Merge pull request #8185 from easydigitaldownloads/issue/8183-2

Validate discount amount is numeric before saving #8183
awesomemotive · Nov 4, 2020 · 510e528 · 510e528
2 parents d74bec0 + 348a240
commit 510e528
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/includes/admin/class-edd-notices.php b/includes/admin/class-edd-notices.php
@@ -137,6 +137,10 @@ public function show_notices() {
 						break;
 					case 'discount_invalid_code':
 						$notices['error']['edd-discount-invalid-code'] = __( 'The discount code entered is invalid; only alphanumeric characters are allowed, please try again.', 'easy-digital-downloads' );
+						break;
+					case 'discount_invalid_amount' :
+						$notices['error']['edd-discount-invalid-amount'] = __( 'The discount amount must be a valid percentage or numeric flat amount. Please try again.', 'easy-digital-downloads' );
+						break;
 				}
 			}
 

diff --git a/includes/admin/discounts/discount-actions.php b/includes/admin/discounts/discount-actions.php
@@ -45,6 +45,11 @@ function edd_add_discount( $data ) {
 		edd_die();
 	}
 
+	if ( ! is_numeric( $data['amount'] ) ) {
+		wp_redirect( add_query_arg( 'edd-message', 'discount_invalid_amount' ) );
+		edd_die();
+	}
+
 	foreach ( $data as $key => $value ) {
 
 		if ( $key === 'products' || $key === 'excluded-products' ) {
@@ -112,6 +117,11 @@ function edd_edit_discount( $data ) {
 		wp_die( __( 'You do not have permission to edit discount codes', 'easy-digital-downloads' ), __( 'Error', 'easy-digital-downloads' ), array( 'response' => 403 ) );
 	}
 
+	if ( empty( $data['amount'] ) || ! is_numeric( $data['amount'] ) ) {
+		wp_redirect( add_query_arg( 'edd-message', 'discount_invalid_amount' ) );
+		edd_die();
+	}
+
 	// Setup the discount code details
 	$discount = array();