chore: trim shipping address inputs (#44)

* log & trim shipTo city * trim vulnerable fields * bump patch version * log warning and reformatting
shipstation · Apr 17, 2024 · 67efd78 · 67efd78
1 parent 67473d3
commit 67efd78
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 7 deletions.
diff --git a/Api/Model/Action/Export.php b/Api/Model/Action/Export.php
@@ -22,6 +22,7 @@
 use Magento\Sales\Model\ResourceModel\Order\Collection;
 use Magento\Sales\Model\ResourceModel\Order\CollectionFactory;
 use Magento\Store\Model\ScopeInterface;
+use Psr\Log\LoggerInterface;
 
 
 /**
@@ -112,6 +113,9 @@ class Export
     /** @var RegionCollectionFactory */
     private $regionCollectionFactory;
 
+    /** @var LoggerInterface */
+    private $logger;
+
     /**
      * Export class constructor
      *
@@ -130,7 +134,8 @@ public function __construct(
         Data $dataHelper,
         Message $giftMessage,
         WeightAdapter $weightAdapter,
-        RegionCollectionFactory $regionCollectionFactory
+        RegionCollectionFactory $regionCollectionFactory,
+        LoggerInterface $logger
     )
     {
         $this->_scopeConfig = $scopeConfig;
@@ -141,6 +146,7 @@ public function __construct(
 
         $this->orderCollectionFactory = $orderCollectionFactory;
         $this->regionCollectionFactory = $regionCollectionFactory;
+        $this->logger = $logger;
 
         // @todo Initialisation in constructor is forbidden. Move to Config object.
         //Price export type
@@ -393,6 +399,27 @@ private function getRegion(string $regionName): Region
         return $region;
     }
 
+    /**
+     * Limit the number of chars for a variable.
+     *
+     * @param string $value
+     * @param int $maxLength
+     * @return string
+     */
+    private function trimChars(string $value, int $maxLength): string
+    {   
+        if (strlen($value) > $maxLength) {
+
+            $this->logger->warning('The value is too long (magento). Trimming '.$value.' to '.$maxLength.' characters from '.strlen($value));
+
+            return mb_substr($value ?? "", 0, $maxLength);
+        }
+        else {
+
+            return $value;
+        }
+    }
+
     /**
      * Get the Shipping information of order.
      *
@@ -406,16 +433,21 @@ private function _getShippingInfo(Address $shipping): self
             $state = $this->getRegion($shipping->getRegion())->getCode();
         }
 
+        $streetName1 = $this->trimChars($shipping->getStreetLine(1), 200);
+        $streetName2 = $this->trimChars($shipping->getStreetLine(2), 200);
+        $city = $this->trimChars($shipping->getCity(), 100);
+        $phone = $this->trimChars($shipping->getTelephone(), 50);
+
         $this->_xmlData .= "\t<ShipTo>\n";
         $this->addXmlElement("Name", "<![CDATA[{$shipping->getFirstname()} {$shipping->getLastname()}]]>");
         $this->addXmlElement("Company", "<![CDATA[{$shipping->getCompany()}]]>");
-        $this->addXmlElement("Address1", "<![CDATA[{$shipping->getStreetLine(1)}]]>");
-        $this->addXmlElement("Address2", "<![CDATA[{$shipping->getStreetLine(2)}]]>");
-        $this->addXmlElement("City", "<![CDATA[{$shipping->getCity()}]]>");
+        $this->addXmlElement("Address1", "<![CDATA[{$streetName1}]]>");
+        $this->addXmlElement("Address2", "<![CDATA[{$streetName2}]]>");
+        $this->addXmlElement("City", "<![CDATA[{$city}]]>");
         $this->addXmlElement("State", "<![CDATA[{$state}]]>");
         $this->addXmlElement("PostalCode", "<![CDATA[{$shipping->getPostcode()}]]>");
         $this->addXmlElement("Country", "<![CDATA[{$shipping->getCountryId()}]]>");
-        $this->addXmlElement("Phone", "<![CDATA[{$shipping->getTelephone()}]]>");
+        $this->addXmlElement("Phone", "<![CDATA[{$phone}]]>");
         $this->_xmlData .= "\t</ShipTo>\n";
 
         return $this;

diff --git a/Api/composer.json b/Api/composer.json
@@ -1,7 +1,7 @@
 {
   "name": "auctane/api",
   "description": "ShipStation is a web-based shipping solution that is integrated with the Magento API for retrieving order information and updating shipping details.",
-  "version": "2.4.6",
+  "version": "2.4.7",
   "type": "magento2-module",
   "license": [
     "OSL-3.0",

diff --git a/Api/etc/module.xml b/Api/etc/module.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0"?>
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
-    <module name="Auctane_Api" setup_version="2.4.6">
+    <module name="Auctane_Api" setup_version="2.4.7">
     </module>
 </config>