Merge pull request woocommerce#24295 from woocommerce/fix/24096

Remove %20 from fields in External Products form

includes/wc-template-functions.php

@@ -699,17 +699,16 @@ function wc_product_class( $class = '', $product_id = null ) {
  */
 function wc_query_string_form_fields( $values = null, $exclude = array(), $current_key = '', $return = false ) {
 	if ( is_null( $values ) ) {
-		$values = $_GET; // WPCS: input var ok, CSRF ok.
+		$values = $_GET; // phpcs:ignore WordPress.Security.NonceVerification.Recommended
 	} elseif ( is_string( $values ) ) {
 		$url_parts = wp_parse_url( $values );
 		$values    = array();
 
 		if ( ! empty( $url_parts['query'] ) ) {
 			// This is to preserve full-stops, pluses and spaces in the query string when ran through parse_str.
 			$replace_chars = array(
-				'.'   => '{dot}',
-				'+'   => '{plus}',
-				'%20' => '{space}',
+				'.' => '{dot}',
+				'+' => '{plus}',
 			);
 
 			$query_string = str_replace( array_keys( $replace_chars ), array_values( $replace_chars ), $url_parts['query'] );
@@ -745,7 +744,7 @@ function wc_query_string_form_fields( $values = null, $exclude = array(), $curre
 		return $html;
 	}
 
-	echo $html; // WPCS: XSS ok.
+	echo $html; // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
 }
 
 /**

tests/unit-tests/templates/functions.php

@@ -139,7 +139,7 @@ public function test_wc_query_string_form_fields() {
 		$this->assertEquals( $expected_html, $actual_html );
 
 		$actual_html   = wc_query_string_form_fields( '?test%20something=something%20else', array(), '', true );
-		$expected_html = '<input type="hidden" name="test%20something" value="something%20else" />';
+		$expected_html = '<input type="hidden" name="test_something" value="something else" />';
 		$this->assertEquals( $expected_html, $actual_html );
 	}
 }