Fixed root cause of 'Indonesia' in billing_phone - was fallback to country value
Issue:
❌ billing_phone showing 'Indonesia' instead of phone number
❌ Weak validation: ! empty() allows any non-empty string
❌ No sanitization - direct assignment of raw values
❌ Inconsistent validation between order and customer updates
Root Cause:
- OrdersController used ! empty() check
- Allowed 'Indonesia' (country) to be saved as phone
- No sanitization or format validation
- Applied to ALL fields, not just phone
Changes Made:
1. Created Sanitization Helpers (Lines 9-58):
✅ sanitize_field() - Trims, validates text fields
✅ sanitize_phone() - Removes non-numeric except +, -, spaces
✅ sanitize_email_field() - Validates email format
✅ Returns empty string if invalid (prevents bad data)
2. Fixed Order Billing/Shipping (Lines 645-673, 909-940):
✅ Update method: Sanitize all order address fields
✅ Create method: Sanitize all order address fields
✅ Applied to: first_name, last_name, email, phone, address_1, address_2, city, state, postcode, country
3. Fixed Customer Data - Existing Member (Lines 1089-1132):
✅ Sanitize all billing fields before WC_Customer update
✅ Sanitize all shipping fields before WC_Customer update
✅ Only set if not empty (allow clearing fields)
✅ Prevents 'Indonesia' or invalid data from being saved
4. Fixed Customer Data - New Member (Lines 1161-1204):
✅ Sanitize all billing fields on customer creation
✅ Sanitize all shipping fields on customer creation
✅ Same validation as existing member
✅ Consistent data quality for all customers
Sanitization Logic:
Phone:
- Remove non-numeric except +, -, spaces
- Trim whitespace
- Return empty if only symbols
- Example: 'Indonesia' → '' (empty)
- Example: '08123456789' → '08123456789' ✅
Email:
- Use sanitize_email() + is_email()
- Return empty if invalid format
- Prevents malformed emails
Text Fields:
- Use sanitize_text_field()
- Trim whitespace
- Return empty if only whitespace
- Prevents injection attacks
Impact:
Before:
- 'Indonesia' saved as phone ❌
- Country name in phone field ❌
- No validation ❌
- Inconsistent data ❌
After:
- Invalid phone → empty string ✅
- All fields sanitized ✅
- Consistent validation ✅
- Clean customer data ✅
Applies To:
✅ Order creation (new orders)
✅ Order updates (edit orders)
✅ Customer data - existing members
✅ Customer data - new members (auto-register)
✅ All billing fields
✅ All shipping fields
Testing Required:
1. Create order with existing customer - verify phone sanitized
2. Create order with new customer - verify no 'Indonesia' in phone
3. Edit order - verify all fields sanitized
4. Virtual products - verify phone still works correctly
Result: No more 'Indonesia' or invalid data in customer fields!
8b939a0903