Products with double quotes in name break inline JavaScript

Here’s a patch that fixes the problem for me.

Index: bng_three_step_gateway_functions.php
===================================================================
--- bng_three_step_gateway_functions.php	(revision 1793325)
+++ bng_three_step_gateway_functions.php	(working copy)
@@ -210,7 +210,7 @@
         //check for ssl
         if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') $isssl = "Y";
         else $isssl = "N";
-        
+
         //build js data array to pass into step one    
         echo '<script type="text/javascript">';
         echo '  function bng701_arrangeData() {';
@@ -247,64 +247,71 @@
         echo '      var customervaultid = document.getElementById("customervaultid").value;';
         echo '      var last4 = document.getElementById("billingccnumber").value.slice(-4);';
         echo '      var expiry = document.getElementById("billingccexp").value;';
-        echo '      var data = [];';
+
+        $data = array(
+          'thisid' => bng701_cleanTheData($this->id),
+          'orderid' => bng701_cleanTheData($order_id,'integer'),
+          'apikey' => bng701_cleanTheData($this->apikey,'string'),
+          'transactiontype' => bng701_cleanTheData($this->transactiontype,'string'),
+          'gatewayurl' => bng701_cleanTheData($this->gatewayURL,'url'),
+          'user_email' => sanitize_email($user_email),
+          'userid' => sanitize_text_field(get_current_user_id()),
+          'ordertotal' => $order->order_total,
+          'ordertax' => $order->order_tax,
+          'ordershipping' => $order->order_shipping,
+          'billingfirstname' => bng701_cleanTheData($order->billing_first_name,'string'),
+          'billinglastname' => bng701_cleanTheData($order->billing_last_name,'string'),
+          'billingaddress1' => bng701_cleanTheData($order->billing_address_1,'string'),
+          'billingcity' => bng701_cleanTheData($order->billing_city,'string'),
+          'billingstate' => bng701_cleanTheData($order->billing_state,'string'),
+          'billingpostcode' => bng701_cleanTheData($order->billing_postcode,'string'),
+          'billingcountry' => bng701_cleanTheData($order->billing_country,'string'),
+          'billingemail' => sanitize_email($order->billing_email),
+          'billingphone' => sanitize_text_field($order->billing_phone),
+          'billingcompany' => bng701_cleanTheData($order->billing_company,'string'),
+          'billingaddress2' => bng701_cleanTheData($order->billing_address_2,'string'),
+          'shippingfirstname' => bng701_cleanTheData($order->shipping_first_name,'string'),
+          'shippinglastname' => bng701_cleanTheData($order->shipping_last_name,'string'),
+          'shippingaddress1' => bng701_cleanTheData($order->shipping_address_1,'string'),
+          'shippingcity' => bng701_cleanTheData($order->shipping_city,'string'),
+          'shippingstate' => bng701_cleanTheData($order->shipping_state,'string'),
+          'shippingpostcode' => sanitize_text_field($order->shipping_postcode),
+          'shippingcountry' => bng701_cleanTheData($order->shipping_country,'string'),
+          'shippingphone' => sanitize_text_field($order->shipping_phone),
+          'shippingcompany' => bng701_cleanTheData($order->shipping_company,'string'),
+          'shippingaddress2' => bng701_cleanTheData($order->shipping_address_2,'string'),
+          'security' =>  wp_create_nonce( 'checkout-nonce' )
+        );
+
+        //loop through items, build array
+        $items = $order->get_items();
+        foreach (array_values($items) AS $x => $item) {
+          $data['item'.$x] = array(
+            'productid' => $item['product_id'],
+            'name' => $item['name'],
+            'line_total' => $item['line_total'],
+            'qty' => $item['qty'],
+            'line_subtotal' => $item['line_subtotal']
+          );
+        }
         
-        echo '      if (billingid != "") data["action"] = "bng701_stepOne";';
-        echo '      else data["action"] = "bng701_stepOne_addBilling";';
-        
-        echo '      data["thisid"] = "'.bng701_cleanTheData($this->id).'";';
-        echo '      data["orderid"] = "'.bng701_cleanTheData($order_id,'integer').'";';
-        echo '      data["apikey"] = "'.bng701_cleanTheData($this->apikey,'string').'";';
-        echo '      data["transactiontype"] = "'.bng701_cleanTheData($this->transactiontype,'string').'";';
-        echo '      data["gatewayurl"] = "'.bng701_cleanTheData($this->gatewayURL,'url').'";';
+        $data['itemcount'] = count($items);
+
+        echo '      var data = ' . json_encode($data) . ';';
+
+        // At this point, we've composed all data we can without JavaScript
+        // Remaining data properties will use JavaScript variables
+
         echo '      data["savepaymentmethod"] = savepaymentmethod;';
         echo '      data["customervaultid"] = customervaultid;';
-        echo '      data["user_email"] = "'.sanitize_email($user_email).'";';
-        echo '      data["userid"] = "'.sanitize_text_field(get_current_user_id()).'";';
-        echo '      data["billingid"] = billingid;';        
-        echo '      data["ordertotal"] = "'.$order->order_total.'";';
-        echo '      data["ordertax"] = "'.$order->order_tax.'";';
-        echo '      data["ordershipping"] = "'.$order->order_shipping.'";';
-        echo '      data["billingfirstname"] = "'.bng701_cleanTheData($order->billing_first_name,'string').'";';
-        echo '      data["billinglastname"] = "'.bng701_cleanTheData($order->billing_last_name,'string').'";';
-        echo '      data["billingaddress1"] = "'.bng701_cleanTheData($order->billing_address_1,'string').'";';
-        echo '      data["billingcity"] = "'.bng701_cleanTheData($order->billing_city,'string').'";';
-        echo '      data["billingstate"] = "'.bng701_cleanTheData($order->billing_state,'string').'";';
-        echo '      data["billingpostcode"] = "'.bng701_cleanTheData($order->billing_postcode,'string').'";';
-        echo '      data["billingcountry"] = "'.bng701_cleanTheData($order->billing_country,'string').'";';
-        echo '      data["billingemail"] = "'.sanitize_email($order->billing_email).'";';
-        echo '      data["billingphone"] = "'.sanitize_text_field($order->billing_phone).'";';
-        echo '      data["billingcompany"] = "'.bng701_cleanTheData($order->billing_company,'string').'";';
-        echo '      data["billingaddress2"] = "'.bng701_cleanTheData($order->billing_address_2,'string').'";';
-        echo '      data["shippingfirstname"] = "'.bng701_cleanTheData($order->shipping_first_name,'string').'";';
-        echo '      data["shippinglastname"] = "'.bng701_cleanTheData($order->shipping_last_name,'string').'";';
-        echo '      data["shippingaddress1"] = "'.bng701_cleanTheData($order->shipping_address_1,'string').'";';
-        echo '      data["shippingcity"] = "'.bng701_cleanTheData($order->shipping_city,'string').'";';
-        echo '      data["shippingstate"] = "'.bng701_cleanTheData($order->shipping_state,'string').'";';
-        echo '      data["shippingpostcode"] = "'.sanitize_text_field($order->shipping_postcode).'";';
-        echo '      data["shippingcountry"] = "'.bng701_cleanTheData($order->shipping_country,'string').'";';
-        echo '      data["shippingphone"] = "'.sanitize_text_field($order->shipping_phone).'";';
-        echo '      data["shippingcompany"] = "'.bng701_cleanTheData($order->shipping_company,'string').'";';
-        echo '      data["shippingaddress2"] = "'.bng701_cleanTheData($order->shipping_address_2,'string').'";';
-        echo '      data["security"]= "'.wp_create_nonce( 'checkout-nonce' ).'";';
+        echo '      data["billingid"] = billingid;';
         echo '      data["last4"] = last4;';
         echo '      data["expiry"] = expiry;';
         
-        //loop through items, build array
-        $items = $order->get_items();
-        $x = 0;
-        foreach ($items AS $item) {
-            echo '      var item = [];';
-            echo '      item["productid"] = "'.$item['product_id'].'";';
-            echo '      item["name"] = "'.$item['name'].'";';
-            echo '      item["line_total"] = "'.$item['line_total'].'";';
-            echo '      item["qty"] = '.$item['qty'].';';
-            echo '      item["line_subtotal"] = "'.$item['line_subtotal'].'";';
-            echo '      data["item'.$x.'"] = item;';
-            $x++;
-        }
+        echo '      if (billingid != "") data["action"] = "bng701_stepOne";';
+        echo '      else data["action"] = "bng701_stepOne_addBilling";';
         
-        echo '      data["itemcount"] = '.$x.';';
+        
         //echo '  console.log(data);';
         
         echo '      return bng701_stepOne(data, "'.plugin_dir_url(__FILE__).'");';

Thanks @abirchler!

I am working on this today and will have a release by the end of the week. We appreciate your input and help tracking down this bug!

Nate
BNG Team

@abirchler

I just pushed a new version of the plugin which includes a fix for your report above, as well as the display error in the gateway transaction detail that you reported off-forum.

Thanks again for your help!

[ Signature deleted ]

• This reply was modified 5 years, 6 months ago by Jan Dembowski.

@bngdesign,

I updated to this version, and it worked. Also, the quotes are looking good in the gateway transaction detail.

Thanks.