Commit 5e0d4638f50 for woocommerce
commit 5e0d4638f5015c453e13b65a7deb3e95ee957fef
Author: Bruna <bruna.filippozzi@automattic.com>
Date: Thu Apr 30 12:48:55 2026 +0200
Fix tax label percent sign corruption in order items (#64154)
* Fix tax label percent sign corruption in order items
Replace wc_clean() with wp_strip_all_tags() in WC_Order_Item_Tax::set_label()
to prevent sanitize_text_field() from URL-decoding percent sequences like "%15"
in locale-specific tax names (e.g. Turkish "%15 KDV").
Fixes #45103
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add HTML sanitization assertion to set_label test
Verifies wp_strip_all_tags() removes HTML tags while preserving
percent signs in tax labels — addresses review feedback from
zhongruige.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---------
Co-authored-by: Bruna <bruberries@MacBook-Pro-9.local>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Greg <71906536+zhongruige@users.noreply.github.com>
Co-authored-by: Bruna Filippozzi <bruna.filippozzi@a8c.com>
diff --git a/plugins/woocommerce/changelog/fix-tax-label-percent-sign-corruption b/plugins/woocommerce/changelog/fix-tax-label-percent-sign-corruption
new file mode 100644
index 00000000000..1bd84e61403
--- /dev/null
+++ b/plugins/woocommerce/changelog/fix-tax-label-percent-sign-corruption
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Fix tax rate labels containing percent signs (e.g. "%15 KDV" in Turkish locale) being corrupted when stored on order items.
diff --git a/plugins/woocommerce/includes/class-wc-order-item-tax.php b/plugins/woocommerce/includes/class-wc-order-item-tax.php
index 4248839d93a..6157656e0a9 100644
--- a/plugins/woocommerce/includes/class-wc-order-item-tax.php
+++ b/plugins/woocommerce/includes/class-wc-order-item-tax.php
@@ -60,7 +60,7 @@ class WC_Order_Item_Tax extends WC_Order_Item {
* @param string $value Label.
*/
public function set_label( $value ) {
- $this->set_prop( 'label', wc_clean( $value ) );
+ $this->set_prop( 'label', wp_strip_all_tags( $value ) );
}
/**
diff --git a/plugins/woocommerce/tests/legacy/unit-tests/order-items/order-item-tax.php b/plugins/woocommerce/tests/legacy/unit-tests/order-items/order-item-tax.php
index 7eae039ad87..70ab67de645 100644
--- a/plugins/woocommerce/tests/legacy/unit-tests/order-items/order-item-tax.php
+++ b/plugins/woocommerce/tests/legacy/unit-tests/order-items/order-item-tax.php
@@ -46,4 +46,29 @@ class WC_Tests_Order_Item_Tax extends WC_Unit_Test_Case {
$item->set_shipping_tax_total( 10.99 );
$this->assertEquals( '10.99', $item->get_shipping_tax_total() );
}
+
+ /**
+ * Test that set_label preserves percent signs in tax names.
+ *
+ * In some locales (e.g. Turkish, Basque), the percent sign is placed
+ * before the number (e.g. "%15 KDV"). Previously, wc_clean() would
+ * URL-decode "%15" and strip the resulting control character.
+ *
+ * @see https://github.com/woocommerce/woocommerce/issues/45103
+ */
+ public function test_set_label_preserves_percent_sign() {
+ $item = new WC_Order_Item_Tax();
+
+ $item->set_label( 'Test %15 Tax' );
+ $this->assertEquals( 'Test %15 Tax', $item->get_label() );
+
+ $item->set_label( '%25 KDV' );
+ $this->assertEquals( '%25 KDV', $item->get_label() );
+
+ $item->set_label( 'VAT 15%' );
+ $this->assertEquals( 'VAT 15%', $item->get_label() );
+
+ $item->set_label( '<b>%15 KDV</b>' );
+ $this->assertEquals( '%15 KDV', $item->get_label() );
+ }
}