Skip to content

Fix applying coupon codes that differ only in space (e.g., "cou pon" and "coupon") #59591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Conversation

NeosinneR
Copy link
Member

@NeosinneR NeosinneR commented Jul 10, 2025

Submission Review Guidelines:

Changes proposed in this Pull Request:

memcached caching engine (possibly others) doesn't work well when the key uses space. This is cause an issue when applying or editing coupons that differ only in space (e.g. cou pon and coupon), because both of them are saved with the same key. Whichever is saved to cache the first, will be returned also for the other one.

This PR adds md5 (it's fast, and we don't care about security in this case) hashes the code to make it unique and acceptable for memcached.

Closes #59487, closes WOOPLUG-4927.

(For Bug Fixes) Bug introduced in PR #56319 (likely).

Screenshots or screen recordings:

Before After
Screenshot 2025-07-10 at 22 12 09 Screenshot 2025-07-10 at 22 12 16
Screenshot 2025-07-10 at 22 14 15 Screenshot 2025-07-10 at 22 13 32

How to test the changes in this Pull Request:

Using the WooCommerce Testing Instructions Guide, include your detailed testing instructions:

  1. Ensure you have caching with memcached enabled (this is default on jurassic.ninja).
  2. Create a coupon code named te st.
  3. Create another one named test.
  4. Verify there isn't Coupon code already exists - customers will use the latest coupon with this code. error when saving the coupon.
  5. Apply the first coupon.
  6. Apply the second coupon.
  7. Verify there isn't "{$code}" is an invalid coupon code. error and both coupons can be applied.

Testing that has already taken place:

@github-actions github-actions bot added the plugin: woocommerce Issues related to the WooCommerce Core plugin. label Jul 10, 2025
@NeosinneR NeosinneR force-pushed the wooplug-4927-coupon-code-invalid-when-similar-code-is-used-prior branch from e373903 to 3bbb9ec Compare July 10, 2025 19:46
@NeosinneR NeosinneR force-pushed the wooplug-4927-coupon-code-invalid-when-similar-code-is-used-prior branch from 3bbb9ec to ad7b4e1 Compare July 10, 2025 19:55
@NeosinneR NeosinneR marked this pull request as ready for review July 10, 2025 20:21
Copy link
Contributor

coderabbitai bot commented Jul 10, 2025

📝 Walkthrough

Walkthrough

A patch was applied to WooCommerce to address issues with coupon codes that differ only by spaces. The caching logic for coupon code lookups was updated to use an MD5 hash of the coupon code as the cache key, rather than the raw code string, to ensure consistent handling and prevent cache-related issues.

Changes

File(s) Change Summary
plugins/woocommerce/changelog/wooplug-4927-coupon-code-invalid-when-similar-code-is-used-prior Added changelog entry describing the patch for coupon codes with spaces.
plugins/woocommerce/includes/data-stores/class-wc-coupon-data-store-cpt.php Updated cache deletion logic in update and delete methods to use MD5-hashed coupon code for cache keys.
plugins/woocommerce/includes/wc-coupon-functions.php Modified coupon ID cache retrieval/storage to use MD5-hashed coupon code as cache key instead of raw string.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant WooCommerce
    participant Cache
    participant DB

    User->>WooCommerce: Attempt to apply coupon code (e.g., "cou pon")
    WooCommerce->>Cache: Lookup coupon ID using MD5-hashed coupon code key
    alt Cache hit
        Cache-->>WooCommerce: Return coupon ID
    else Cache miss
        WooCommerce->>DB: Query coupon ID by code
        DB-->>WooCommerce: Return coupon ID
        WooCommerce->>Cache: Store coupon ID with MD5-hashed key
    end
    WooCommerce-->>User: Apply coupon if valid
Loading

📜 Recent review details

Configuration used: .coderabbit.yml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 92ce56d and ad7b4e1.

📒 Files selected for processing (3)
  • plugins/woocommerce/changelog/wooplug-4927-coupon-code-invalid-when-similar-code-is-used-prior (1 hunks)
  • plugins/woocommerce/includes/data-stores/class-wc-coupon-data-store-cpt.php (2 hunks)
  • plugins/woocommerce/includes/wc-coupon-functions.php (1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
`**/*.{php,js,ts,jsx,tsx}`: Don't trust that extension developers will follow th...

**/*.{php,js,ts,jsx,tsx}: Don't trust that extension developers will follow the best practices, make sure the code:

  • Guards against unexpected inputs.
  • Sanitizes and validates any potentially dangerous inputs.
  • Is backwards compatible.
  • Is readable and intuitive.
  • Has unit or E2E tests where applicable.

⚙️ Source: CodeRabbit Configuration File

List of files the instruction was applied to:

  • plugins/woocommerce/includes/wc-coupon-functions.php
  • plugins/woocommerce/includes/data-stores/class-wc-coupon-data-store-cpt.php
🧠 Learnings (2)
📓 Common learnings
Learnt from: samueljseay
PR: woocommerce/woocommerce#58716
File: plugins/woocommerce/client/blocks/assets/js/blocks/mini-cart/iapi-frontend.ts:83-101
Timestamp: 2025-06-17T07:07:53.443Z
Learning: In WooCommerce blocks, when porting existing code patterns that have known issues (like parseInt truncating decimal money values), maintain consistency with existing implementation rather than making isolated fixes. The preference is for systematic refactoring approaches (like broader Dinero adoption) over piecemeal changes.
Learnt from: prettyboymp
PR: woocommerce/woocommerce#59048
File: .github/workflows/cherry-pick-milestoned-prs.yml:60-83
Timestamp: 2025-06-26T12:45:40.709Z
Learning: WooCommerce uses WordPress versioning conventions where minor versions in X.Y.Z format are constrained to 0-9 (Y cannot exceed 9). This means version increment logic should reset minor to 0 and increment major when minor reaches 9, rather than allowing two-digit minor versions like 9.10 or 9.11.
Learnt from: mikejolley
PR: woocommerce/woocommerce#57961
File: plugins/woocommerce/includes/class-wc-session-handler.php:302-333
Timestamp: 2025-06-19T11:58:57.484Z
Learning: In WooCommerce's session handler, the cart merging behavior was revised to always merge guest and user carts when both contain items, rather than having the guest cart take precedence. The migrate_cart_data() method in class-wc-session-handler.php implements this by using array_merge() to combine both carts when neither is empty.
Learnt from: Aljullu
PR: woocommerce/woocommerce#59370
File: plugins/woocommerce/client/blocks/assets/js/blocks/product-gallery/style.scss:206-233
Timestamp: 2025-07-03T10:08:59.936Z
Learning: WooCommerce uses Autoprefixer in their PostCSS configuration (plugins/woocommerce/client/blocks/postcss.config.js) with WordPress' standard browserslist configuration (@wordpress/browserslist-config) to automatically add vendor prefixes like -webkit-mask-image based on supported browsers, eliminating the need for manual prefix additions.
Learnt from: Aljullu
PR: woocommerce/woocommerce#59370
File: plugins/woocommerce/client/blocks/assets/js/blocks/product-gallery/style.scss:206-233
Timestamp: 2025-07-03T10:08:59.936Z
Learning: WooCommerce uses Autoprefixer in their PostCSS configuration (plugins/woocommerce/client/blocks/postcss.config.js) with WordPress' standard browserslist configuration (@wordpress/browserslist-config) to automatically add vendor prefixes like -webkit-mask-image based on supported browsers, eliminating the need for manual prefix additions.
Learnt from: vladolaru
PR: woocommerce/woocommerce#59486
File: plugins/woocommerce/src/Internal/Admin/Settings/PaymentsProviders/WooPayments/WooPaymentsService.php:1544-1544
Timestamp: 2025-07-08T11:18:07.824Z
Learning: WooCommerce has polyfills for newer PHP functions (like str_starts_with() from PHP 8.0+), so these functions can be safely used even though WooCommerce supports PHP 7.4+. No need to suggest PHP 7.4 compatible alternatives when polyfills are available.
Learnt from: ralucaStan
PR: woocommerce/woocommerce#58782
File: plugins/woocommerce/client/blocks/assets/js/base/utils/render-frontend.tsx:0-0
Timestamp: 2025-06-16T16:12:12.148Z
Learning: For WooCommerce checkout blocks, lazy loading was removed in favor of direct imports to prevent sequential "popping" effects during component loading. This approach prioritizes user experience over code splitting, with minimal bundle size impact and improved performance (1.7s to 1.1s speed score improvement). The checkout flow benefits from having all components load together rather than incrementally.
Learnt from: NeosinneR
PR: woocommerce/woocommerce#0
File: :0-0
Timestamp: 2025-06-26T14:25:08.421Z
Learning: In WooCommerce transactional emails, product images have historically had display issues due to lazy loading attributes being applied, which email clients cannot process since they don't execute JavaScript. This issue existed in both old and new email templates, but became more visible with the new email template system. The fix involves preventing lazy loading on attachment images specifically during email generation by adding skip classes and data attributes.
Learnt from: senadir
PR: woocommerce/woocommerce#59426
File: plugins/woocommerce/client/legacy/js/frontend/a8c-address-autocomplete-service.js:355-355
Timestamp: 2025-07-08T09:14:47.850Z
Learning: In the WooCommerce address autocomplete system, input sanitization happens upstream in address-autocomplete.js before data reaches a8c-address-autocomplete-service.js. The trim() operation in the service file is for optimization purposes (to skip API requests when only spaces are added), not for security sanitization.
Learnt from: Aljullu
PR: woocommerce/woocommerce#59370
File: plugins/woocommerce/client/blocks/assets/js/blocks/product-gallery/style.scss:236-243
Timestamp: 2025-07-03T10:09:20.635Z
Learning: In WooCommerce blocks CSS, prefer using standard CSS properties like `scrollbar-width` over vendor-specific prefixes when the standard property has good browser support. As of late 2024, `scrollbar-width` is widely supported across all major browsers and doesn't require WebKit-specific workarounds.
plugins/woocommerce/changelog/wooplug-4927-coupon-code-invalid-when-similar-code-is-used-prior (3)
Learnt from: samueljseay
PR: woocommerce/woocommerce#58716
File: plugins/woocommerce/client/blocks/assets/js/blocks/mini-cart/iapi-frontend.ts:83-101
Timestamp: 2025-06-17T07:07:53.443Z
Learning: In WooCommerce blocks, when porting existing code patterns that have known issues (like parseInt truncating decimal money values), maintain consistency with existing implementation rather than making isolated fixes. The preference is for systematic refactoring approaches (like broader Dinero adoption) over piecemeal changes.
Learnt from: prettyboymp
PR: woocommerce/woocommerce#59048
File: .github/workflows/cherry-pick-milestoned-prs.yml:60-83
Timestamp: 2025-06-26T12:45:40.709Z
Learning: WooCommerce uses WordPress versioning conventions where minor versions in X.Y.Z format are constrained to 0-9 (Y cannot exceed 9). This means version increment logic should reset minor to 0 and increment major when minor reaches 9, rather than allowing two-digit minor versions like 9.10 or 9.11.
Learnt from: opr
PR: woocommerce/woocommerce#0
File: :0-0
Timestamp: 2025-06-20T17:38:16.565Z
Learning: WooCommerce legacy JavaScript files in plugins/woocommerce/client/legacy/js/ must use older JavaScript syntax and cannot use modern features like optional chaining (?.) due to browser compatibility requirements. Explicit null checking with && operators should be used instead.
🧬 Code Graph Analysis (1)
plugins/woocommerce/includes/data-stores/class-wc-coupon-data-store-cpt.php (1)
plugins/woocommerce/includes/class-wc-coupon.php (1)
  • get_code (196-198)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: build
🔇 Additional comments (5)
plugins/woocommerce/changelog/wooplug-4927-coupon-code-invalid-when-similar-code-is-used-prior (1)

1-4: LGTM! Changelog entry accurately describes the fix.

The changelog entry follows WooCommerce standards and clearly documents the patch fix for coupon codes with space differences.

plugins/woocommerce/includes/wc-coupon-functions.php (2)

115-118: Effective solution for memcached space handling issues.

The MD5 hashing approach correctly addresses the core problem where memcached treats cache keys with spaces inconsistently. The explanatory comment is helpful for future maintainers.

Note: This change will invalidate existing cached coupon entries, but this is the desired behavior to fix the space-related cache conflicts.


119-119: Cache operations correctly use the hashed key.

Both cache retrieval and storage operations consistently use the hashed cache key, ensuring proper cache behavior for coupon codes containing spaces.

Also applies to: 124-124

plugins/woocommerce/includes/data-stores/class-wc-coupon-data-store-cpt.php (2)

215-216: Cache deletion correctly uses hashed key format.

The cache deletion logic in the update method now matches the hashed key format used in wc_get_coupon_id_by_code(), ensuring consistent cache behavior when coupons are unpublished.


247-248: Force delete cache cleanup uses consistent key format.

The cache deletion in the force delete method properly uses the same MD5 hashing approach, maintaining cache coherence when coupons are permanently removed.

✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link
Contributor

Test using WordPress Playground

The changes in this pull request can be previewed and tested using a WordPress Playground instance.
WordPress Playground is an experimental project that creates a full WordPress instance entirely within the browser.

Test this pull request with WordPress Playground.

Note that this URL is valid for 30 days from when this comment was last updated. You can update it by closing/reopening the PR or pushing a new commit.

Copy link
Contributor

Testing Guidelines

Hi @triple0t ,

Apart from reviewing the code changes, please make sure to review the testing instructions (Guide) and verify that relevant tests (E2E, Unit, Integration, etc.) have been added or updated as needed.

Reminder: PR reviewers are required to document testing performed. This includes:

  • 🖼️ Screenshots or screen recordings.
  • 📝 List of functionality tested / steps followed.
  • 🌐 Site details (environment attributes such as hosting type, plugins, theme, store size, store age, and relevant settings).
  • 🔍 Any analysis performed, such as assessing potential impacts on environment attributes and other plugins, conducting performance profiling, or using LLM/AI-based analysis.

⚠️ Within the testing details you provide, please ensure that no sensitive information (such as API keys, passwords, user data, etc.) is included in this public issue.

Copy link
Contributor

@triple0t triple0t left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Screenshot 2025-07-11 at 11 14 11 AM

Tested locally and on a site with caching enabled.

Before After
Screenshot 2025-07-11 at 11 08 42 AM Screenshot 2025-07-11 at 11 12 26 AM
Screenshot 2025-07-11 at 11 08 58 AM Screenshot 2025-07-11 at 11 13 56 AM

@triple0t triple0t assigned NeosinneR and unassigned triple0t Jul 11, 2025
@NeosinneR NeosinneR merged commit a49f3ac into trunk Jul 11, 2025
51 checks passed
@NeosinneR NeosinneR deleted the wooplug-4927-coupon-code-invalid-when-similar-code-is-used-prior branch July 11, 2025 10:22
@github-actions github-actions bot added this to the 10.1.0 milestone Jul 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
plugin: woocommerce Issues related to the WooCommerce Core plugin.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Coupon code invalid when similar code is used prior
2 participants