From aa84fc835c66b18b2495ea806b999d5f458018ac Mon Sep 17 00:00:00 2001 From: addison74 <8360474+ADDISON74@users.noreply.github.com> Date: Wed, 1 Oct 2025 17:23:03 +0300 Subject: [PATCH 1/5] Trim whitespace from all form input fields before saving to ensure clean data storage --- app/code/core/Mage/Admin/Model/User.php | 8 +++--- .../Mage/Core/Controller/Request/Http.php | 26 +++++++++++++++++++ .../core/Mage/Sales/Model/Order/Address.php | 13 ++++++++++ app/code/core/Mage/Tag/Model/Resource/Tag.php | 3 +++ .../core/Mage/Tax/Model/Calculation/Rate.php | 9 +++++++ 5 files changed, 55 insertions(+), 4 deletions(-) diff --git a/app/code/core/Mage/Admin/Model/User.php b/app/code/core/Mage/Admin/Model/User.php index 710683dfdda..a3e03fe559c 100644 --- a/app/code/core/Mage/Admin/Model/User.php +++ b/app/code/core/Mage/Admin/Model/User.php @@ -130,9 +130,9 @@ protected function _construct() protected function _beforeSave() { $data = [ - 'firstname' => $this->getFirstname(), - 'lastname' => $this->getLastname(), - 'email' => $this->getEmail(), + 'firstname' => trim((string)$this->getFirstname()), + 'lastname' => trim((string)$this->getLastname()), + 'email' => trim((string)$this->getEmail()), 'modified' => $this->_getDateNow(), 'extra' => serialize($this->getExtra()), ]; @@ -142,7 +142,7 @@ protected function _beforeSave() } if ($this->getUsername()) { - $data['username'] = $this->getUsername(); + $data['username'] = trim((string)$this->getUsername()); } if ($this->getNewPassword()) { diff --git a/app/code/core/Mage/Core/Controller/Request/Http.php b/app/code/core/Mage/Core/Controller/Request/Http.php index cd82106eda9..293c70ff6bf 100644 --- a/app/code/core/Mage/Core/Controller/Request/Http.php +++ b/app/code/core/Mage/Core/Controller/Request/Http.php @@ -584,4 +584,30 @@ public function getInternallyForwarded() { return $this->_internallyForwarded; } + + /** + * Retrieve a parameter from request (GET/POST) and trim whitespace for string and array values. + * + * @param string $key + * @param mixed $default + * @return mixed + */ + public function getParam($key, $default = null) + { + // Get the parameter value from parent (Zend_Controller_Request_Http) + $value = parent::getParam($key, $default); + + // Trim whitespace for string values + if (is_string($value)) { + $value = trim($value); + } + + // For array values, trim each string element + if (is_array($value)) { + $value = array_map(function($v) { + return is_string($v) ? trim($v) : $v; + }, $value); + } + return $value; + } } diff --git a/app/code/core/Mage/Sales/Model/Order/Address.php b/app/code/core/Mage/Sales/Model/Order/Address.php index cc22549276a..92de6b5bb20 100644 --- a/app/code/core/Mage/Sales/Model/Order/Address.php +++ b/app/code/core/Mage/Sales/Model/Order/Address.php @@ -125,8 +125,21 @@ public function getOrder() * * @return $this */ + /** + * Before object save manipulations + * Trim whitespace for all string data to prevent unwanted spaces on save + * + * @return $this + */ protected function _beforeSave() { + // Trim all string fields before saving (for clean data storage) + foreach ($this->getData() as $key => $value) { + if (is_string($value)) { + $this->setData($key, trim($value)); + } + } + parent::_beforeSave(); if (!$this->getParentId() && $this->getOrder()) { diff --git a/app/code/core/Mage/Tag/Model/Resource/Tag.php b/app/code/core/Mage/Tag/Model/Resource/Tag.php index 7cff76d130c..5c31e2791f3 100644 --- a/app/code/core/Mage/Tag/Model/Resource/Tag.php +++ b/app/code/core/Mage/Tag/Model/Resource/Tag.php @@ -67,6 +67,9 @@ public function loadByName($model, $name) */ protected function _beforeSave(Mage_Core_Model_Abstract $object) { + // Trim whitespace for Tag name + $object->setName(trim($object->getName())); + if (!$object->getId() && $object->getStatus() == $object->getApprovedStatus()) { $searchTag = new Varien_Object(); $this->loadByName($searchTag, $object->getName()); diff --git a/app/code/core/Mage/Tax/Model/Calculation/Rate.php b/app/code/core/Mage/Tax/Model/Calculation/Rate.php index bf63df54929..c92d17fc94e 100644 --- a/app/code/core/Mage/Tax/Model/Calculation/Rate.php +++ b/app/code/core/Mage/Tax/Model/Calculation/Rate.php @@ -69,6 +69,15 @@ protected function _construct() */ protected function _beforeSave() { + // Trim whitespace for all relevant fields before validation and save + $this->setCode(trim((string)$this->getCode())); + $this->setTaxCountryId(trim((string)$this->getTaxCountryId())); + $this->setTaxRegionId(trim((string)$this->getTaxRegionId())); + $this->setTaxPostcode(trim((string)$this->getTaxPostcode())); + $this->setRate(trim((string)$this->getRate())); + $this->setZipFrom(trim((string)$this->getZipFrom())); + $this->setZipTo(trim((string)$this->getZipTo())); + if ($this->getCode() === '' || $this->getTaxCountryId() === '' || $this->getRate() === '' || $this->getZipIsRange() && ($this->getZipFrom() === '' || $this->getZipTo() === '') ) { From 2cb504fe508217f72a36943628b9071910dcbf76 Mon Sep 17 00:00:00 2001 From: ADDISON74 <8360474+ADDISON74@users.noreply.github.com> Date: Wed, 1 Oct 2025 21:45:00 +0300 Subject: [PATCH 2/5] Fixes php-cs-fixer errors --- app/code/core/Mage/Admin/Model/User.php | 6 +++--- app/code/core/Mage/Core/Controller/Request/Http.php | 2 +- app/code/core/Mage/Tax/Model/Calculation/Rate.php | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/app/code/core/Mage/Admin/Model/User.php b/app/code/core/Mage/Admin/Model/User.php index a3e03fe559c..a297ce1b78e 100644 --- a/app/code/core/Mage/Admin/Model/User.php +++ b/app/code/core/Mage/Admin/Model/User.php @@ -130,9 +130,9 @@ protected function _construct() protected function _beforeSave() { $data = [ - 'firstname' => trim((string)$this->getFirstname()), - 'lastname' => trim((string)$this->getLastname()), - 'email' => trim((string)$this->getEmail()), + 'firstname' => trim((string) $this->getFirstname()), + 'lastname' => trim((string) $this->getLastname()), + 'email' => trim((string) $this->getEmail()), 'modified' => $this->_getDateNow(), 'extra' => serialize($this->getExtra()), ]; diff --git a/app/code/core/Mage/Core/Controller/Request/Http.php b/app/code/core/Mage/Core/Controller/Request/Http.php index 293c70ff6bf..ca0cd5f1684 100644 --- a/app/code/core/Mage/Core/Controller/Request/Http.php +++ b/app/code/core/Mage/Core/Controller/Request/Http.php @@ -604,7 +604,7 @@ public function getParam($key, $default = null) // For array values, trim each string element if (is_array($value)) { - $value = array_map(function($v) { + $value = array_map(function ($v) { return is_string($v) ? trim($v) : $v; }, $value); } diff --git a/app/code/core/Mage/Tax/Model/Calculation/Rate.php b/app/code/core/Mage/Tax/Model/Calculation/Rate.php index c92d17fc94e..3af89fd65ad 100644 --- a/app/code/core/Mage/Tax/Model/Calculation/Rate.php +++ b/app/code/core/Mage/Tax/Model/Calculation/Rate.php @@ -71,12 +71,12 @@ protected function _beforeSave() { // Trim whitespace for all relevant fields before validation and save $this->setCode(trim((string)$this->getCode())); - $this->setTaxCountryId(trim((string)$this->getTaxCountryId())); - $this->setTaxRegionId(trim((string)$this->getTaxRegionId())); - $this->setTaxPostcode(trim((string)$this->getTaxPostcode())); - $this->setRate(trim((string)$this->getRate())); - $this->setZipFrom(trim((string)$this->getZipFrom())); - $this->setZipTo(trim((string)$this->getZipTo())); + $this->setTaxCountryId(trim((string) $this->getTaxCountryId())); + $this->setTaxRegionId(trim((string) $this->getTaxRegionId())); + $this->setTaxPostcode(trim((string) $this->getTaxPostcode())); + $this->setRate(trim((string) $this->getRate())); + $this->setZipFrom(trim((string) $this->getZipFrom())); + $this->setZipTo(trim((string) $this->getZipTo())); if ($this->getCode() === '' || $this->getTaxCountryId() === '' || $this->getRate() === '' || $this->getZipIsRange() && ($this->getZipFrom() === '' || $this->getZipTo() === '') From 2553366e497e28c1ad20ee1534343cd789b6f39a Mon Sep 17 00:00:00 2001 From: Addison <8360474+addison74@users.noreply.github.com> Date: Wed, 1 Oct 2025 21:51:52 +0300 Subject: [PATCH 3/5] Fix formatting of username assignment --- app/code/core/Mage/Admin/Model/User.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/code/core/Mage/Admin/Model/User.php b/app/code/core/Mage/Admin/Model/User.php index a297ce1b78e..edb9513824f 100644 --- a/app/code/core/Mage/Admin/Model/User.php +++ b/app/code/core/Mage/Admin/Model/User.php @@ -142,7 +142,7 @@ protected function _beforeSave() } if ($this->getUsername()) { - $data['username'] = trim((string)$this->getUsername()); + $data['username'] = trim((string) $this->getUsername()); } if ($this->getNewPassword()) { From b40b707ce9bb7d830f3ea68f93c8f0924d640da2 Mon Sep 17 00:00:00 2001 From: Addison <8360474+addison74@users.noreply.github.com> Date: Wed, 1 Oct 2025 21:52:33 +0300 Subject: [PATCH 4/5] Trim whitespace in tax calculation fields --- app/code/core/Mage/Tax/Model/Calculation/Rate.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/code/core/Mage/Tax/Model/Calculation/Rate.php b/app/code/core/Mage/Tax/Model/Calculation/Rate.php index 3af89fd65ad..dd394a6adf9 100644 --- a/app/code/core/Mage/Tax/Model/Calculation/Rate.php +++ b/app/code/core/Mage/Tax/Model/Calculation/Rate.php @@ -70,7 +70,7 @@ protected function _construct() protected function _beforeSave() { // Trim whitespace for all relevant fields before validation and save - $this->setCode(trim((string)$this->getCode())); + $this->setCode(trim((string) $this->getCode())); $this->setTaxCountryId(trim((string) $this->getTaxCountryId())); $this->setTaxRegionId(trim((string) $this->getTaxRegionId())); $this->setTaxPostcode(trim((string) $this->getTaxPostcode())); From 2b89804b594b93b84bdbf95293345cc3058f1056 Mon Sep 17 00:00:00 2001 From: Addison <8360474+addison74@users.noreply.github.com> Date: Wed, 1 Oct 2025 23:22:31 +0300 Subject: [PATCH 5/5] Clean up comments in Address.php Removed redundant comment block from the save manipulations method. --- app/code/core/Mage/Sales/Model/Order/Address.php | 5 ----- 1 file changed, 5 deletions(-) diff --git a/app/code/core/Mage/Sales/Model/Order/Address.php b/app/code/core/Mage/Sales/Model/Order/Address.php index 92de6b5bb20..6373cad4cc8 100644 --- a/app/code/core/Mage/Sales/Model/Order/Address.php +++ b/app/code/core/Mage/Sales/Model/Order/Address.php @@ -120,11 +120,6 @@ public function getOrder() return $this->_order; } - /** - * Before object save manipulations - * - * @return $this - */ /** * Before object save manipulations * Trim whitespace for all string data to prevent unwanted spaces on save