Enhancement: Form validation when vendor Terms & Conditions content is empty

[midu-01]

All Submissions:

• My code follow the WordPress' coding standards
• My code satisfies feature requirements
• My code is tested
• My code passes the PHPCS tests
• My code has proper inline documentation
• I've included related pull request(s) (optional)
• I've included developer documentation (optional)
• I've added proper labels to this pull request

---

Changes proposed in this Pull Request:

Previously, vendors could enable the Terms & Conditions option without providing any content.
This resulted in a blank storefront page for customers, which appeared broken and caused confusion.

This pull request adds backend form validation to prevent vendors from saving settings when:

• Terms & Conditions are enabled
• But the T&C content field is empty or contains only HTML/whitespace

The validation ensures that invalid state cannot be saved and improves both vendor and customer experience.

---

Related Pull Request(s)

• N/A

---

Closes

• Closes https://github.com/getdokan/dokan-pro/issues/5358)

---

How to test the changes in this Pull Request:

1. Go to Vendor Dashboard → Settings
2. Enable the Terms & Conditions checkbox
3. Leave the T&C content field empty
4. Click Save Settings
5. Verify that:
   • Settings are not saved
   • An error message is shown asking to add Terms & Conditions content
6. Add valid T&C content and save again
7. Verify settings save successfully and storefront T&C page renders correctly

---

Changelog entry

Title:
Prevent enabling vendor Terms & Conditions without content

Description:
Previously, enabling Terms & Conditions without content caused a blank storefront page.
This change adds backend validation to block saving when the content field is empty, ensuring data integrity and preventing broken storefront pages.

---

Before Changes

• Vendors could enable Terms & Conditions without providing content
• Storefront displayed a blank page for T&C
• Created confusion and reduced trust for customers

---

After Changes

• Vendors cannot save settings with empty T&C content
• Clear validation message shown in the dashboard
• Storefront no longer renders blank T&C pages

---

Feature Video (optional)

N/A

---

PR Self Review Checklist:

• Code follows code style guidelines
• Naming is clear and understandable
• KISS principle is followed
• DRY principle is respected
• Code is readable and maintainable
• No performance issues introduced
• No unnecessary complexity
• Grammar checked

---

FOR PR REVIEWER ONLY:

• Correct — Does the change do what it’s supposed to?
• Secure — All inputs are properly sanitized and validated
• Readable — Code is easy to understand and maintain
• Elegant — Fits well within existing architecture and style

Summary by CodeRabbit

• Bug Fixes

  • Enforces Terms & Conditions content as required when the T&C option is enabled; empty submissions now produce a clear validation error.
  • Sanitizes and normalizes submitted T&C text before saving to ensure stored terms are consistent and safe.

• Style

  • Adds a red asterisk to the Terms & Conditions label to indicate the field is required.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds server-side validation and persisted processing for vendor Terms & Conditions: when dokan_store_tnc_enable is enabled, dokan_store_tnc is cleaned (tags removed, HTML-decoded, whitespace-normalized), validated non-empty (error key dokan_tnc_content), sanitized with wp_kses_post, and saved as the processed value.

Changes

Cohort / File(s)	Summary
Settings validation & storage includes/Dashboard/Templates/Settings.php	In store_validate() require non-empty processed T&C when dokan_store_tnc_enable is on (strip tags, html_entity_decode, trim whitespace) and add validation error key dokan_tnc_content. In insert_settings_info() produce store_tnc_processed (sanitized with wp_kses_post) and persist it instead of raw input.
Form label (presentational) templates/settings/store-form.php	Append a red asterisk to the "TOC Details" label to indicate required status; purely presentational change.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Vendor as Vendor (Client)
    participant Settings as Dashboard Settings Handler
    participant Storage as Settings Storage/DB
    participant Storefront as Storefront Renderer

    Vendor->>Settings: Submit settings (dokan_store_tnc_enable, dokan_store_tnc)
    Note right of Settings: If dokan_store_tnc_enable == on\nprocess dokan_store_tnc
    Settings->>Settings: strip_tags, html_entity_decode, remove whitespace
    alt processed content is empty
        Settings-->>Vendor: return validation error (dokan_tnc_content)
    else processed content non-empty
        Settings->>Settings: sanitize with wp_kses_post -> store_tnc_processed
        Settings->>Storage: persist settings (store_tnc_processed)
        Settings-->>Vendor: success / settings saved
        Vendor->>Storefront: customer visits T&C page
        Storefront->>Storage: retrieve store_tnc_processed
        Storefront-->>Vendor: render sanitized T&C
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• mrabbani
• shohag121

Poem

🐇 I hopped through clauses, cleaned each line,
Trimmed the tags till they looked fine.
No more blank pages on the run,
Fill your T&C — then you're done! 🥕✨

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Linked Issues check	❓ Inconclusive	The PR addresses the core requirement from issue #5358 by implementing backend validation to prevent saving T&C settings when content is empty. However, comments indicate the validation may not properly handle escaped whitespace inputs.	Verify that the validation correctly handles edge cases like inputs containing only spaces, newlines, or escaped HTML whitespace as mentioned in issue comments.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately describes the main change: adding form validation to prevent saving when T&C content is empty, which is the primary focus of the changeset.
Description check	✅ Passed	The PR description is comprehensive and follows the template structure with all major sections completed including objectives, testing steps, changelog entry, and before/after states.
Out of Scope Changes check	✅ Passed	All changes are directly related to the T&C validation objective: backend validation logic in Settings.php and a UI indicator in the form template. No unrelated changes detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@includes/Dashboard/Templates/Settings.php`:
- Around line 483-492: Remove the trailing whitespace and make the input
sanitization explicit: when reading $_POST use wp_unslash for $store_tnc, then
apply a sanitizer such as sanitize_textarea_field (or wp_kses_post if HTML is
allowed) instead of relying only on wp_strip_all_tags for the emptiness check;
assign the sanitized value to $store_tnc_clean (or similarly named variable),
trim it and then run the empty() check; ensure no trailing spaces remain in that
line and keep the $enable_tnc / $store_tnc / $store_tnc_clean variable names
referenced in the Settings.php block.

🧹 Nitpick comments (1)

includes/Dashboard/Templates/Settings.php (1)

898-915: Address unused parameter and alignment inconsistency.

The method logic is correct. Two minor issues:

1. The $request parameter is required by the filter signature but unused. Consider prefixing with underscore or adding a PHPCS ignore comment.
2. Inconsistent alignment at lines 909-911 (connected_methods vs others).

Proposed fix

-    public function add_payment_methods_to_rest_response( $additional_fields, $store, $request ) {
+    public function add_payment_methods_to_rest_response( $additional_fields, $store, $request ) { // phpcs:ignore Generic.CodeAnalysis.UnusedFunctionParameter.FoundAfterLastUsed
         $vendor_id = method_exists( $store, 'get_id' ) ? (int) $store->get_id() : 0;
 
         if ( $vendor_id > 0 ) {
             // Get payment methods data using the same logic as vendor dashboard.
             $payment_data = $this->get_seller_payment_methods( $vendor_id );
 
             // Add flag to indicate if any withdraw method is globally available.
             $additional_fields['withdraw_methods_available'] = ! empty( $payment_data['active_methods'] );
 
             // Add payment method data.
             $additional_fields['active_payment_methods'] = $payment_data['active_methods'];
-            $additional_fields['connected_methods']     = $payment_data['connected_methods'];
-            $additional_fields['disconnected_methods']   = $payment_data['disconnected_methods'];
+            $additional_fields['connected_methods']      = $payment_data['connected_methods'];
+            $additional_fields['disconnected_methods']   = $payment_data['disconnected_methods'];
         }
 
         return $additional_fields;
     }

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@includes/Dashboard/Templates/Settings.php`:
- Around line 482-489: Normalize and fully empty-check the T&C input: after
obtaining the raw value (currently via wp_strip_all_tags( wp_unslash(
$_POST['dokan_store_tnc'] ?? '' ) )), run html_entity_decode to convert entities
like   to real characters, replace or normalize non‑breaking spaces
(U+00A0) to regular spaces (or remove them), then trim the result before testing
emptiness; update the $store_tnc normalization and the empty( trim( $store_tnc )
) check used when $enable_tnc is true so that entity-only or NBSP-only content
correctly triggers $error->add('dokan_tnc_content', ...).

[dev-shahed]

@midu-01 validation not work for if I escape input by space, enter without any char.