Fix: Sanitize fee recovery amount before saving to DB.#8254
Open
joshAppDev wants to merge 1 commit into
Open
Conversation
It affects how the amount is parsed and formatted in currencies using "." as the thousands separator.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Background
The give-fee-recovery plugin stores the fee amount in the donation meta under '_give_fee_amount'. It uses the
give_sanitize_amount_for_db()function before saving. This results in the amount having 6 decimal places. (E.g. "4000.000000".)However, GiveWP automatically re-saves donation meta values if the donation is updated. For example, if the status changes from PROCESSING to COMPLETED. For '_give_fee_amount', it uses only the
formatToDecimal()method before saving. This has 2 decimal places for the amount. (e.g. "4000.00".)The problem
When a currency uses
.as a thousands separator, it can change how GiveWP parses and formats amounts. This is more noticeable when large amounts are common with the currency, such as with VND or IDR.Here is an example, from one of our Give sites running 3.22:

The amount was initially correct when the donation status was still PROCESSING. But after it changed to COMPLETED, the displayed fee amount became wrong.
Parsing issue
GiveWP uses several different functions when formatting the fee amount for display, including
give_maybe_santize_amount(). When this function sees a fee amount with 6 decimal places, it parses correctly. But when the function sees the fee amount with 2 decimal places, it thinks that "4000.00" == "400000". Perhaps there is a way to fix this parsing algorithm, but not in this pull request.( See give-fee-recovery/includes/admin/class-give-fee-recovery-admin.php :: donation_detail() )
Sanitizing solution
By adding
give_sanitize_amount_for_db()to DonationRepository.php, we ensure the fee amount is consistently formatted for the DB across both give core, and give-fee-recovery. As a bonus, it also works around the parsing issue above.Testing Instructions
For the IDR currency, we configure zero decimal places in the GiveWP settings. Additionally, we use the
give_get_zero_based_currenciesandgive_fee_zero_based_currencyfilters to set IDR as zero based.Pre-review Checklist
@unreleasedtags included in DocBlocks