harden order email filter

includes/Entities/Orders.php

@@ -109,12 +109,14 @@ public function search( string $query ): array {
 		// Extract email from query if it's prefixed with "email:".
 		if ( str_starts_with( $query, 'email:' ) ) {
 			$parts                 = explode( ' ', $query, 2 );
-			$email                 = substr( $parts[0], 6 );
-			$args['billing_email'] = $email;
+			$email                 = trim( substr( $parts[0], 6 ) ); // Trim whitespace from email
+			if ( ! empty( $email ) ) { // Only set billing_email if not empty
+				$args['billing_email'] = sanitize_email( $email ); // Sanitize email
+			}
 			// Use the rest of the query (if any) for the 's' parameter
-			$args['s'] = isset( $parts[1] ) ? $parts[1] : '';
+			$args['s'] = isset( $parts[1] ) ? trim( $parts[1] ) : '';
 		} else {
-			$args['s'] = $query;
+			$args['s'] = trim( $query ); // Trim whitespace from general search query
 		}
 
 		$query = new \WC_Order_Query( $args );

merchant-buddy.php

@@ -3,7 +3,7 @@
  * Plugin Name: Merchant Buddy
  * Plugin URI: https://merchant-buddy.com/
  * Description: Instantly available search palette for WooCommerce with instant search and keyboard shortcuts.
- * Version: 1.0.0
+ * Version: 1.0.1
  * Requires at least: 6.4
  * Tested up to: 6.7.1
  * Requires PHP: 7.4

package.json

@@ -1,6 +1,6 @@
 {
   "name": "merchant-buddy",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Merchant Buddy is a WooCommerce plugin that allows you to search for products, orders, and customers in the WordPress admin dashboard.",
   "author": "Seghir Nadir",
   "license": "GPL-2.0-or-later",

readme.txt

@@ -3,7 +3,7 @@ Contributors: assassinateur
 Tags: woocommerce, search, algolia, admin
 Requires at least: 6.4
 Tested up to: 6.7.1
-Stable tag: 1.0.0
+Stable tag: 1.0.1
 Requires PHP: 7.4
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html