2013-06-05 13:43:24 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
return new WC_Nonce_Helper();
|
|
|
|
|
|
|
|
class WC_Nonce_Helper extends WC_Helper {
|
|
|
|
/**
|
|
|
|
* Return a nonce field.
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param mixed $action
|
|
|
|
* @param bool $referer (default: true)
|
|
|
|
* @param bool $echo (default: true)
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function nonce_field( $action, $referer = true , $echo = true ) {
|
|
|
|
return wp_nonce_field('woocommerce-' . $action, '_n', $referer, $echo );
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return a url with a nonce appended.
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param mixed $action
|
|
|
|
* @param string $url (default: '')
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function nonce_url( $action, $url = '' ) {
|
|
|
|
return add_query_arg( '_n', wp_create_nonce( 'woocommerce-' . $action ), $url );
|
|
|
|
}
|
2013-06-05 13:54:13 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Check a nonce and sets woocommerce error in case it is invalid.
|
|
|
|
*
|
|
|
|
* To fail silently, set the error_message to an empty string
|
|
|
|
*
|
|
|
|
* @access public
|
|
|
|
* @param string $name the nonce name
|
|
|
|
* @param string $action then nonce action
|
|
|
|
* @param string $method the http request method _POST, _GET or _REQUEST
|
|
|
|
* @param string $error_message custom error message, or false for default message, or an empty string to fail silently
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public function verify_nonce( $action, $method='_POST', $error_message = false ) {
|
|
|
|
|
|
|
|
$name = '_n';
|
|
|
|
$action = 'woocommerce-' . $action;
|
|
|
|
|
|
|
|
if ( $error_message === false ) $error_message = __( 'Action failed. Please refresh the page and retry.', 'woocommerce' );
|
|
|
|
|
|
|
|
if ( ! in_array( $method, array( '_GET', '_POST', '_REQUEST' ) ) ) $method = '_POST';
|
|
|
|
|
|
|
|
if ( isset($_REQUEST[$name] ) && wp_verify_nonce( $_REQUEST[$name], $action ) ) return true;
|
|
|
|
|
|
|
|
if ( $error_message ) $this->add_error( $error_message );
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
2013-06-05 13:43:24 +00:00
|
|
|
}
|