Commit 25f5fda041a for woocommerce
commit 25f5fda041a65ab24873242a19774ba4bfb5ffb0
Author: Tom Cafferkey <tjcafferkey@gmail.com>
Date: Thu Jul 2 12:57:27 2026 +0100
StoreAPI: Sanitize email instead of texturize it (#66148)
* sanitize email instead of texturize it
* Add changefile(s) from automation for the following project(s): woocommerce
* Unit test
* Fix changelog
* Add changefile(s) from automation for the following project(s): woocommerce
* Update changelog
* Move test
---------
Co-authored-by: woocommercebot <woocommercebot@users.noreply.github.com>
diff --git a/plugins/woocommerce/changelog/66148-fix-billing-address-response-checkout-block b/plugins/woocommerce/changelog/66148-fix-billing-address-response-checkout-block
new file mode 100644
index 00000000000..8147b2c51d3
--- /dev/null
+++ b/plugins/woocommerce/changelog/66148-fix-billing-address-response-checkout-block
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Sanitize instead of texturize the email address in the StoreAPI response
diff --git a/plugins/woocommerce/src/StoreApi/Schemas/V1/BillingAddressSchema.php b/plugins/woocommerce/src/StoreApi/Schemas/V1/BillingAddressSchema.php
index 0b73b95faa9..d6c4b262857 100644
--- a/plugins/woocommerce/src/StoreApi/Schemas/V1/BillingAddressSchema.php
+++ b/plugins/woocommerce/src/StoreApi/Schemas/V1/BillingAddressSchema.php
@@ -131,6 +131,8 @@ class BillingAddressSchema extends AbstractAddressSchema {
foreach ( $address_object as $key => $value ) {
if ( isset( $this->get_properties()[ $key ]['type'] ) && 'boolean' === $this->get_properties()[ $key ]['type'] ) {
$address_object[ $key ] = (bool) $value;
+ } elseif ( 'email' === $key ) {
+ $address_object[ $key ] = sanitize_email( $value );
} else {
$address_object[ $key ] = $this->prepare_html_response( $value );
}
diff --git a/plugins/woocommerce/tests/php/src/StoreApi/Schemas/V1/AbstractAddressSchemaTest.php b/plugins/woocommerce/tests/php/src/StoreApi/Schemas/V1/AbstractAddressSchemaTest.php
index 8d7b053e0ad..40d90d0b525 100644
--- a/plugins/woocommerce/tests/php/src/StoreApi/Schemas/V1/AbstractAddressSchemaTest.php
+++ b/plugins/woocommerce/tests/php/src/StoreApi/Schemas/V1/AbstractAddressSchemaTest.php
@@ -112,4 +112,21 @@ class AbstractAddressSchemaTest extends WC_Unit_Test_Case {
$this->assertSame( '123 Main Street', $result['address_1'], 'A plain field should be unchanged.' );
$this->assertSame( 'Suite 100', $result['address_2'], 'A plain field should be unchanged.' );
}
+
+ /**
+ * @testdox Should not texturize billing email addresses in API responses.
+ */
+ public function test_get_item_response_does_not_texturize_billing_email_address(): void {
+ $customer = new \WC_Customer();
+ $customer->set_billing_email( 'info@48x17.com' );
+
+ $result = $this->sut->get_item_response( $customer );
+
+ $this->assertArrayHasKey( 'email', $result );
+ $this->assertSame(
+ 'info@48x17.com',
+ $result['email'],
+ 'Billing email addresses should be returned as raw data, not typographic display text.'
+ );
+ }
}