class-wc-form-handler.php — WooCommerce 4.4.3

woocommerce / includes / class-wc-form-handler.php

woocommerce / includes Last commit date

class-wc-form-handler.php

1188 lines

1	<?php
2	/**
3	* Handle frontend forms.
4	*
5	* @package WooCommerce/Classes/
6	*/
7
8	defined( 'ABSPATH' ) \|\| exit;
9
10	/**
11	* WC_Form_Handler class.
12	*/
13	class WC_Form_Handler {
14
15	/**
16	* Hook in methods.
17	*/
18	public static function init() {
19	add_action( 'template_redirect', array( __CLASS__, 'redirect_reset_password_link' ) );
20	add_action( 'template_redirect', array( __CLASS__, 'save_address' ) );
21	add_action( 'template_redirect', array( __CLASS__, 'save_account_details' ) );
22	add_action( 'wp_loaded', array( __CLASS__, 'checkout_action' ), 20 );
23	add_action( 'wp_loaded', array( __CLASS__, 'process_login' ), 20 );
24	add_action( 'wp_loaded', array( __CLASS__, 'process_registration' ), 20 );
25	add_action( 'wp_loaded', array( __CLASS__, 'process_lost_password' ), 20 );
26	add_action( 'wp_loaded', array( __CLASS__, 'process_reset_password' ), 20 );
27	add_action( 'wp_loaded', array( __CLASS__, 'cancel_order' ), 20 );
28	add_action( 'wp_loaded', array( __CLASS__, 'update_cart_action' ), 20 );
29	add_action( 'wp_loaded', array( __CLASS__, 'add_to_cart_action' ), 20 );
30
31	// May need $wp global to access query vars.
32	add_action( 'wp', array( __CLASS__, 'pay_action' ), 20 );
33	add_action( 'wp', array( __CLASS__, 'add_payment_method_action' ), 20 );
34	add_action( 'wp', array( __CLASS__, 'delete_payment_method_action' ), 20 );
35	add_action( 'wp', array( __CLASS__, 'set_default_payment_method_action' ), 20 );
36	}
37
38	/**
39	* Remove key and user ID (or user login, as a fallback) from query string, set cookie, and redirect to account page to show the form.
40	*/
41	public static function redirect_reset_password_link() {
42	if ( is_account_page() && isset( $_GET['key'] ) && ( isset( $_GET['id'] ) \|\| isset( $_GET['login'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
43
44	// If available, get $user_id from query string parameter for fallback purposes.
45	if ( isset( $_GET['login'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
46	$user = get_user_by( 'login', sanitize_user( wp_unslash( $_GET['login'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
47	$user_id = $user ? $user->ID : 0;
48	} else {
49	$user_id = absint( $_GET['id'] );
50	}
51
52	$value = sprintf( '%d:%s', $user_id, wp_unslash( $_GET['key'] ) ); // phpcs:ignore
53	WC_Shortcode_My_Account::set_reset_password_cookie( $value );
54	wp_safe_redirect( add_query_arg( 'show-reset-form', 'true', wc_lostpassword_url() ) );
55	exit;
56	}
57	}
58
59	/**
60	* Save and and update a billing or shipping address if the
61	* form was submitted through the user account page.
62	*/
63	public static function save_address() {
64	global $wp;
65
66	$nonce_value = wc_get_var( $_REQUEST['woocommerce-edit-address-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
67
68	if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-edit_address' ) ) {
69	return;
70	}
71
72	if ( empty( $_POST['action'] ) \|\| 'edit_address' !== $_POST['action'] ) {
73	return;
74	}
75
76	wc_nocache_headers();
77
78	$user_id = get_current_user_id();
79
80	if ( $user_id <= 0 ) {
81	return;
82	}
83
84	$customer = new WC_Customer( $user_id );
85
86	if ( ! $customer ) {
87	return;
88	}
89
90	$load_address = isset( $wp->query_vars['edit-address'] ) ? wc_edit_address_i18n( sanitize_title( $wp->query_vars['edit-address'] ), true ) : 'billing';
91
92	if ( ! isset( $_POST[ $load_address . '_country' ] ) ) {
93	return;
94	}
95
96	$address = WC()->countries->get_address_fields( wc_clean( wp_unslash( $_POST[ $load_address . '_country' ] ) ), $load_address . '_' );
97
98	foreach ( $address as $key => $field ) {
99	if ( ! isset( $field['type'] ) ) {
100	$field['type'] = 'text';
101	}
102
103	// Get Value.
104	if ( 'checkbox' === $field['type'] ) {
105	$value = (int) isset( $_POST[ $key ] );
106	} else {
107	$value = isset( $_POST[ $key ] ) ? wc_clean( wp_unslash( $_POST[ $key ] ) ) : '';
108	}
109
110	// Hook to allow modification of value.
111	$value = apply_filters( 'woocommerce_process_myaccount_field_' . $key, $value );
112
113	// Validation: Required fields.
114	if ( ! empty( $field['required'] ) && empty( $value ) ) {
115	/* translators: %s: Field name. */
116	wc_add_notice( sprintf( __( '%s is a required field.', 'woocommerce' ), $field['label'] ), 'error', array( 'id' => $key ) );
117	}
118
119	if ( ! empty( $value ) ) {
120	// Validation and formatting rules.
121	if ( ! empty( $field['validate'] ) && is_array( $field['validate'] ) ) {
122	foreach ( $field['validate'] as $rule ) {
123	switch ( $rule ) {
124	case 'postcode':
125	$country = wc_clean( wp_unslash( $_POST[ $load_address . '_country' ] ) );
126	$value = wc_format_postcode( $value, $country );
127
128	if ( '' !== $value && ! WC_Validation::is_postcode( $value, $country ) ) {
129	switch ( $country ) {
130	case 'IE':
131	$postcode_validation_notice = __( 'Please enter a valid Eircode.', 'woocommerce' );
132	break;
133	default:
134	$postcode_validation_notice = __( 'Please enter a valid postcode / ZIP.', 'woocommerce' );
135	}
136	wc_add_notice( $postcode_validation_notice, 'error' );
137	}
138	break;
139	case 'phone':
140	if ( '' !== $value && ! WC_Validation::is_phone( $value ) ) {
141	/* translators: %s: Phone number. */
142	wc_add_notice( sprintf( __( '%s is not a valid phone number.', 'woocommerce' ), '<strong>' . $field['label'] . '</strong>' ), 'error' );
143	}
144	break;
145	case 'email':
146	$value = strtolower( $value );
147
148	if ( ! is_email( $value ) ) {
149	/* translators: %s: Email address. */
150	wc_add_notice( sprintf( __( '%s is not a valid email address.', 'woocommerce' ), '<strong>' . $field['label'] . '</strong>' ), 'error' );
151	}
152	break;
153	}
154	}
155	}
156	}
157
158	try {
159	// Set prop in customer object.
160	if ( is_callable( array( $customer, "set_$key" ) ) ) {
161	$customer->{"set_$key"}( $value );
162	} else {
163	$customer->update_meta_data( $key, $value );
164	}
165	} catch ( WC_Data_Exception $e ) {
166	// Set notices. Ignore invalid billing email, since is already validated.
167	if ( 'customer_invalid_billing_email' !== $e->getErrorCode() ) {
168	wc_add_notice( $e->getMessage(), 'error' );
169	}
170	}
171	}
172
173	/**
174	* Hook: woocommerce_after_save_address_validation.
175	*
176	* Allow developers to add custom validation logic and throw an error to prevent save.
177	*
178	* @param int $user_id User ID being saved.
179	* @param string $load_address Type of address e.g. billing or shipping.
180	* @param array $address The address fields.
181	* @param WC_Customer $customer The customer object being saved. @since 3.6.0
182	*/
183	do_action( 'woocommerce_after_save_address_validation', $user_id, $load_address, $address, $customer );
184
185	if ( 0 < wc_notice_count( 'error' ) ) {
186	return;
187	}
188
189	$customer->save();
190
191	wc_add_notice( __( 'Address changed successfully.', 'woocommerce' ) );
192
193	do_action( 'woocommerce_customer_save_address', $user_id, $load_address );
194
195	wp_safe_redirect( wc_get_endpoint_url( 'edit-address', '', wc_get_page_permalink( 'myaccount' ) ) );
196	exit;
197	}
198
199	/**
200	* Save the password/account details and redirect back to the my account page.
201	*/
202	public static function save_account_details() {
203	$nonce_value = wc_get_var( $_REQUEST['save-account-details-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
204
205	if ( ! wp_verify_nonce( $nonce_value, 'save_account_details' ) ) {
206	return;
207	}
208
209	if ( empty( $_POST['action'] ) \|\| 'save_account_details' !== $_POST['action'] ) {
210	return;
211	}
212
213	wc_nocache_headers();
214
215	$user_id = get_current_user_id();
216
217	if ( $user_id <= 0 ) {
218	return;
219	}
220
221	$account_first_name = ! empty( $_POST['account_first_name'] ) ? wc_clean( wp_unslash( $_POST['account_first_name'] ) ) : '';
222	$account_last_name = ! empty( $_POST['account_last_name'] ) ? wc_clean( wp_unslash( $_POST['account_last_name'] ) ) : '';
223	$account_display_name = ! empty( $_POST['account_display_name'] ) ? wc_clean( wp_unslash( $_POST['account_display_name'] ) ) : '';
224	$account_email = ! empty( $_POST['account_email'] ) ? wc_clean( wp_unslash( $_POST['account_email'] ) ) : '';
225	$pass_cur = ! empty( $_POST['password_current'] ) ? $_POST['password_current'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
226	$pass1 = ! empty( $_POST['password_1'] ) ? $_POST['password_1'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
227	$pass2 = ! empty( $_POST['password_2'] ) ? $_POST['password_2'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
228	$save_pass = true;
229
230	// Current user data.
231	$current_user = get_user_by( 'id', $user_id );
232	$current_first_name = $current_user->first_name;
233	$current_last_name = $current_user->last_name;
234	$current_email = $current_user->user_email;
235
236	// New user data.
237	$user = new stdClass();
238	$user->ID = $user_id;
239	$user->first_name = $account_first_name;
240	$user->last_name = $account_last_name;
241	$user->display_name = $account_display_name;
242
243	// Prevent display name to be changed to email.
244	if ( is_email( $account_display_name ) ) {
245	wc_add_notice( __( 'Display name cannot be changed to email address due to privacy concern.', 'woocommerce' ), 'error' );
246	}
247
248	// Handle required fields.
249	$required_fields = apply_filters(
250	'woocommerce_save_account_details_required_fields',
251	array(
252	'account_first_name' => __( 'First name', 'woocommerce' ),
253	'account_last_name' => __( 'Last name', 'woocommerce' ),
254	'account_display_name' => __( 'Display name', 'woocommerce' ),
255	'account_email' => __( 'Email address', 'woocommerce' ),
256	)
257	);
258
259	foreach ( $required_fields as $field_key => $field_name ) {
260	if ( empty( $_POST[ $field_key ] ) ) {
261	/* translators: %s: Field name. */
262	wc_add_notice( sprintf( __( '%s is a required field.', 'woocommerce' ), '<strong>' . esc_html( $field_name ) . '</strong>' ), 'error', array( 'id' => $field_key ) );
263	}
264	}
265
266	if ( $account_email ) {
267	$account_email = sanitize_email( $account_email );
268	if ( ! is_email( $account_email ) ) {
269	wc_add_notice( __( 'Please provide a valid email address.', 'woocommerce' ), 'error' );
270	} elseif ( email_exists( $account_email ) && $account_email !== $current_user->user_email ) {
271	wc_add_notice( __( 'This email address is already registered.', 'woocommerce' ), 'error' );
272	}
273	$user->user_email = $account_email;
274	}
275
276	if ( ! empty( $pass_cur ) && empty( $pass1 ) && empty( $pass2 ) ) {
277	wc_add_notice( __( 'Please fill out all password fields.', 'woocommerce' ), 'error' );
278	$save_pass = false;
279	} elseif ( ! empty( $pass1 ) && empty( $pass_cur ) ) {
280	wc_add_notice( __( 'Please enter your current password.', 'woocommerce' ), 'error' );
281	$save_pass = false;
282	} elseif ( ! empty( $pass1 ) && empty( $pass2 ) ) {
283	wc_add_notice( __( 'Please re-enter your password.', 'woocommerce' ), 'error' );
284	$save_pass = false;
285	} elseif ( ( ! empty( $pass1 ) \|\| ! empty( $pass2 ) ) && $pass1 !== $pass2 ) {
286	wc_add_notice( __( 'New passwords do not match.', 'woocommerce' ), 'error' );
287	$save_pass = false;
288	} elseif ( ! empty( $pass1 ) && ! wp_check_password( $pass_cur, $current_user->user_pass, $current_user->ID ) ) {
289	wc_add_notice( __( 'Your current password is incorrect.', 'woocommerce' ), 'error' );
290	$save_pass = false;
291	}
292
293	if ( $pass1 && $save_pass ) {
294	$user->user_pass = $pass1;
295	}
296
297	// Allow plugins to return their own errors.
298	$errors = new WP_Error();
299	do_action_ref_array( 'woocommerce_save_account_details_errors', array( &$errors, &$user ) );
300
301	if ( $errors->get_error_messages() ) {
302	foreach ( $errors->get_error_messages() as $error ) {
303	wc_add_notice( $error, 'error' );
304	}
305	}
306
307	if ( wc_notice_count( 'error' ) === 0 ) {
308	wp_update_user( $user );
309
310	// Update customer object to keep data in sync.
311	$customer = new WC_Customer( $user->ID );
312
313	if ( $customer ) {
314	// Keep billing data in sync if data changed.
315	if ( is_email( $user->user_email ) && $current_email !== $user->user_email ) {
316	$customer->set_billing_email( $user->user_email );
317	}
318
319	if ( $current_first_name !== $user->first_name ) {
320	$customer->set_billing_first_name( $user->first_name );
321	}
322
323	if ( $current_last_name !== $user->last_name ) {
324	$customer->set_billing_last_name( $user->last_name );
325	}
326
327	$customer->save();
328	}
329
330	wc_add_notice( __( 'Account details changed successfully.', 'woocommerce' ) );
331
332	do_action( 'woocommerce_save_account_details', $user->ID );
333
334	wp_safe_redirect( wc_get_page_permalink( 'myaccount' ) );
335	exit;
336	}
337	}
338
339	/**
340	* Process the checkout form.
341	*/
342	public static function checkout_action() {
343	if ( isset( $_POST['woocommerce_checkout_place_order'] ) \|\| isset( $_POST['woocommerce_checkout_update_totals'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
344	wc_nocache_headers();
345
346	if ( WC()->cart->is_empty() ) {
347	wp_safe_redirect( wc_get_cart_url() );
348	exit;
349	}
350
351	wc_maybe_define_constant( 'WOOCOMMERCE_CHECKOUT', true );
352
353	WC()->checkout()->process_checkout();
354	}
355	}
356
357	/**
358	* Process the pay form.
359	*
360	* @throws Exception On payment error.
361	*/
362	public static function pay_action() {
363	global $wp;
364
365	if ( isset( $_POST['woocommerce_pay'], $_GET['key'] ) ) {
366	wc_nocache_headers();
367
368	$nonce_value = wc_get_var( $_REQUEST['woocommerce-pay-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
369
370	if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-pay' ) ) {
371	return;
372	}
373
374	ob_start();
375
376	// Pay for existing order.
377	$order_key = wp_unslash( $_GET['key'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
378	$order_id = absint( $wp->query_vars['order-pay'] );
379	$order = wc_get_order( $order_id );
380
381	if ( $order_id === $order->get_id() && hash_equals( $order->get_order_key(), $order_key ) && $order->needs_payment() ) {
382
383	do_action( 'woocommerce_before_pay_action', $order );
384
385	WC()->customer->set_props(
386	array(
387	'billing_country' => $order->get_billing_country() ? $order->get_billing_country() : null,
388	'billing_state' => $order->get_billing_state() ? $order->get_billing_state() : null,
389	'billing_postcode' => $order->get_billing_postcode() ? $order->get_billing_postcode() : null,
390	'billing_city' => $order->get_billing_city() ? $order->get_billing_city() : null,
391	)
392	);
393	WC()->customer->save();
394
395	if ( ! empty( $_POST['terms-field'] ) && empty( $_POST['terms'] ) ) {
396	wc_add_notice( __( 'Please read and accept the terms and conditions to proceed with your order.', 'woocommerce' ), 'error' );
397	return;
398	}
399
400	// Update payment method.
401	if ( $order->needs_payment() ) {
402	try {
403	$payment_method_id = isset( $_POST['payment_method'] ) ? wc_clean( wp_unslash( $_POST['payment_method'] ) ) : false;
404
405	if ( ! $payment_method_id ) {
406	throw new Exception( __( 'Invalid payment method.', 'woocommerce' ) );
407	}
408
409	$available_gateways = WC()->payment_gateways->get_available_payment_gateways();
410	$payment_method = isset( $available_gateways[ $payment_method_id ] ) ? $available_gateways[ $payment_method_id ] : false;
411
412	if ( ! $payment_method ) {
413	throw new Exception( __( 'Invalid payment method.', 'woocommerce' ) );
414	}
415
416	$order->set_payment_method( $payment_method );
417	$order->save();
418
419	$payment_method->validate_fields();
420
421	if ( 0 === wc_notice_count( 'error' ) ) {
422
423	$result = $payment_method->process_payment( $order_id );
424
425	// Redirect to success/confirmation/payment page.
426	if ( isset( $result['result'] ) && 'success' === $result['result'] ) {
427	$result = apply_filters( 'woocommerce_payment_successful_result', $result, $order_id );
428
429	wp_redirect( $result['redirect'] ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
430	exit;
431	}
432	}
433	} catch ( Exception $e ) {
434	wc_add_notice( $e->getMessage(), 'error' );
435	}
436	} else {
437	// No payment was required for order.
438	$order->payment_complete();
439	wp_safe_redirect( $order->get_checkout_order_received_url() );
440	exit;
441	}
442
443	do_action( 'woocommerce_after_pay_action', $order );
444
445	}
446	}
447	}
448
449	/**
450	* Process the add payment method form.
451	*/
452	public static function add_payment_method_action() {
453	if ( isset( $_POST['woocommerce_add_payment_method'], $_POST['payment_method'] ) ) {
454	wc_nocache_headers();
455
456	$nonce_value = wc_get_var( $_REQUEST['woocommerce-add-payment-method-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
457
458	if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-add-payment-method' ) ) {
459	return;
460	}
461
462	if ( ! apply_filters( 'woocommerce_add_payment_method_form_is_valid', true ) ) {
463	return;
464	}
465
466	// Test rate limit.
467	$current_user_id = get_current_user_id();
468	$rate_limit_id = 'add_payment_method_' . $current_user_id;
469	$delay = (int) apply_filters( 'woocommerce_payment_gateway_add_payment_method_delay', 20 );
470
471	if ( WC_Rate_Limiter::retried_too_soon( $rate_limit_id ) ) {
472	wc_add_notice(
473	sprintf(
474	/* translators: %d number of seconds */
475	_n(
476	'You cannot add a new payment method so soon after the previous one. Please wait for %d second.',
477	'You cannot add a new payment method so soon after the previous one. Please wait for %d seconds.',
478	$delay,
479	'woocommerce'
480	),
481	$delay
482	),
483	'error'
484	);
485	return;
486	}
487
488	WC_Rate_Limiter::set_rate_limit( $rate_limit_id, $delay );
489
490	ob_start();
491
492	$payment_method_id = wc_clean( wp_unslash( $_POST['payment_method'] ) );
493	$available_gateways = WC()->payment_gateways->get_available_payment_gateways();
494
495	if ( isset( $available_gateways[ $payment_method_id ] ) ) {
496	$gateway = $available_gateways[ $payment_method_id ];
497
498	if ( ! $gateway->supports( 'add_payment_method' ) && ! $gateway->supports( 'tokenization' ) ) {
499	wc_add_notice( __( 'Invalid payment gateway.', 'woocommerce' ), 'error' );
500	return;
501	}
502
503	$gateway->validate_fields();
504
505	if ( wc_notice_count( 'error' ) > 0 ) {
506	return;
507	}
508
509	$result = $gateway->add_payment_method();
510
511	if ( 'success' === $result['result'] ) {
512	wc_add_notice( __( 'Payment method successfully added.', 'woocommerce' ) );
513	}
514
515	if ( 'failure' === $result['result'] ) {
516	wc_add_notice( __( 'Unable to add payment method to your account.', 'woocommerce' ), 'error' );
517	}
518
519	if ( ! empty( $result['redirect'] ) ) {
520	wp_redirect( $result['redirect'] ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
521	exit();
522	}
523	}
524	}
525	}
526
527	/**
528	* Process the delete payment method form.
529	*/
530	public static function delete_payment_method_action() {
531	global $wp;
532
533	if ( isset( $wp->query_vars['delete-payment-method'] ) ) {
534	wc_nocache_headers();
535
536	$token_id = absint( $wp->query_vars['delete-payment-method'] );
537	$token = WC_Payment_Tokens::get( $token_id );
538
539	if ( is_null( $token ) \|\| get_current_user_id() !== $token->get_user_id() \|\| ! isset( $_REQUEST['_wpnonce'] ) \|\| false === wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'] ), 'delete-payment-method-' . $token_id ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
540	wc_add_notice( __( 'Invalid payment method.', 'woocommerce' ), 'error' );
541	} else {
542	WC_Payment_Tokens::delete( $token_id );
543	wc_add_notice( __( 'Payment method deleted.', 'woocommerce' ) );
544	}
545
546	wp_safe_redirect( wc_get_account_endpoint_url( 'payment-methods' ) );
547	exit();
548	}
549
550	}
551
552	/**
553	* Process the delete payment method form.
554	*/
555	public static function set_default_payment_method_action() {
556	global $wp;
557
558	if ( isset( $wp->query_vars['set-default-payment-method'] ) ) {
559	wc_nocache_headers();
560
561	$token_id = absint( $wp->query_vars['set-default-payment-method'] );
562	$token = WC_Payment_Tokens::get( $token_id );
563
564	if ( is_null( $token ) \|\| get_current_user_id() !== $token->get_user_id() \|\| ! isset( $_REQUEST['_wpnonce'] ) \|\| false === wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'] ), 'set-default-payment-method-' . $token_id ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
565	wc_add_notice( __( 'Invalid payment method.', 'woocommerce' ), 'error' );
566	} else {
567	WC_Payment_Tokens::set_users_default( $token->get_user_id(), intval( $token_id ) );
568	wc_add_notice( __( 'This payment method was successfully set as your default.', 'woocommerce' ) );
569	}
570
571	wp_safe_redirect( wc_get_account_endpoint_url( 'payment-methods' ) );
572	exit();
573	}
574
575	}
576
577	/**
578	* Remove from cart/update.
579	*/
580	public static function update_cart_action() {
581	if ( ! ( isset( $_REQUEST['apply_coupon'] ) \|\| isset( $_REQUEST['remove_coupon'] ) \|\| isset( $_REQUEST['remove_item'] ) \|\| isset( $_REQUEST['undo_item'] ) \|\| isset( $_REQUEST['update_cart'] ) \|\| isset( $_REQUEST['proceed'] ) ) ) {
582	return;
583	}
584
585	wc_nocache_headers();
586
587	$nonce_value = wc_get_var( $_REQUEST['woocommerce-cart-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
588
589	if ( ! empty( $_POST['apply_coupon'] ) && ! empty( $_POST['coupon_code'] ) ) {
590	WC()->cart->add_discount( wc_format_coupon_code( wp_unslash( $_POST['coupon_code'] ) ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
591
592	} elseif ( isset( $_GET['remove_coupon'] ) ) {
593	WC()->cart->remove_coupon( wc_format_coupon_code( urldecode( wp_unslash( $_GET['remove_coupon'] ) ) ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
594
595	} elseif ( ! empty( $_GET['remove_item'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) {
596	$cart_item_key = sanitize_text_field( wp_unslash( $_GET['remove_item'] ) );
597	$cart_item = WC()->cart->get_cart_item( $cart_item_key );
598
599	if ( $cart_item ) {
600	WC()->cart->remove_cart_item( $cart_item_key );
601
602	$product = wc_get_product( $cart_item['product_id'] );
603
604	/* translators: %s: Item name. */
605	$item_removed_title = apply_filters( 'woocommerce_cart_item_removed_title', $product ? sprintf( _x( '“%s”', 'Item name in quotes', 'woocommerce' ), $product->get_name() ) : __( 'Item', 'woocommerce' ), $cart_item );
606
607	// Don't show undo link if removed item is out of stock.
608	if ( $product && $product->is_in_stock() && $product->has_enough_stock( $cart_item['quantity'] ) ) {
609	/* Translators: %s Product title. */
610	$removed_notice = sprintf( __( '%s removed.', 'woocommerce' ), $item_removed_title );
611	$removed_notice .= ' <a href="' . esc_url( wc_get_cart_undo_url( $cart_item_key ) ) . '" class="restore-item">' . __( 'Undo?', 'woocommerce' ) . '</a>';
612	} else {
613	/* Translators: %s Product title. */
614	$removed_notice = sprintf( __( '%s removed.', 'woocommerce' ), $item_removed_title );
615	}
616
617	wc_add_notice( $removed_notice, apply_filters( 'woocommerce_cart_item_removed_notice_type', 'success' ) );
618	}
619
620	$referer = wp_get_referer() ? remove_query_arg( array( 'remove_item', 'add-to-cart', 'added-to-cart', 'order_again', '_wpnonce' ), add_query_arg( 'removed_item', '1', wp_get_referer() ) ) : wc_get_cart_url();
621	wp_safe_redirect( $referer );
622	exit;
623
624	} elseif ( ! empty( $_GET['undo_item'] ) && isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) {
625
626	// Undo Cart Item.
627	$cart_item_key = sanitize_text_field( wp_unslash( $_GET['undo_item'] ) );
628
629	WC()->cart->restore_cart_item( $cart_item_key );
630
631	$referer = wp_get_referer() ? remove_query_arg( array( 'undo_item', '_wpnonce' ), wp_get_referer() ) : wc_get_cart_url();
632	wp_safe_redirect( $referer );
633	exit;
634
635	}
636
637	// Update Cart - checks apply_coupon too because they are in the same form.
638	if ( ( ! empty( $_POST['apply_coupon'] ) \|\| ! empty( $_POST['update_cart'] ) \|\| ! empty( $_POST['proceed'] ) ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) {
639
640	$cart_updated = false;
641	$cart_totals = isset( $_POST['cart'] ) ? wp_unslash( $_POST['cart'] ) : ''; // PHPCS: input var ok, CSRF ok, sanitization ok.
642
643	if ( ! WC()->cart->is_empty() && is_array( $cart_totals ) ) {
644	foreach ( WC()->cart->get_cart() as $cart_item_key => $values ) {
645
646	$_product = $values['data'];
647
648	// Skip product if no updated quantity was posted.
649	if ( ! isset( $cart_totals[ $cart_item_key ] ) \|\| ! isset( $cart_totals[ $cart_item_key ]['qty'] ) ) {
650	continue;
651	}
652
653	// Sanitize.
654	$quantity = apply_filters( 'woocommerce_stock_amount_cart_item', wc_stock_amount( preg_replace( '/[^0-9\.]/', '', $cart_totals[ $cart_item_key ]['qty'] ) ), $cart_item_key );
655
656	if ( '' === $quantity \|\| $quantity === $values['quantity'] ) {
657	continue;
658	}
659
660	// Update cart validation.
661	$passed_validation = apply_filters( 'woocommerce_update_cart_validation', true, $cart_item_key, $values, $quantity );
662
663	// is_sold_individually.
664	if ( $_product->is_sold_individually() && $quantity > 1 ) {
665	/* Translators: %s Product title. */
666	wc_add_notice( sprintf( __( 'You can only have 1 %s in your cart.', 'woocommerce' ), $_product->get_name() ), 'error' );
667	$passed_validation = false;
668	}
669
670	if ( $passed_validation ) {
671	WC()->cart->set_quantity( $cart_item_key, $quantity, false );
672	$cart_updated = true;
673	}
674	}
675	}
676
677	// Trigger action - let 3rd parties update the cart if they need to and update the $cart_updated variable.
678	$cart_updated = apply_filters( 'woocommerce_update_cart_action_cart_updated', $cart_updated );
679
680	if ( $cart_updated ) {
681	WC()->cart->calculate_totals();
682	}
683
684	if ( ! empty( $_POST['proceed'] ) ) {
685	wp_safe_redirect( wc_get_checkout_url() );
686	exit;
687	} elseif ( $cart_updated ) {
688	wc_add_notice( __( 'Cart updated.', 'woocommerce' ), apply_filters( 'woocommerce_cart_updated_notice_type', 'success' ) );
689	$referer = remove_query_arg( array( 'remove_coupon', 'add-to-cart' ), ( wp_get_referer() ? wp_get_referer() : wc_get_cart_url() ) );
690	wp_safe_redirect( $referer );
691	exit;
692	}
693	}
694	}
695
696	/**
697	* Place a previous order again.
698	*
699	* @deprecated 3.5.0 Logic moved to cart session handling.
700	*/
701	public static function order_again() {
702	wc_deprecated_function( 'WC_Form_Handler::order_again', '3.5', 'This method should not be called manually.' );
703	}
704
705	/**
706	* Cancel a pending order.
707	*/
708	public static function cancel_order() {
709	if (
710	isset( $_GET['cancel_order'] ) &&
711	isset( $_GET['order'] ) &&
712	isset( $_GET['order_id'] ) &&
713	( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), 'woocommerce-cancel_order' ) ) // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
714	) {
715	wc_nocache_headers();
716
717	$order_key = wp_unslash( $_GET['order'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
718	$order_id = absint( $_GET['order_id'] );
719	$order = wc_get_order( $order_id );
720	$user_can_cancel = current_user_can( 'cancel_order', $order_id );
721	$order_can_cancel = $order->has_status( apply_filters( 'woocommerce_valid_order_statuses_for_cancel', array( 'pending', 'failed' ), $order ) );
722	$redirect = isset( $_GET['redirect'] ) ? wp_unslash( $_GET['redirect'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
723
724	if ( $user_can_cancel && $order_can_cancel && $order->get_id() === $order_id && hash_equals( $order->get_order_key(), $order_key ) ) {
725
726	// Cancel the order + restore stock.
727	WC()->session->set( 'order_awaiting_payment', false );
728	$order->update_status( 'cancelled', __( 'Order cancelled by customer.', 'woocommerce' ) );
729
730	wc_add_notice( apply_filters( 'woocommerce_order_cancelled_notice', __( 'Your order was cancelled.', 'woocommerce' ) ), apply_filters( 'woocommerce_order_cancelled_notice_type', 'notice' ) );
731
732	do_action( 'woocommerce_cancelled_order', $order->get_id() );
733
734	} elseif ( $user_can_cancel && ! $order_can_cancel ) {
735	wc_add_notice( __( 'Your order can no longer be cancelled. Please contact us if you need assistance.', 'woocommerce' ), 'error' );
736	} else {
737	wc_add_notice( __( 'Invalid order.', 'woocommerce' ), 'error' );
738	}
739
740	if ( $redirect ) {
741	wp_safe_redirect( $redirect );
742	exit;
743	}
744	}
745	}
746
747	/**
748	* Add to cart action.
749	*
750	* Checks for a valid request, does validation (via hooks) and then redirects if valid.
751	*
752	* @param bool $url (default: false) URL to redirect to.
753	*/
754	public static function add_to_cart_action( $url = false ) {
755	if ( ! isset( $_REQUEST['add-to-cart'] ) \|\| ! is_numeric( wp_unslash( $_REQUEST['add-to-cart'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
756	return;
757	}
758
759	wc_nocache_headers();
760
761	$product_id = apply_filters( 'woocommerce_add_to_cart_product_id', absint( wp_unslash( $_REQUEST['add-to-cart'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
762	$was_added_to_cart = false;
763	$adding_to_cart = wc_get_product( $product_id );
764
765	if ( ! $adding_to_cart ) {
766	return;
767	}
768
769	$add_to_cart_handler = apply_filters( 'woocommerce_add_to_cart_handler', $adding_to_cart->get_type(), $adding_to_cart );
770
771	if ( 'variable' === $add_to_cart_handler \|\| 'variation' === $add_to_cart_handler ) {
772	$was_added_to_cart = self::add_to_cart_handler_variable( $product_id );
773	} elseif ( 'grouped' === $add_to_cart_handler ) {
774	$was_added_to_cart = self::add_to_cart_handler_grouped( $product_id );
775	} elseif ( has_action( 'woocommerce_add_to_cart_handler_' . $add_to_cart_handler ) ) {
776	do_action( 'woocommerce_add_to_cart_handler_' . $add_to_cart_handler, $url ); // Custom handler.
777	} else {
778	$was_added_to_cart = self::add_to_cart_handler_simple( $product_id );
779	}
780
781	// If we added the product to the cart we can now optionally do a redirect.
782	if ( $was_added_to_cart && 0 === wc_notice_count( 'error' ) ) {
783	$url = apply_filters( 'woocommerce_add_to_cart_redirect', $url, $adding_to_cart );
784
785	if ( $url ) {
786	wp_safe_redirect( $url );
787	exit;
788	} elseif ( 'yes' === get_option( 'woocommerce_cart_redirect_after_add' ) ) {
789	wp_safe_redirect( wc_get_cart_url() );
790	exit;
791	}
792	}
793	}
794
795	/**
796	* Handle adding simple products to the cart.
797	*
798	* @since 2.4.6 Split from add_to_cart_action.
799	* @param int $product_id Product ID to add to the cart.
800	* @return bool success or not
801	*/
802	private static function add_to_cart_handler_simple( $product_id ) {
803	$quantity = empty( $_REQUEST['quantity'] ) ? 1 : wc_stock_amount( wp_unslash( $_REQUEST['quantity'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
804	$passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $product_id, $quantity );
805
806	if ( $passed_validation && false !== WC()->cart->add_to_cart( $product_id, $quantity ) ) {
807	wc_add_to_cart_message( array( $product_id => $quantity ), true );
808	return true;
809	}
810	return false;
811	}
812
813	/**
814	* Handle adding grouped products to the cart.
815	*
816	* @since 2.4.6 Split from add_to_cart_action.
817	* @param int $product_id Product ID to add to the cart.
818	* @return bool success or not
819	*/
820	private static function add_to_cart_handler_grouped( $product_id ) {
821	$was_added_to_cart = false;
822	$added_to_cart = array();
823	$items = isset( $_REQUEST['quantity'] ) && is_array( $_REQUEST['quantity'] ) ? wp_unslash( $_REQUEST['quantity'] ) : array(); // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
824
825	if ( ! empty( $items ) ) {
826	$quantity_set = false;
827
828	foreach ( $items as $item => $quantity ) {
829	if ( $quantity <= 0 ) {
830	continue;
831	}
832	$quantity_set = true;
833
834	// Add to cart validation.
835	$passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $item, $quantity );
836
837	// Suppress total recalculation until finished.
838	remove_action( 'woocommerce_add_to_cart', array( WC()->cart, 'calculate_totals' ), 20, 0 );
839
840	if ( $passed_validation && false !== WC()->cart->add_to_cart( $item, $quantity ) ) {
841	$was_added_to_cart = true;
842	$added_to_cart[ $item ] = $quantity;
843	}
844
845	add_action( 'woocommerce_add_to_cart', array( WC()->cart, 'calculate_totals' ), 20, 0 );
846	}
847
848	if ( ! $was_added_to_cart && ! $quantity_set ) {
849	wc_add_notice( __( 'Please choose the quantity of items you wish to add to your cart…', 'woocommerce' ), 'error' );
850	} elseif ( $was_added_to_cart ) {
851	wc_add_to_cart_message( $added_to_cart );
852	WC()->cart->calculate_totals();
853	return true;
854	}
855	} elseif ( $product_id ) {
856	/* Link on product archives */
857	wc_add_notice( __( 'Please choose a product to add to your cart…', 'woocommerce' ), 'error' );
858	}
859	return false;
860	}
861
862	/**
863	* Handle adding variable products to the cart.
864	*
865	* @since 2.4.6 Split from add_to_cart_action.
866	* @throws Exception If add to cart fails.
867	* @param int $product_id Product ID to add to the cart.
868	* @return bool success or not
869	*/
870	private static function add_to_cart_handler_variable( $product_id ) {
871	try {
872	$variation_id = empty( $_REQUEST['variation_id'] ) ? '' : absint( wp_unslash( $_REQUEST['variation_id'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
873	$quantity = empty( $_REQUEST['quantity'] ) ? 1 : wc_stock_amount( wp_unslash( $_REQUEST['quantity'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
874	$missing_attributes = array();
875	$variations = array();
876	$variation_attributes = array();
877	$adding_to_cart = wc_get_product( $product_id );
878
879	if ( ! $adding_to_cart ) {
880	return false;
881	}
882
883	// If the $product_id was in fact a variation ID, update the variables.
884	if ( $adding_to_cart->is_type( 'variation' ) ) {
885	$variation_attributes = $adding_to_cart->get_variation_attributes();
886	// Filter out 'any' variations, which are empty, as they need to be explicitly specified while adding to cart.
887	$variation_attributes = array_filter( $variation_attributes );
888	$variation_id = $product_id;
889	$product_id = $adding_to_cart->get_parent_id();
890	$adding_to_cart = wc_get_product( $product_id );
891
892	if ( ! $adding_to_cart ) {
893	return false;
894	}
895	}
896
897	// Gather posted attributes.
898	$posted_attributes = array();
899
900	foreach ( $adding_to_cart->get_attributes() as $attribute ) {
901	if ( ! $attribute['is_variation'] ) {
902	continue;
903	}
904	$attribute_key = 'attribute_' . sanitize_title( $attribute['name'] );
905
906	if ( isset( $_REQUEST[ $attribute_key ] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
907	if ( $attribute['is_taxonomy'] ) {
908	// Don't use wc_clean as it destroys sanitized characters.
909	$value = sanitize_title( wp_unslash( $_REQUEST[ $attribute_key ] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
910	} else {
911	$value = html_entity_decode( wc_clean( wp_unslash( $_REQUEST[ $attribute_key ] ) ), ENT_QUOTES, get_bloginfo( 'charset' ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
912	}
913
914	$posted_attributes[ $attribute_key ] = $value;
915	}
916	}
917
918	// Merge variation attributes and posted attributes.
919	$posted_and_variation_attributes = array_merge( $variation_attributes, $posted_attributes );
920
921	// If no variation ID is set, attempt to get a variation ID from posted attributes.
922	if ( empty( $variation_id ) ) {
923	$data_store = WC_Data_Store::load( 'product' );
924	$variation_id = $data_store->find_matching_product_variation( $adding_to_cart, $posted_attributes );
925	}
926
927	// Do we have a variation ID?
928	if ( empty( $variation_id ) ) {
929	throw new Exception( __( 'Please choose product options…', 'woocommerce' ) );
930	}
931
932	// Check the data we have is valid.
933	$variation_data = wc_get_product_variation_attributes( $variation_id );
934
935	foreach ( $adding_to_cart->get_attributes() as $attribute ) {
936	if ( ! $attribute['is_variation'] ) {
937	continue;
938	}
939
940	// Get valid value from variation data.
941	$attribute_key = 'attribute_' . sanitize_title( $attribute['name'] );
942	$valid_value = isset( $variation_data[ $attribute_key ] ) ? $variation_data[ $attribute_key ] : '';
943
944	/**
945	* If the attribute value was posted, check if it's valid.
946	*
947	* If no attribute was posted, only error if the variation has an 'any' attribute which requires a value.
948	*/
949	if ( isset( $posted_and_variation_attributes[ $attribute_key ] ) ) {
950	$value = $posted_and_variation_attributes[ $attribute_key ];
951
952	// Allow if valid or show error.
953	if ( $valid_value === $value ) {
954	$variations[ $attribute_key ] = $value;
955	} elseif ( '' === $valid_value && in_array( $value, $attribute->get_slugs(), true ) ) {
956	// If valid values are empty, this is an 'any' variation so get all possible values.
957	$variations[ $attribute_key ] = $value;
958	} else {
959	/* translators: %s: Attribute name. */
960	throw new Exception( sprintf( __( 'Invalid value posted for %s', 'woocommerce' ), wc_attribute_label( $attribute['name'] ) ) );
961	}
962	} elseif ( '' === $valid_value ) {
963	$missing_attributes[] = wc_attribute_label( $attribute['name'] );
964	}
965	}
966	if ( ! empty( $missing_attributes ) ) {
967	/* translators: %s: Attribute name. */
968	throw new Exception( sprintf( _n( '%s is a required field', '%s are required fields', count( $missing_attributes ), 'woocommerce' ), wc_format_list_of_items( $missing_attributes ) ) );
969	}
970	} catch ( Exception $e ) {
971	wc_add_notice( $e->getMessage(), 'error' );
972	return false;
973	}
974
975	$passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $product_id, $quantity, $variation_id, $variations );
976
977	if ( $passed_validation && false !== WC()->cart->add_to_cart( $product_id, $quantity, $variation_id, $variations ) ) {
978	wc_add_to_cart_message( array( $product_id => $quantity ), true );
979	return true;
980	}
981
982	return false;
983	}
984
985	/**
986	* Process the login form.
987	*
988	* @throws Exception On login error.
989	*/
990	public static function process_login() {
991	// The global form-login.php template used `_wpnonce` in template versions < 3.3.0.
992	$nonce_value = wc_get_var( $_REQUEST['woocommerce-login-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
993
994	if ( isset( $_POST['login'], $_POST['username'], $_POST['password'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-login' ) ) {
995
996	try {
997	$creds = array(
998	'user_login' => trim( wp_unslash( $_POST['username'] ) ), // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
999	'user_password' => $_POST['password'], // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1000	'remember' => isset( $_POST['rememberme'] ), // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1001	);
1002
1003	$validation_error = new WP_Error();
1004	$validation_error = apply_filters( 'woocommerce_process_login_errors', $validation_error, $creds['user_login'], $creds['user_password'] );
1005
1006	if ( $validation_error->get_error_code() ) {
1007	throw new Exception( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . $validation_error->get_error_message() );
1008	}
1009
1010	if ( empty( $creds['user_login'] ) ) {
1011	throw new Exception( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . __( 'Username is required.', 'woocommerce' ) );
1012	}
1013
1014	// On multisite, ensure user exists on current site, if not add them before allowing login.
1015	if ( is_multisite() ) {
1016	$user_data = get_user_by( is_email( $creds['user_login'] ) ? 'email' : 'login', $creds['user_login'] );
1017
1018	if ( $user_data && ! is_user_member_of_blog( $user_data->ID, get_current_blog_id() ) ) {
1019	add_user_to_blog( get_current_blog_id(), $user_data->ID, 'customer' );
1020	}
1021	}
1022
1023	// Perform the login.
1024	$user = wp_signon( apply_filters( 'woocommerce_login_credentials', $creds ), is_ssl() );
1025
1026	if ( is_wp_error( $user ) ) {
1027	throw new Exception( $user->get_error_message() );
1028	} else {
1029
1030	if ( ! empty( $_POST['redirect'] ) ) {
1031	$redirect = wp_unslash( $_POST['redirect'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1032	} elseif ( wc_get_raw_referer() ) {
1033	$redirect = wc_get_raw_referer();
1034	} else {
1035	$redirect = wc_get_page_permalink( 'myaccount' );
1036	}
1037
1038	wp_redirect( wp_validate_redirect( apply_filters( 'woocommerce_login_redirect', remove_query_arg( 'wc_error', $redirect ), $user ), wc_get_page_permalink( 'myaccount' ) ) ); // phpcs:ignore
1039	exit;
1040	}
1041	} catch ( Exception $e ) {
1042	wc_add_notice( apply_filters( 'login_errors', $e->getMessage() ), 'error' );
1043	do_action( 'woocommerce_login_failed' );
1044	}
1045	}
1046	}
1047
1048	/**
1049	* Handle lost password form.
1050	*/
1051	public static function process_lost_password() {
1052	if ( isset( $_POST['wc_reset_password'], $_POST['user_login'] ) ) {
1053	$nonce_value = wc_get_var( $_REQUEST['woocommerce-lost-password-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
1054
1055	if ( ! wp_verify_nonce( $nonce_value, 'lost_password' ) ) {
1056	return;
1057	}
1058
1059	$success = WC_Shortcode_My_Account::retrieve_password();
1060
1061	// If successful, redirect to my account with query arg set.
1062	if ( $success ) {
1063	wp_safe_redirect( add_query_arg( 'reset-link-sent', 'true', wc_get_account_endpoint_url( 'lost-password' ) ) );
1064	exit;
1065	}
1066	}
1067	}
1068
1069	/**
1070	* Handle reset password form.
1071	*/
1072	public static function process_reset_password() {
1073	$nonce_value = wc_get_var( $_REQUEST['woocommerce-reset-password-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
1074
1075	if ( ! wp_verify_nonce( $nonce_value, 'reset_password' ) ) {
1076	return;
1077	}
1078
1079	$posted_fields = array( 'wc_reset_password', 'password_1', 'password_2', 'reset_key', 'reset_login' );
1080
1081	foreach ( $posted_fields as $field ) {
1082	if ( ! isset( $_POST[ $field ] ) ) {
1083	return;
1084	}
1085
1086	if ( in_array( $field, array( 'password_1', 'password_2' ) ) ) {
1087	// Don't unslash password fields
1088	// @see https://github.com/woocommerce/woocommerce/issues/23922.
1089	$posted_fields[ $field ] = $_POST[ $field ]; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1090	} else {
1091	$posted_fields[ $field ] = wp_unslash( $_POST[ $field ] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1092	}
1093	}
1094
1095	$user = WC_Shortcode_My_Account::check_password_reset_key( $posted_fields['reset_key'], $posted_fields['reset_login'] );
1096
1097	if ( $user instanceof WP_User ) {
1098	if ( empty( $posted_fields['password_1'] ) ) {
1099	wc_add_notice( __( 'Please enter your password.', 'woocommerce' ), 'error' );
1100	}
1101
1102	if ( $posted_fields['password_1'] !== $posted_fields['password_2'] ) {
1103	wc_add_notice( __( 'Passwords do not match.', 'woocommerce' ), 'error' );
1104	}
1105
1106	$errors = new WP_Error();
1107
1108	do_action( 'validate_password_reset', $errors, $user );
1109
1110	wc_add_wp_error_notices( $errors );
1111
1112	if ( 0 === wc_notice_count( 'error' ) ) {
1113	WC_Shortcode_My_Account::reset_password( $user, $posted_fields['password_1'] );
1114
1115	do_action( 'woocommerce_customer_reset_password', $user );
1116
1117	wp_safe_redirect( add_query_arg( 'password-reset', 'true', wc_get_page_permalink( 'myaccount' ) ) );
1118	exit;
1119	}
1120	}
1121	}
1122
1123	/**
1124	* Process the registration form.
1125	*
1126	* @throws Exception On registration error.
1127	*/
1128	public static function process_registration() {
1129	$nonce_value = isset( $_POST['_wpnonce'] ) ? wp_unslash( $_POST['_wpnonce'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1130	$nonce_value = isset( $_POST['woocommerce-register-nonce'] ) ? wp_unslash( $_POST['woocommerce-register-nonce'] ) : $nonce_value; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1131
1132	if ( isset( $_POST['register'], $_POST['email'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-register' ) ) {
1133	$username = 'no' === get_option( 'woocommerce_registration_generate_username' ) && isset( $_POST['username'] ) ? wp_unslash( $_POST['username'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1134	$password = 'no' === get_option( 'woocommerce_registration_generate_password' ) && isset( $_POST['password'] ) ? $_POST['password'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1135	$email = wp_unslash( $_POST['email'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1136
1137	try {
1138	$validation_error = new WP_Error();
1139	$validation_error = apply_filters( 'woocommerce_process_registration_errors', $validation_error, $username, $password, $email );
1140	$validation_errors = $validation_error->get_error_messages();
1141
1142	if ( 1 === count( $validation_errors ) ) {
1143	throw new Exception( $validation_error->get_error_message() );
1144	} elseif ( $validation_errors ) {
1145	foreach ( $validation_errors as $message ) {
1146	wc_add_notice( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . $message, 'error' );
1147	}
1148	throw new Exception();
1149	}
1150
1151	$new_customer = wc_create_new_customer( sanitize_email( $email ), wc_clean( $username ), $password );
1152
1153	if ( is_wp_error( $new_customer ) ) {
1154	throw new Exception( $new_customer->get_error_message() );
1155	}
1156
1157	if ( 'yes' === get_option( 'woocommerce_registration_generate_password' ) ) {
1158	wc_add_notice( __( 'Your account was created successfully and a password has been sent to your email address.', 'woocommerce' ) );
1159	} else {
1160	wc_add_notice( __( 'Your account was created successfully. Your login details have been sent to your email address.', 'woocommerce' ) );
1161	}
1162
1163	// Only redirect after a forced login - otherwise output a success notice.
1164	if ( apply_filters( 'woocommerce_registration_auth_new_customer', true, $new_customer ) ) {
1165	wc_set_customer_auth_cookie( $new_customer );
1166
1167	if ( ! empty( $_POST['redirect'] ) ) {
1168	$redirect = wp_sanitize_redirect( wp_unslash( $_POST['redirect'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1169	} elseif ( wc_get_raw_referer() ) {
1170	$redirect = wc_get_raw_referer();
1171	} else {
1172	$redirect = wc_get_page_permalink( 'myaccount' );
1173	}
1174
1175	wp_redirect( wp_validate_redirect( apply_filters( 'woocommerce_registration_redirect', $redirect ), wc_get_page_permalink( 'myaccount' ) ) ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
1176	exit;
1177	}
1178	} catch ( Exception $e ) {
1179	if ( $e->getMessage() ) {
1180	wc_add_notice( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . $e->getMessage(), 'error' );
1181	}
1182	}
1183	}
1184	}
1185	}
1186
1187	WC_Form_Handler::init();
1188