diff --git a/includes/abstracts/abstract-wc-order.php b/includes/abstracts/abstract-wc-order.php index ac537fdee79..fe50c4eb394 100644 --- a/includes/abstracts/abstract-wc-order.php +++ b/includes/abstracts/abstract-wc-order.php @@ -1050,10 +1050,10 @@ abstract class WC_Abstract_Order extends WC_Abstract_Legacy_Order { $result = $coupon->get_data_store()->check_and_hold_coupon( $coupon ); if ( false === $result ) { // translators: Actual coupon code. - throw new Exception( sprintf( __( 'An unexpected error happened while applying the Coupon %s.', 'woocommerce' ), $coupon->get_code() ) ); + throw new Exception( sprintf( __( 'An unexpected error happened while applying the Coupon %s.', 'woocommerce' ), esc_html( $coupon->get_code() ) ) ); } elseif ( 0 === $result ) { // translators: Actual coupon code. - throw new Exception( sprintf( __( 'Coupon %s was used in another transaction during this checkout, and coupon usage limit is reached. Please remove the coupon and try again.', 'woocommerce' ), $coupon->get_code() ) ); + throw new Exception( sprintf( __( 'Coupon %s was used in another transaction during this checkout, and coupon usage limit is reached. Please remove the coupon and try again.', 'woocommerce' ), esc_html( $coupon->get_code() ) ) ); } return $result; } @@ -1072,10 +1072,10 @@ abstract class WC_Abstract_Order extends WC_Abstract_Legacy_Order { $result = $coupon->get_data_store()->check_and_hold_coupon_for_user( $coupon, $user_ids_and_emails, $user_alias ); if ( false === $result ) { // translators: Actual coupon code. - throw new Exception( sprintf( __( 'An unexpected error happened while applying the Coupon %s.', 'woocommerce' ), $coupon->get_code() ) ); + throw new Exception( sprintf( __( 'An unexpected error happened while applying the Coupon %s.', 'woocommerce' ), esc_html( $coupon->get_code() ) ) ); } elseif ( 0 === $result ) { // translators: Actual coupon code. - throw new Exception( sprintf( __( 'You have used this coupon %s in another transaction during this checkout, and coupon usage limit is reached. Please remove the coupon and try again.', 'woocommerce' ), $coupon->get_code() ) ); + throw new Exception( sprintf( __( 'You have used this coupon %s in another transaction during this checkout, and coupon usage limit is reached. Please remove the coupon and try again.', 'woocommerce' ), esc_html( $coupon->get_code() ) ) ); } return $result; } diff --git a/includes/class-wc-cart.php b/includes/class-wc-cart.php index b5933c4b31f..0e2e5db7dd6 100644 --- a/includes/class-wc-cart.php +++ b/includes/class-wc-cart.php @@ -1548,8 +1548,7 @@ class WC_Cart extends WC_Legacy_Cart { // Check it can be used with cart. if ( ! $the_coupon->is_valid() ) { - // Notices are escaped using wc_kses_notice, which allows tag, but we don't want that in coupon error output. - wc_add_notice( esc_html( $the_coupon->get_error_message() ), 'error' ); + wc_add_notice( $the_coupon->get_error_message(), 'error' ); return false; } diff --git a/includes/class-wc-coupon.php b/includes/class-wc-coupon.php index 0c5dffe6b02..5ca6867a5a8 100644 --- a/includes/class-wc-coupon.php +++ b/includes/class-wc-coupon.php @@ -951,22 +951,22 @@ class WC_Coupon extends WC_Legacy_Coupon { break; case self::E_WC_COUPON_NOT_EXIST: /* translators: %s: coupon code */ - $err = sprintf( __( 'Coupon "%s" does not exist!', 'woocommerce' ), $this->get_code() ); + $err = sprintf( __( 'Coupon "%s" does not exist!', 'woocommerce' ), esc_html( $this->get_code() ) ); break; case self::E_WC_COUPON_INVALID_REMOVED: /* translators: %s: coupon code */ - $err = sprintf( __( 'Sorry, it seems the coupon "%s" is invalid - it has now been removed from your order.', 'woocommerce' ), $this->get_code() ); + $err = sprintf( __( 'Sorry, it seems the coupon "%s" is invalid - it has now been removed from your order.', 'woocommerce' ), esc_html( $this->get_code() ) ); break; case self::E_WC_COUPON_NOT_YOURS_REMOVED: /* translators: %s: coupon code */ - $err = sprintf( __( 'Sorry, it seems the coupon "%s" is not yours - it has now been removed from your order.', 'woocommerce' ), $this->get_code() ); + $err = sprintf( __( 'Sorry, it seems the coupon "%s" is not yours - it has now been removed from your order.', 'woocommerce' ), esc_html( $this->get_code() ) ); break; case self::E_WC_COUPON_ALREADY_APPLIED: $err = __( 'Coupon code already applied!', 'woocommerce' ); break; case self::E_WC_COUPON_ALREADY_APPLIED_INDIV_USE_ONLY: /* translators: %s: coupon code */ - $err = sprintf( __( 'Sorry, coupon "%s" has already been applied and cannot be used in conjunction with other coupons.', 'woocommerce' ), $this->get_code() ); + $err = sprintf( __( 'Sorry, coupon "%s" has already been applied and cannot be used in conjunction with other coupons.', 'woocommerce' ), esc_html( $this->get_code() ) ); break; case self::E_WC_COUPON_USAGE_LIMIT_REACHED: $err = __( 'Coupon usage limit has been reached.', 'woocommerce' ); diff --git a/includes/class-wc-discounts.php b/includes/class-wc-discounts.php index 169994cb154..95e3b44994f 100644 --- a/includes/class-wc-discounts.php +++ b/includes/class-wc-discounts.php @@ -585,7 +585,7 @@ class WC_Discounts { protected function validate_coupon_exists( $coupon ) { if ( ! $coupon->get_id() && ! $coupon->get_virtual() ) { /* translators: %s: coupon code */ - throw new Exception( sprintf( __( 'Coupon "%s" does not exist!', 'woocommerce' ), $coupon->get_code() ), 105 ); + throw new Exception( sprintf( __( 'Coupon "%s" does not exist!', 'woocommerce' ), esc_html( $coupon->get_code() ) ), 105 ); } return true;