Added verify_nonce method to nonce helper #3282

2013-06-05 15:54:13 +02:00 · 2013-06-05 15:54:13 +02:00 · e2b850bddb
parent 05bfac8c16
commit e2b850bddb
7 changed files with 62 additions and 43 deletions
--- a/classes/class-wc-checkout.php
+++ b/classes/class-wc-checkout.php
@ -374,7 +374,7 @@ class WC_Checkout {
 	public function process_checkout() {
 		global $wpdb, $woocommerce, $current_user;

-		$woocommerce->verify_nonce( 'process_checkout' );
+		$woocommerce->get_helper( 'nonce' )->verify_nonce( 'process_checkout' );

 		if ( ! defined( 'WOOCOMMERCE_CHECKOUT' ) )
 			define( 'WOOCOMMERCE_CHECKOUT', true );
--- a/classes/helpers/class-wc-nonce-helper.php
+++ b/classes/helpers/class-wc-nonce-helper.php
@ -28,4 +28,32 @@ class WC_Nonce_Helper extends WC_Helper {
 	public function nonce_url( $action, $url = '' ) {
 		return add_query_arg( '_n', wp_create_nonce( 'woocommerce-' . $action ), $url );
 	}
+
+	/**
+	 * Check a nonce and sets woocommerce error in case it is invalid.
+	 *
+	 * To fail silently, set the error_message to an empty string
+	 *
+	 * @access public
+	 * @param string $name the nonce name
+	 * @param string $action then nonce action
+	 * @param string $method the http request method _POST, _GET or _REQUEST
+	 * @param string $error_message custom error message, or false for default message, or an empty string to fail silently
+	 * @return bool
+	 */
+	public function verify_nonce( $action, $method='_POST', $error_message = false ) {
+
+		$name = '_n';
+		$action = 'woocommerce-' . $action;
+
+		if ( $error_message === false ) $error_message = __( 'Action failed. Please refresh the page and retry.', 'woocommerce' );
+
+		if ( ! in_array( $method, array( '_GET', '_POST', '_REQUEST' ) ) ) $method = '_POST';
+
+		if ( isset($_REQUEST[$name] ) && wp_verify_nonce( $_REQUEST[$name], $action ) ) return true;
+
+		if ( $error_message ) $this->add_error( $error_message );
+
+		return false;
+	}
 }
--- a/classes/shortcodes/class-wc-shortcode-cart.php
+++ b/classes/shortcodes/class-wc-shortcode-cart.php
@ -38,7 +38,7 @@ class WC_Shortcode_Cart {
 			$woocommerce->cart->remove_coupons( $_GET['remove_discounts'] );

 		// Update Shipping
-		} elseif ( ! empty( $_POST['calc_shipping'] ) && $woocommerce->verify_nonce('cart') ) {
+		} elseif ( ! empty( $_POST['calc_shipping'] ) && $woocommerce->get_helper( 'nonce' )->verify_nonce('cart') ) {

 			$validation = $woocommerce->validation();

--- a/classes/shortcodes/class-wc-shortcode-lost-password.php
+++ b/classes/shortcodes/class-wc-shortcode-lost-password.php
@ -42,7 +42,7 @@ class WC_Shortcode_Lost_Password {
 		// process lost password form
 		if( isset( $_POST['user_login'] ) ) {

-			$woocommerce->verify_nonce( 'lost_password' );
+			$woocommerce->get_helper( 'nonce' )->verify_nonce( 'lost_password' );

 			self::retrieve_password();
 		}
@ -72,7 +72,7 @@ class WC_Shortcode_Lost_Password {
 				$args['key'] = esc_attr( $_POST['reset_key'] );
 				$args['login'] = esc_attr( $_POST['reset_login'] );

-				$woocommerce->verify_nonce( 'reset_password' );
+				$woocommerce->get_helper( 'nonce' )->verify_nonce( 'reset_password' );

 				if( empty( $_POST['password_1'] ) || empty( $_POST['password_2'] ) ) {
 					$woocommerce->add_error( __( 'Please enter your password.', 'woocommerce' ) );
--- a/classes/shortcodes/class-wc-shortcode-order-tracking.php
+++ b/classes/shortcodes/class-wc-shortcode-order-tracking.php
@ -41,7 +41,7 @@ class WC_Shortcode_Order_Tracking {

 		if ( ! empty( $_REQUEST['orderid'] ) ) {

-			$woocommerce->verify_nonce( 'order_tracking' );
+			$woocommerce->get_helper( 'nonce' )->verify_nonce( 'order_tracking' );

 			$order_id 		= empty( $_REQUEST['orderid'] ) ? 0 : esc_attr( $_REQUEST['orderid'] );
 			$order_email	= empty( $_REQUEST['order_email'] ) ? '' : esc_attr( $_REQUEST['order_email']) ;
--- a/woocommerce-functions.php
+++ b/woocommerce-functions.php
@ -213,7 +213,7 @@ function woocommerce_update_cart_action() {
 	global $woocommerce;

 	// Remove from cart
-	if ( isset($_GET['remove_item']) && $_GET['remove_item'] && $woocommerce->verify_nonce('cart', '_GET')) {
+	if ( isset($_GET['remove_item']) && $_GET['remove_item'] && $woocommerce->get_helper( 'nonce' )->verify_nonce('cart', '_GET')) {

 		$woocommerce->cart->set_quantity( $_GET['remove_item'], 0 );

@ -224,7 +224,7 @@ function woocommerce_update_cart_action() {
 		exit;

 	// Update Cart
-	} elseif ( ( ! empty( $_POST['update_cart'] ) || ! empty( $_POST['proceed'] ) ) && $woocommerce->verify_nonce('cart')) {
+	} elseif ( ( ! empty( $_POST['update_cart'] ) || ! empty( $_POST['proceed'] ) ) && $woocommerce->get_helper( 'nonce' )->verify_nonce('cart')) {

 		$cart_totals = isset( $_POST['cart'] ) ? $_POST['cart'] : '';

@ -569,7 +569,7 @@ function woocommerce_checkout_action() {
 function woocommerce_pay_action() {
 	global $woocommerce, $wp;

-	if ( isset( $_POST['woocommerce_pay'] ) && $woocommerce->verify_nonce( 'pay' ) ) {
+	if ( isset( $_POST['woocommerce_pay'] ) && $woocommerce->get_helper( 'nonce' )->verify_nonce( 'pay' ) ) {

 		ob_start();

@ -646,7 +646,7 @@ function woocommerce_process_login() {

 	if ( ! empty( $_POST['login'] ) ) {

-		$woocommerce->verify_nonce( 'login' );
+		$woocommerce->get_helper( 'nonce' )->verify_nonce( 'login' );

 		try {
 			$creds = array();
@ -705,7 +705,7 @@ function woocommerce_process_registration() {

 	if ( ! empty( $_POST['register'] ) ) {

-		$woocommerce->verify_nonce( 'register' );
+		$woocommerce->get_helper( 'nonce' )->verify_nonce( 'register' );

 		// Get fields
 		$user_email = isset( $_POST['email'] ) ? trim( $_POST['email'] ) : '';
@ -822,7 +822,7 @@ function woocommerce_order_again() {
 	if ( ! isset( $_GET['order_again'] ) || ! is_user_logged_in() || get_option('woocommerce_allow_customers_to_reorder') == 'no' ) return;

 	// Nonce security check
-	if ( ! $woocommerce->verify_nonce( 'order_again', '_GET' ) ) return;
+	if ( ! $woocommerce->get_helper( 'nonce' )->verify_nonce( 'order_again', '_GET' ) ) return;

 	// Clear current cart
 	$woocommerce->cart->empty_cart();
@ -883,7 +883,7 @@ function woocommerce_cancel_order() {

 		$order = new WC_Order( $order_id );

-		if ( $order->id == $order_id && $order->order_key == $order_key && in_array( $order->status, array( 'pending', 'failed' ) ) && $woocommerce->verify_nonce( 'cancel_order', '_GET' ) ) :
+		if ( $order->id == $order_id && $order->order_key == $order_key && in_array( $order->status, array( 'pending', 'failed' ) ) && $woocommerce->get_helper( 'nonce' )->verify_nonce( 'cancel_order', '_GET' ) ) :

 			// Cancel the order + restore stock
 			$order->cancel_order( __('Order cancelled by customer.', 'woocommerce' ) );
@ -1257,7 +1257,7 @@ function woocommerce_check_comment_rating( $comment_data ) {
 	global $woocommerce;

 	// If posting a comment (not trackback etc) and not logged in
-	if ( isset( $_POST['rating'] ) && ! $woocommerce->verify_nonce('comment_rating') )
+	if ( isset( $_POST['rating'] ) && ! $woocommerce->get_helper( 'nonce' )->verify_nonce('comment_rating') )
 		wp_die( __( 'You have taken too long. Please go back and refresh the page.', 'woocommerce' ) );

 	elseif ( isset( $_POST['rating'] ) && empty( $_POST['rating'] ) && $comment_data['comment_type'] == '' && get_option('woocommerce_review_rating_required') == 'yes' ) {
@ -1535,7 +1535,7 @@ function woocommerce_save_password() {
 	if ( empty( $_POST[ 'action' ] ) || ( 'change_password' !== $_POST[ 'action' ] ) )
 		return;

-	$woocommerce->verify_nonce( 'change_password' );
+	$woocommerce->get_helper( 'nonce' )->verify_nonce( 'change_password' );

 	$update = true;
 	$errors = new WP_Error();
@ -1595,7 +1595,7 @@ function woocommerce_save_address() {
 	if ( empty( $_POST[ 'action' ] ) || ( 'edit_address' !== $_POST[ 'action' ] ) )
 		return;

-	$woocommerce->verify_nonce( 'edit_address' );
+	$woocommerce->get_helper( 'nonce' )->verify_nonce( 'edit_address' );

 	$validation = $woocommerce->validation();

--- a/woocommerce.php
+++ b/woocommerce.php
@ -1342,34 +1342,6 @@ class Woocommerce {
 		if ( isset( $types[$type] ) ) return $types[$type];
 	}

-	/**
-	 * Check a nonce and sets woocommerce error in case it is invalid.
-	 *
-	 * To fail silently, set the error_message to an empty string
-	 *
-	 * @access public
-	 * @param string $name the nonce name
-	 * @param string $action then nonce action
-	 * @param string $method the http request method _POST, _GET or _REQUEST
-	 * @param string $error_message custom error message, or false for default message, or an empty string to fail silently
-	 * @return bool
-	 */
-	public function verify_nonce( $action, $method='_POST', $error_message = false ) {
-
-		$name = '_n';
-		$action = 'woocommerce-' . $action;
-
-		if ( $error_message === false ) $error_message = __( 'Action failed. Please refresh the page and retry.', 'woocommerce' );
-
-		if ( ! in_array( $method, array( '_GET', '_POST', '_REQUEST' ) ) ) $method = '_POST';
-
-		if ( isset($_REQUEST[$name] ) && wp_verify_nonce( $_REQUEST[$name], $action ) ) return true;
-
-		if ( $error_message ) $this->add_error( $error_message );
-
-		return false;
-	}
-
 	/** Body Classes **********************************************************/

 	/**
@ -1540,6 +1512,25 @@ class Woocommerce {
 		return $helper->nonce_url( $action, $url = '' );
 	}

+	/**
+	 * Check a nonce and sets woocommerce error in case it is invalid.
+	 *
+	 * To fail silently, set the error_message to an empty string
+	 *
+	 * @deprecated 2.1.0 Access via the helpers
+	 * @access public
+	 * @param string $name the nonce name
+	 * @param string $action then nonce action
+	 * @param string $method the http request method _POST, _GET or _REQUEST
+	 * @param string $error_message custom error message, or false for default message, or an empty string to fail silently
+	 * @return bool
+	 */
+	public function verify_nonce( $action, $method='_POST', $error_message = false ) {
+		_deprecated_function( 'Woocommerce->verify_nonce', '2.1', 'WC_Nonce_Helper->verify_nonce' );
+		$helper = $this->get_helper( 'nonce' );
+		return $helper->verify_nonce( $action, $method, $error_message );
+	}
+
 	/**
 	 * Shortcode Wrapper
 	 *