost' => isset($json['shipping_cost']) ? (float) $json['shipping_cost'] : null,
|
||||
'shipping_title' => isset($json['shipping_title']) ? sanitize_text_field($json['shipping_title']) : null,
|
||||
'custom_fields' => $custom_fields,
|
||||
'customer_note' => isset($json['customer_note']) ? sanitize_textarea_field($json['customer_note']) : '',
|
||||
];
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user