dwindown/WooNooW
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: critical - add shipping_cost/title to sanitize_payload whitelist

Browse Source 
ROOT CAUSE: The sanitize_payload() method was returning a whitelist of
allowed fields, but shipping_cost, shipping_title, custom_fields, and
customer_note were NOT included. This caused these values to be null
even though the frontend was sending them correctly.

Added:
- shipping_cost (float)
- shipping_title (sanitized text)
- custom_fields (array)
- customer_note (sanitized textarea)

This should fix shipping not being applied to order totals.
This commit is contained in:
Dwindi Ramadhana
2026-01-09 09:45:46 +07:00
parent e04f1fd93f
commit 942fb48a0b
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
customer-spa/src/pages/Checkout/index.tsx
View File

@@ -569,6 +569,16 @@ export default function Checkout() {
custom_fields: customFieldData,
};
// DEBUG: Log shipping data being sent
console.log('[WooNooW DEBUG] Order Shipping Data:', {
selectedShippingRate,
shippingCost,
shippingRatesCount: shippingRates.length,
foundRate: shippingRates.find(r => r.id === selectedShippingRate),
orderData_shipping_cost: orderData.shipping_cost,
orderData_shipping_title: orderData.shipping_title,
});
// Submit order
const response = await apiClient.post('/checkout/submit', orderData);
const data = (response as any).data || response;

6
includes/Api/CheckoutController.php
View File

@@ -692,6 +692,7 @@ class CheckoutController {
$billing = isset($json['billing']) && is_array($json['billing']) ? $json['billing'] : [];
$shipping = isset($json['shipping']) && is_array($json['shipping']) ? $json['shipping'] : [];
$coupons = isset($json['coupons']) && is_array($json['coupons']) ? array_map('wc_clean', $json['coupons']) : [];
$custom_fields = isset($json['custom_fields']) && is_array($json['custom_fields']) ? $json['custom_fields'] : [];
return [
'items' => array_map(function ($i) {
@@ -707,6 +708,11 @@ class CheckoutController {
'coupons' => $coupons,
'shipping_method' => isset($json['shipping_method']) ? wc_clean($json['shipping_method']) : null,
'payment_method' => isset($json['payment_method']) ? wc_clean($json['payment_method']) : null,
// NEW: Added missing fields that were causing shipping to not be applied
'shipping_cost' => isset($json['shipping_cost']) ? (float) $json['shipping_cost'] : null,
'shipping_title' => isset($json['shipping_title']) ? sanitize_text_field($json['shipping_title']) : null,
'custom_fields' => $custom_fields,
'customer_note' => isset($json['customer_note']) ? sanitize_textarea_field($json['customer_note']) : '',
];
}