sh( $_POST['account_email'] ) ) : ''; $pass_cur = ! empty( $_POST['password_current'] ) ? $_POST['password_current'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash $pass1 = ! empty( $_POST['password_1'] ) ? $_POST['password_1'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash $pass2 = ! empty( $_POST['password_2'] ) ? $_POST['password_2'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash $save_pass = true; // Current user data. $current_user = get_user_by( 'id', $user_id ); $current_first_name = $current_user->first_name; $current_last_name = $current_user->last_name; $current_email = $current_user->user_email; // New user data. $user = new stdClass(); $user->ID = $user_id; $user->first_name = $account_first_name; $user->last_name = $account_last_name; $user->display_name = $account_display_name; // Prevent display name to be changed to email. if ( is_email( $account_display_name ) ) { wc_add_notice( __( 'Display name cannot be changed to email address due to privacy concern.', 'woocommerce' ), 'error' ); } // Handle required fields. $required_fields = apply_filters( 'woocommerce_save_account_details_required_fields', array( 'account_first_name' => __( 'First name', 'woocommerce' ), 'account_last_name' => __( 'Last name', 'woocommerce' ), 'account_display_name' => __( 'Display name', 'woocommerce' ), 'account_email' => __( 'Email address', 'woocommerce' ), ) ); foreach ( $required_fields as $field_key => $field_name ) { if ( empty( $_POST[ $field_key ] ) ) { /* translators: %s: Field name. */ wc_add_notice( sprintf( __( '%s is a required field.', 'woocommerce' ), '' . esc_html( $field_name ) . '' ), 'error', array( 'id' => $field_key ) ); } } if ( $account_email ) { $account_email = sanitize_email( $account_email ); if ( ! is_email( $account_email ) ) { wc_add_notice( __( 'Please provide a valid email address.', 'woocommerce' ), 'error' ); } elseif ( email_exists( $account_email ) && $account_email !== $current_user->user_email ) { wc_add_notice( __( 'This email address is already registered.', 'woocommerce' ), 'error' ); } $user->user_email = $account_email; } if ( ! empty( $pass_cur ) && empty( $pass1 ) && empty( $pass2 ) ) { wc_add_notice( __( 'Please fill out all password fields.', 'woocommerce' ), 'error' ); $save_pass = false; } elseif ( ! empty( $pass1 ) && empty( $pass_cur ) ) { wc_add_notice( __( 'Please enter your current password.', 'woocommerce' ), 'error' ); $save_pass = false; } elseif ( ! empty( $pass1 ) && empty( $pass2 ) ) { wc_add_notice( __( 'Please re-enter your password.', 'woocommerce' ), 'error' ); $save_pass = false; } elseif ( ( ! empty( $pass1 ) || ! empty( $pass2 ) ) && $pass1 !== $pass2 ) { wc_add_notice( __( 'New passwords do not match.', 'woocommerce' ), 'error' ); $save_pass = false; } elseif ( ! empty( $pass1 ) && ! wp_check_password( $pass_cur, $current_user->user_pass, $current_user->ID ) ) { wc_add_notice( __( 'Your current password is incorrect.', 'woocommerce' ), 'error' ); $save_pass = false; } if ( $pass1 && $save_pass ) { $user->user_pass = $pass1; } // Allow plugins to return their own errors. $errors = new WP_Error(); do_action_ref_array( 'woocommerce_save_account_details_errors', array( &$errors, &$user ) ); if ( $errors->get_error_messages() ) { foreach ( $errors->get_error_messages() as $error ) { wc_add_notice( $error, 'error' ); } } if ( wc_notice_count( 'error' ) === 0 ) { wp_update_user( $user ); // Update customer object to keep data in sync. $customer = new WC_Customer( $user->ID ); if ( $customer ) { // Keep billing data in sync if data changed. if ( is_email( $user->user_email ) && $current_email !== $user->user_email ) { $customer->set_billing_email( $user->user_email ); } if ( $current_first_name !== $user->first_name ) { $customer->set_billing_first_name( $user->first_name ); } if ( $current_last_name !== $user->last_name ) { $customer->set_billing_last_name( $user->last_name ); } $customer->save(); } wc_add_notice( __( 'Account details changed successfully.', 'woocommerce' ) ); do_action( 'woocommerce_save_account_details', $user->ID ); wp_safe_redirect( wc_get_page_permalink( 'myaccount' ) ); exit; } } /** * Process the checkout form. */ public static function checkout_action() { if ( isset( $_POST['woocommerce_checkout_place_order'] ) || isset( $_POST['woocommerce_checkout_update_totals'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing wc_nocache_headers(); if ( WC()->cart->is_empty() ) { wp_safe_redirect( wc_get_cart_url() ); exit; } wc_maybe_define_constant( 'WOOCOMMERCE_CHECKOUT', true ); WC()->checkout()->process_checkout(); } } /** * Process the pay form. * * @throws Exception On payment error. */ public static function pay_action() { global $wp; if ( isset( $_POST['woocommerce_pay'], $_GET['key'] ) ) { wc_nocache_headers(); $nonce_value = wc_get_var( $_REQUEST['woocommerce-pay-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine. if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-pay' ) ) { return; } ob_start(); // Pay for existing order. $order_key = wp_unslash( $_GET['key'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized $order_id = absint( $wp->query_vars['order-pay'] ); $order = wc_get_order( $order_id ); if ( $order_id === $order->get_id() && hash_equals( $order->get_order_key(), $order_key ) && $order->needs_payment() ) { do_action( 'woocommerce_before_pay_action', $order ); WC()->customer->set_props( array( 'billing_country' => $order->get_billing_country() ? $order->get_billing_country() : null, 'billing_state' => $order->get_billing_state() ? $order->get_billing_state() : null, 'billing_postcode' => $order->get_billing_postcode() ? $order->get_billing_postcode() : null, 'billing_city' => $order->get_billing_city() ? $order->get_billing_city() : null, ) ); WC()->customer->save(); if ( ! empty( $_POST['terms-field'] ) && empty( $_POST['terms'] ) ) { wc_add_notice( __( 'Please read and accept the terms and conditions to proceed with your order.', 'woocommerce' ), 'error' ); return; } // Update payment method. if ( $order->needs_payment() ) { try { $payment_method_id = isset( $_POST['payment_method'] ) ? wc_clean( wp_unslash( $_POST['payment_method'] ) ) : false; if ( ! $payment_method_id ) { throw new Exception( __( 'Invalid payment method.', 'woocommerce' ) ); } $available_gateways = WC()->payment_gateways->get_available_payment_gateways(); $payment_method = isset( $available_gateways[ $payment_method_id ] ) ? $available_gateways[ $payment_method_id ] : false; if ( ! $payment_method ) { throw new Exception( __( 'Invalid payment method.', 'woocommerce' ) ); } $order->set_payment_method( $payment_method ); $order->save(); $payment_method->validate_fields(); if ( 0 === wc_notice_count( 'error' ) ) { $result = $payment_method->process_payment( $order_id ); // Redirect to success/confirmation/payment page. if ( isset( $result['result'] ) && 'success' === $result['result'] ) { $result = apply_filters( 'woocommerce_payment_successful_result', $result, $order_id ); wp_redirect( $result['redirect'] ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect exit; } } } catch ( Exception $e ) { wc_add_notice( $e->getMessage(), 'error' ); } } else { // No payment was required for order. $order->payment_complete(); wp_safe_redirect( $order->get_checkout_order_received_url() ); exit; } do_action( 'woocommerce_after_pay_action', $order ); } } } /** * Process the add payment method form. */ public static function add_payment_method_action() { if ( isset( $_POST['woocommerce_add_payment_method'], $_POST['payment_method'] ) ) { wc_nocache_headers(); $nonce_value = wc_get_var( $_REQUEST['woocommerce-add-payment-method-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine. if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-add-payment-method' ) ) { return; } // Test rate limit. $current_user_id = get_current_user_id(); $rate_limit_id = 'add_payment_method_' . $current_user_id; $delay = (int) apply_filters( 'woocommerce_payment_gateway_add_payment_method_delay', 20 ); if ( WC_Rate_Limiter::retried_too_soon( $rate_limit_id ) ) { wc_add_notice( /* translators: %d number of seconds */ _n( 'You cannot add a new payment method so soon after the previous one. Please wait for %d second.', 'You cannot add a new payment method so soon after the previous one. Please wait for %d seconds.', $delay, 'woocommerce' ), 'error' ); return; } WC_Rate_Limiter::set_rate_limit( $rate_limit_id, $delay ); ob_start(); $payment_method_id = wc_clean( wp_unslash( $_POST['payment_method'] ) ); $available_gateways = WC()->payment_gateways->get_available_payment_gateways(); if ( isset( $available_gateways[ $payment_method_id ] ) ) { $gateway = $available_gateways[ $payment_method_id ]; if ( ! $gateway->supports( 'add_payment_method' ) && ! $gateway->supports( 'tokenization' ) ) { wc_add_notice( __( 'Invalid payment gateway.', 'woocommerce' ), 'error' ); return; } $gateway->validate_fields(); if ( wc_notice_count( 'error' ) > 0 ) { return; } $result = $gateway->add_payment_method(); if ( 'success' === $result['result'] ) { wc_add_notice( __( 'Payment method successfully added.', 'woocommerce' ) ); } if ( 'failure' === $result['result'] ) { wc_add_notice( __( 'Unable to add payment method to your account.', 'woocommerce' ), 'error' ); } if ( ! empty( $result['redirect'] ) ) { wp_redirect( $result['redirect'] ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect exit(); } } } } /** * Process the delete payment method form. */ public static function delete_payment_method_action() { global $wp; if ( isset( $wp->query_vars['delete-payment-method'] ) ) { wc_nocache_headers(); $token_id = absint( $wp->query_vars['delete-payment-method'] ); $token = WC_Payment_Tokens::get( $token_id ); if ( is_null( $token ) || get_current_user_id() !== $token->get_user_id() || ! isset( $_REQUEST['_wpnonce'] ) || false === wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'] ), 'delete-payment-method-' . $token_id ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized wc_add_notice( __( 'Invalid payment method.', 'woocommerce' ), 'error' ); } else { WC_Payment_Tokens::delete( $token_id ); wc_add_notice( __( 'Payment method deleted.', 'woocommerce' ) ); } wp_safe_redirect( wc_get_account_endpoint_url( 'payment-methods' ) ); exit(); } } /** * Process the delete payment method form. */ public static function set_default_payment_method_action() { global $wp; if ( isset( $wp->query_vars['set-default-payment-method'] ) ) { wc_nocache_headers(); $token_id = absint( $wp->query_vars['set-default-payment-method'] ); $token = WC_Payment_Tokens::get( $token_id ); if ( is_null( $token ) || get_current_user_id() !== $token->get_user_id() || ! isset( $_REQUEST['_wpnonce'] ) || false === wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'] ), 'set-default-payment-method-' . $token_id ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized wc_add_notice( __( 'Invalid payment method.', 'woocommerce' ), 'error' ); } else { WC_Payment_Tokens::set_users_default( $token->get_user_id(), intval( $token_id ) ); wc_add_notice( __( 'This payment method was successfully set as your default.', 'woocommerce' ) ); } wp_safe_redirect( wc_get_account_endpoint_url( 'payment-methods' ) ); exit(); } } /** * Remove from cart/update. */ public static function update_cart_action() { if ( ! ( isset( $_REQUEST['apply_coupon'] ) || isset( $_REQUEST['remove_coupon'] ) || isset( $_REQUEST['remove_item'] ) || isset( $_REQUEST['undo_item'] ) || isset( $_REQUEST['update_cart'] ) || isset( $_REQUEST['proceed'] ) ) ) { return; } wc_nocache_headers(); $nonce_value = wc_get_var( $_REQUEST['woocommerce-cart-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine. if ( ! empty( $_POST['apply_coupon'] ) && ! empty( $_POST['coupon_code'] ) ) { WC()->cart->add_discount( wc_format_coupon_code( wp_unslash( $_POST['coupon_code'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized } elseif ( isset( $_GET['remove_coupon'] ) ) { WC()->cart->remove_coupon( wc_format_coupon_code( urldecode( wp_unslash( $_GET['remove_coupon'] ) ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized } elseif ( ! empty( $_GET['remove_item'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) { $cart_item_key = sanitize_text_field( wp_unslash( $_GET['remove_item'] ) ); $cart_item = WC()->cart->get_cart_item( $cart_item_key ); if ( $cart_item ) { WC()->cart->remove_cart_item( $cart_item_key ); $product = wc_get_product( $cart_item['product_id'] ); /* translators: %s: Item name. */ $item_removed_title = apply_filters( 'woocommerce_cart_item_removed_title', $product ? sprintf( _x( '“%s”', 'Item name in quotes', 'woocommerce' ), $product->get_name() ) : __( 'Item', 'woocommerce' ), $cart_item ); // Don't show undo link if removed item is out of stock. if ( $product && $product->is_in_stock() && $product->has_enough_stock( $cart_item['quantity'] ) ) { /* Translators: %s Product title. */ $removed_notice = sprintf( __( '%s removed.', 'woocommerce' ), $item_removed_title ); $removed_notice .= ' ' . __( 'Undo?', 'woocommerce' ) . ''; } else { /* Translators: %s Product title. */ $removed_notice = sprintf( __( '%s removed.', 'woocommerce' ), $item_removed_title ); } wc_add_notice( $removed_notice, apply_filters( 'woocommerce_cart_item_removed_notice_type', 'success' ) ); } $referer = wp_get_referer() ? remove_query_arg( array( 'remove_item', 'add-to-cart', 'added-to-cart', 'order_again', '_wpnonce' ), add_query_arg( 'removed_item', '1', wp_get_referer() ) ) : wc_get_cart_url(); wp_safe_redirect( $referer ); exit; } elseif ( ! empty( $_GET['undo_item'] ) && isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) { // Undo Cart Item. $cart_item_key = sanitize_text_field( wp_unslash( $_GET['undo_item'] ) ); WC()->cart->restore_cart_item( $cart_item_key ); $referer = wp_get_referer() ? remove_query_arg( array( 'undo_item', '_wpnonce' ), wp_get_referer() ) : wc_get_cart_url(); wp_safe_redirect( $referer ); exit; } // Update Cart - checks apply_coupon too because they are in the same form. if ( ( ! empty( $_POST['apply_coupon'] ) || ! empty( $_POST['update_cart'] ) || ! empty( $_POST['proceed'] ) ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) { $cart_updated = false; $cart_totals = isset( $_POST['cart'] ) ? wp_unslash( $_POST['cart'] ) : ''; // PHPCS: input var o