wc_sanitize_coupon_code() │ WC 3.6.0

Sanitize a coupon code.

Uses sanitize_post_field since coupon codes are stored as post_titles - the sanitization and escaping must match.

Due to the unfiltered_html captability that some (admin) users have, we need to account for slashes.

The html_entity_decode() call handles coupon codes that contain special characters like ampersands (&), quotes ("), and other HTML entities. Without this decoding step, coupon codes with special characters would fail to match during application, causing legitimate coupons to be rejected.

No Hooks.

Returns

String.

Usage

wc_sanitize_coupon_code( $value );

$value(string) (required): Coupon code to format.

Notes

See: WC_Cart_Test::test_coupon_codes_with_special_characters

Changelog

Since 3.6.0	Introduced.
Since 10.0.0	Decode HTML entities here instead of via woocommerce_coupon_code filter.

`wc_sanitize_coupon_code() wc sanitize coupon code` code ^{WC 10.6.2}

woocommerce/includes/wc-formatting-functions.php

function wc_sanitize_coupon_code( $value ) {
	$value = wp_kses( sanitize_post_field( 'post_title', html_entity_decode( $value ?? '', ENT_COMPAT, get_bloginfo( 'charset' ) ), 0, 'db' ), 'entities' );
	return current_user_can( 'unfiltered_html' ) ? $value : stripslashes( $value );
}