class-wc-form-handler.php — WooCommerce 8.8.7

woocommerce / includes / class-wc-form-handler.php

woocommerce / includes Last commit date

class-wc-form-handler.php

1156 lines

1	<?php
2	/**
3	* Handle frontend forms.
4	*
5	* @package WooCommerce\Classes\
6	*/
7
8	defined( 'ABSPATH' ) \|\| exit;
9
10	/**
11	* WC_Form_Handler class.
12	*/
13	class WC_Form_Handler {
14
15	/**
16	* Hook in methods.
17	*/
18	public static function init() {
19	add_action( 'template_redirect', array( __CLASS__, 'redirect_reset_password_link' ) );
20	add_action( 'template_redirect', array( __CLASS__, 'save_address' ) );
21	add_action( 'template_redirect', array( __CLASS__, 'save_account_details' ) );
22	add_action( 'wp_loaded', array( __CLASS__, 'checkout_action' ), 20 );
23	add_action( 'wp_loaded', array( __CLASS__, 'process_login' ), 20 );
24	add_action( 'wp_loaded', array( __CLASS__, 'process_registration' ), 20 );
25	add_action( 'wp_loaded', array( __CLASS__, 'process_lost_password' ), 20 );
26	add_action( 'wp_loaded', array( __CLASS__, 'process_reset_password' ), 20 );
27	add_action( 'wp_loaded', array( __CLASS__, 'cancel_order' ), 20 );
28	add_action( 'wp_loaded', array( __CLASS__, 'update_cart_action' ), 20 );
29	add_action( 'wp_loaded', array( __CLASS__, 'add_to_cart_action' ), 20 );
30
31	// May need $wp global to access query vars.
32	add_action( 'wp', array( __CLASS__, 'pay_action' ), 20 );
33	add_action( 'wp', array( __CLASS__, 'add_payment_method_action' ), 20 );
34	add_action( 'wp', array( __CLASS__, 'delete_payment_method_action' ), 20 );
35	add_action( 'wp', array( __CLASS__, 'set_default_payment_method_action' ), 20 );
36	}
37
38	/**
39	* Remove key and user ID (or user login, as a fallback) from query string, set cookie, and redirect to account page to show the form.
40	*/
41	public static function redirect_reset_password_link() {
42	if ( is_account_page() && isset( $_GET['key'] ) && ( isset( $_GET['id'] ) \|\| isset( $_GET['login'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
43
44	// If available, get $user_id from query string parameter for fallback purposes.
45	if ( isset( $_GET['login'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
46	$user = get_user_by( 'login', sanitize_user( wp_unslash( $_GET['login'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
47	$user_id = $user ? $user->ID : 0;
48	} else {
49	$user_id = absint( $_GET['id'] ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
50	}
51
52	// If the reset token is not for the current user, ignore the reset request (don't redirect).
53	$logged_in_user_id = get_current_user_id();
54	if ( $logged_in_user_id && $logged_in_user_id !== $user_id ) {
55	wc_add_notice( __( 'This password reset key is for a different user account. Please log out and try again.', 'woocommerce' ), 'error' );
56	return;
57	}
58
59	$action = isset( $_GET['action'] ) ? sanitize_text_field( wp_unslash( $_GET['action'] ) ) : '';
60	$value = sprintf( '%d:%s', $user_id, wp_unslash( $_GET['key'] ) ); // phpcs:ignore
61	WC_Shortcode_My_Account::set_reset_password_cookie( $value );
62	wp_safe_redirect(
63	add_query_arg(
64	array(
65	'show-reset-form' => 'true',
66	'action' => $action,
67	),
68	wc_lostpassword_url()
69	)
70	);
71	exit;
72	}
73	}
74
75	/**
76	* Save and and update a billing or shipping address if the
77	* form was submitted through the user account page.
78	*/
79	public static function save_address() {
80	global $wp;
81
82	$nonce_value = wc_get_var( $_REQUEST['woocommerce-edit-address-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
83
84	if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-edit_address' ) ) {
85	return;
86	}
87
88	if ( empty( $_POST['action'] ) \|\| 'edit_address' !== $_POST['action'] ) {
89	return;
90	}
91
92	wc_nocache_headers();
93
94	$user_id = get_current_user_id();
95
96	if ( $user_id <= 0 ) {
97	return;
98	}
99
100	$customer = new WC_Customer( $user_id );
101
102	if ( ! $customer ) {
103	return;
104	}
105
106	$address_type = isset( $wp->query_vars['edit-address'] ) ? wc_edit_address_i18n( sanitize_title( $wp->query_vars['edit-address'] ), true ) : 'billing';
107
108	if ( ! isset( $_POST[ $address_type . '_country' ] ) ) {
109	return;
110	}
111
112	$address = WC()->countries->get_address_fields( wc_clean( wp_unslash( $_POST[ $address_type . '_country' ] ) ), $address_type . '_' );
113
114	foreach ( $address as $key => $field ) {
115	if ( ! isset( $field['type'] ) ) {
116	$field['type'] = 'text';
117	}
118
119	// Get Value.
120	if ( 'checkbox' === $field['type'] ) {
121	$value = (int) isset( $_POST[ $key ] );
122	} else {
123	$value = isset( $_POST[ $key ] ) ? wc_clean( wp_unslash( $_POST[ $key ] ) ) : '';
124	}
125
126	// Hook to allow modification of value.
127	$value = apply_filters( 'woocommerce_process_myaccount_field_' . $key, $value );
128
129	// Validation: Required fields.
130	if ( ! empty( $field['required'] ) && empty( $value ) ) {
131	/* translators: %s: Field name. */
132	wc_add_notice( sprintf( __( '%s is a required field.', 'woocommerce' ), $field['label'] ), 'error', array( 'id' => $key ) );
133	}
134
135	if ( ! empty( $value ) ) {
136	// Validation and formatting rules.
137	if ( ! empty( $field['validate'] ) && is_array( $field['validate'] ) ) {
138	foreach ( $field['validate'] as $rule ) {
139	switch ( $rule ) {
140	case 'postcode':
141	$country = wc_clean( wp_unslash( $_POST[ $address_type . '_country' ] ) );
142	$value = wc_format_postcode( $value, $country );
143
144	if ( '' !== $value && ! WC_Validation::is_postcode( $value, $country ) ) {
145	switch ( $country ) {
146	case 'IE':
147	$postcode_validation_notice = __( 'Please enter a valid Eircode.', 'woocommerce' );
148	break;
149	default:
150	$postcode_validation_notice = __( 'Please enter a valid postcode / ZIP.', 'woocommerce' );
151	}
152	wc_add_notice( $postcode_validation_notice, 'error' );
153	}
154	break;
155	case 'phone':
156	if ( '' !== $value && ! WC_Validation::is_phone( $value ) ) {
157	/* translators: %s: Phone number. */
158	wc_add_notice( sprintf( __( '%s is not a valid phone number.', 'woocommerce' ), '<strong>' . $field['label'] . '</strong>' ), 'error' );
159	}
160	break;
161	case 'email':
162	$value = strtolower( $value );
163
164	if ( ! is_email( $value ) ) {
165	/* translators: %s: Email address. */
166	wc_add_notice( sprintf( __( '%s is not a valid email address.', 'woocommerce' ), '<strong>' . $field['label'] . '</strong>' ), 'error' );
167	}
168	break;
169	}
170	}
171	}
172	}
173
174	try {
175	// Set prop in customer object.
176	if ( is_callable( array( $customer, "set_$key" ) ) ) {
177	$customer->{"set_$key"}( $value );
178	} else {
179	$customer->update_meta_data( $key, $value );
180	}
181	} catch ( WC_Data_Exception $e ) {
182	// Set notices. Ignore invalid billing email, since is already validated.
183	if ( 'customer_invalid_billing_email' !== $e->getErrorCode() ) {
184	wc_add_notice( $e->getMessage(), 'error' );
185	}
186	}
187	}
188
189	/**
190	* Hook: woocommerce_after_save_address_validation.
191	*
192	* Allow developers to add custom validation logic and throw an error to prevent save.
193	*
194	* @since 3.6.0
195	* @param int $user_id User ID being saved.
196	* @param string $address_type Type of address; 'billing' or 'shipping'.
197	* @param array $address The address fields.
198	* @param WC_Customer $customer The customer object being saved.
199	*/
200	do_action( 'woocommerce_after_save_address_validation', $user_id, $address_type, $address, $customer );
201
202	if ( 0 < wc_notice_count( 'error' ) ) {
203	return;
204	}
205
206	$customer->save();
207
208	wc_add_notice( __( 'Address changed successfully.', 'woocommerce' ) );
209
210	/**
211	* Hook: woocommerce_customer_save_address.
212	*
213	* Fires after a customer address has been saved.
214	*
215	* @since 3.6.0
216	* @param int $user_id User ID being saved.
217	* @param string $address_type Type of address; 'billing' or 'shipping'.
218	*/
219	do_action( 'woocommerce_customer_save_address', $user_id, $address_type );
220
221	wp_safe_redirect( wc_get_endpoint_url( 'edit-address', '', wc_get_page_permalink( 'myaccount' ) ) );
222	exit;
223	}
224
225	/**
226	* Save the password/account details and redirect back to the my account page.
227	*/
228	public static function save_account_details() {
229	$nonce_value = wc_get_var( $_REQUEST['save-account-details-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
230
231	if ( ! wp_verify_nonce( $nonce_value, 'save_account_details' ) ) {
232	return;
233	}
234
235	if ( empty( $_POST['action'] ) \|\| 'save_account_details' !== $_POST['action'] ) {
236	return;
237	}
238
239	wc_nocache_headers();
240
241	$user_id = get_current_user_id();
242
243	if ( $user_id <= 0 ) {
244	return;
245	}
246
247	$account_first_name = ! empty( $_POST['account_first_name'] ) ? wc_clean( wp_unslash( $_POST['account_first_name'] ) ) : '';
248	$account_last_name = ! empty( $_POST['account_last_name'] ) ? wc_clean( wp_unslash( $_POST['account_last_name'] ) ) : '';
249	$account_display_name = ! empty( $_POST['account_display_name'] ) ? wc_clean( wp_unslash( $_POST['account_display_name'] ) ) : '';
250	$account_email = ! empty( $_POST['account_email'] ) ? wc_clean( wp_unslash( $_POST['account_email'] ) ) : '';
251	$pass_cur = ! empty( $_POST['password_current'] ) ? $_POST['password_current'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
252	$pass1 = ! empty( $_POST['password_1'] ) ? $_POST['password_1'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
253	$pass2 = ! empty( $_POST['password_2'] ) ? $_POST['password_2'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
254	$save_pass = true;
255
256	// Current user data.
257	$current_user = get_user_by( 'id', $user_id );
258	$current_first_name = $current_user->first_name;
259	$current_last_name = $current_user->last_name;
260	$current_email = $current_user->user_email;
261
262	// New user data.
263	$user = new stdClass();
264	$user->ID = $user_id;
265	$user->first_name = $account_first_name;
266	$user->last_name = $account_last_name;
267	$user->display_name = $account_display_name;
268
269	// Prevent display name to be changed to email.
270	if ( is_email( $account_display_name ) ) {
271	wc_add_notice( __( 'Display name cannot be changed to email address due to privacy concern.', 'woocommerce' ), 'error' );
272	}
273
274	// Handle required fields.
275	$required_fields = apply_filters(
276	'woocommerce_save_account_details_required_fields',
277	array(
278	'account_first_name' => __( 'First name', 'woocommerce' ),
279	'account_last_name' => __( 'Last name', 'woocommerce' ),
280	'account_display_name' => __( 'Display name', 'woocommerce' ),
281	'account_email' => __( 'Email address', 'woocommerce' ),
282	)
283	);
284
285	foreach ( $required_fields as $field_key => $field_name ) {
286	if ( empty( $_POST[ $field_key ] ) ) {
287	/* translators: %s: Field name. */
288	wc_add_notice( sprintf( __( '%s is a required field.', 'woocommerce' ), '<strong>' . esc_html( $field_name ) . '</strong>' ), 'error', array( 'id' => $field_key ) );
289	}
290	}
291
292	if ( $account_email ) {
293	$account_email = sanitize_email( $account_email );
294	if ( ! is_email( $account_email ) ) {
295	wc_add_notice( __( 'Please provide a valid email address.', 'woocommerce' ), 'error' );
296	} elseif ( email_exists( $account_email ) && $account_email !== $current_user->user_email ) {
297	wc_add_notice( __( 'This email address is already registered.', 'woocommerce' ), 'error' );
298	}
299	$user->user_email = $account_email;
300	}
301
302	if ( ! empty( $pass_cur ) && empty( $pass1 ) && empty( $pass2 ) ) {
303	wc_add_notice( __( 'Please fill out all password fields.', 'woocommerce' ), 'error' );
304	$save_pass = false;
305	} elseif ( ! empty( $pass1 ) && empty( $pass_cur ) ) {
306	wc_add_notice( __( 'Please enter your current password.', 'woocommerce' ), 'error' );
307	$save_pass = false;
308	} elseif ( ! empty( $pass1 ) && empty( $pass2 ) ) {
309	wc_add_notice( __( 'Please re-enter your password.', 'woocommerce' ), 'error' );
310	$save_pass = false;
311	} elseif ( ( ! empty( $pass1 ) \|\| ! empty( $pass2 ) ) && $pass1 !== $pass2 ) {
312	wc_add_notice( __( 'New passwords do not match.', 'woocommerce' ), 'error' );
313	$save_pass = false;
314	} elseif ( ! empty( $pass1 ) && ! wp_check_password( $pass_cur, $current_user->user_pass, $current_user->ID ) ) {
315	wc_add_notice( __( 'Your current password is incorrect.', 'woocommerce' ), 'error' );
316	$save_pass = false;
317	}
318
319	if ( $pass1 && $save_pass ) {
320	$user->user_pass = $pass1;
321	}
322
323	// Allow plugins to return their own errors.
324	$errors = new WP_Error();
325	do_action_ref_array( 'woocommerce_save_account_details_errors', array( &$errors, &$user ) );
326
327	if ( $errors->get_error_messages() ) {
328	foreach ( $errors->get_error_messages() as $error ) {
329	wc_add_notice( $error, 'error' );
330	}
331	}
332
333	if ( wc_notice_count( 'error' ) === 0 ) {
334	wp_update_user( $user );
335
336	// Update customer object to keep data in sync.
337	$customer = new WC_Customer( $user->ID );
338
339	if ( $customer ) {
340	// Keep billing data in sync if data changed.
341	if ( is_email( $user->user_email ) && $current_email !== $user->user_email ) {
342	$customer->set_billing_email( $user->user_email );
343	}
344
345	if ( $current_first_name !== $user->first_name ) {
346	$customer->set_billing_first_name( $user->first_name );
347	}
348
349	if ( $current_last_name !== $user->last_name ) {
350	$customer->set_billing_last_name( $user->last_name );
351	}
352
353	$customer->save();
354	}
355
356	/**
357	* Hook: woocommerce_save_account_details.
358	*
359	* @since 3.6.0
360	* @param int $user_id User ID being saved.
361	*/
362	do_action( 'woocommerce_save_account_details', $user->ID );
363
364	// Notices are checked here so that if something created a notice during the save hooks above, the redirect will not happen.
365	if ( 0 === wc_notice_count( 'error' ) ) {
366	wc_add_notice( __( 'Account details changed successfully.', 'woocommerce' ) );
367	wp_safe_redirect( wc_get_endpoint_url( 'edit-account', '', wc_get_page_permalink( 'myaccount' ) ) );
368	exit;
369	}
370	}
371	}
372
373	/**
374	* Process the checkout form.
375	*/
376	public static function checkout_action() {
377	if ( isset( $_POST['woocommerce_checkout_place_order'] ) \|\| isset( $_POST['woocommerce_checkout_update_totals'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
378	wc_nocache_headers();
379
380	if ( WC()->cart->is_empty() ) {
381	wp_safe_redirect( wc_get_cart_url() );
382	exit;
383	}
384
385	wc_maybe_define_constant( 'WOOCOMMERCE_CHECKOUT', true );
386
387	WC()->checkout()->process_checkout();
388	}
389	}
390
391	/**
392	* Process the pay form.
393	*
394	* @throws Exception On payment error.
395	*/
396	public static function pay_action() {
397	global $wp;
398
399	if ( isset( $_POST['woocommerce_pay'], $_GET['key'] ) ) {
400	wc_nocache_headers();
401
402	$nonce_value = wc_get_var( $_REQUEST['woocommerce-pay-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
403
404	if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-pay' ) ) {
405	return;
406	}
407
408	ob_start();
409
410	// Pay for existing order.
411	$order_key = wp_unslash( $_GET['key'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
412	$order_id = absint( $wp->query_vars['order-pay'] );
413	$order = wc_get_order( $order_id );
414
415	if ( $order_id === $order->get_id() && hash_equals( $order->get_order_key(), $order_key ) && $order->needs_payment() ) {
416
417	do_action( 'woocommerce_before_pay_action', $order );
418
419	WC()->customer->set_props(
420	array(
421	'billing_country' => $order->get_billing_country() ? $order->get_billing_country() : null,
422	'billing_state' => $order->get_billing_state() ? $order->get_billing_state() : null,
423	'billing_postcode' => $order->get_billing_postcode() ? $order->get_billing_postcode() : null,
424	'billing_city' => $order->get_billing_city() ? $order->get_billing_city() : null,
425	)
426	);
427	WC()->customer->save();
428
429	if ( ! empty( $_POST['terms-field'] ) && empty( $_POST['terms'] ) ) {
430	wc_add_notice( __( 'Please read and accept the terms and conditions to proceed with your order.', 'woocommerce' ), 'error' );
431	return;
432	}
433
434	// Update payment method.
435	if ( $order->needs_payment() ) {
436	try {
437	$payment_method_id = isset( $_POST['payment_method'] ) ? wc_clean( wp_unslash( $_POST['payment_method'] ) ) : false;
438
439	if ( ! $payment_method_id ) {
440	throw new Exception( __( 'Invalid payment method.', 'woocommerce' ) );
441	}
442
443	$available_gateways = WC()->payment_gateways->get_available_payment_gateways();
444	$payment_method = isset( $available_gateways[ $payment_method_id ] ) ? $available_gateways[ $payment_method_id ] : false;
445
446	if ( ! $payment_method ) {
447	throw new Exception( __( 'Invalid payment method.', 'woocommerce' ) );
448	}
449
450	$order->set_payment_method( $payment_method );
451	$order->save();
452
453	$payment_method->validate_fields();
454
455	if ( 0 === wc_notice_count( 'error' ) ) {
456
457	$result = $payment_method->process_payment( $order_id );
458
459	// Redirect to success/confirmation/payment page.
460	if ( isset( $result['result'] ) && 'success' === $result['result'] ) {
461	$result['order_id'] = $order_id;
462
463	$result = apply_filters( 'woocommerce_payment_successful_result', $result, $order_id );
464
465	wp_redirect( $result['redirect'] ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
466	exit;
467	}
468	}
469	} catch ( Exception $e ) {
470	wc_add_notice( $e->getMessage(), 'error' );
471	}
472	} else {
473	// No payment was required for order.
474	$order->payment_complete();
475	wp_safe_redirect( $order->get_checkout_order_received_url() );
476	exit;
477	}
478
479	do_action( 'woocommerce_after_pay_action', $order );
480
481	}
482	}
483	}
484
485	/**
486	* Process the add payment method form.
487	*/
488	public static function add_payment_method_action() {
489	if ( isset( $_POST['woocommerce_add_payment_method'], $_POST['payment_method'] ) ) {
490	wc_nocache_headers();
491
492	$nonce_value = wc_get_var( $_REQUEST['woocommerce-add-payment-method-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
493
494	if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-add-payment-method' ) ) {
495	return;
496	}
497
498	if ( ! apply_filters( 'woocommerce_add_payment_method_form_is_valid', true ) ) {
499	return;
500	}
501
502	// Test rate limit.
503	$current_user_id = get_current_user_id();
504	$rate_limit_id = 'add_payment_method_' . $current_user_id;
505	$delay = (int) apply_filters( 'woocommerce_payment_gateway_add_payment_method_delay', 20 );
506
507	if ( WC_Rate_Limiter::retried_too_soon( $rate_limit_id ) ) {
508	wc_add_notice(
509	sprintf(
510	/* translators: %d number of seconds */
511	_n(
512	'You cannot add a new payment method so soon after the previous one. Please wait for %d second.',
513	'You cannot add a new payment method so soon after the previous one. Please wait for %d seconds.',
514	$delay,
515	'woocommerce'
516	),
517	$delay
518	),
519	'error'
520	);
521	return;
522	}
523
524	WC_Rate_Limiter::set_rate_limit( $rate_limit_id, $delay );
525
526	ob_start();
527
528	$payment_method_id = wc_clean( wp_unslash( $_POST['payment_method'] ) );
529	$available_gateways = WC()->payment_gateways->get_available_payment_gateways();
530
531	if ( isset( $available_gateways[ $payment_method_id ] ) ) {
532	$gateway = $available_gateways[ $payment_method_id ];
533
534	if ( ! $gateway->supports( 'add_payment_method' ) && ! $gateway->supports( 'tokenization' ) ) {
535	wc_add_notice( __( 'Invalid payment gateway.', 'woocommerce' ), 'error' );
536	return;
537	}
538
539	$gateway->validate_fields();
540
541	if ( wc_notice_count( 'error' ) > 0 ) {
542	return;
543	}
544
545	$result = $gateway->add_payment_method();
546
547	if ( 'success' === $result['result'] ) {
548	wc_add_notice( __( 'Payment method successfully added.', 'woocommerce' ) );
549	}
550
551	if ( 'failure' === $result['result'] ) {
552	wc_add_notice( __( 'Unable to add payment method to your account.', 'woocommerce' ), 'error' );
553	}
554
555	if ( ! empty( $result['redirect'] ) ) {
556	wp_redirect( $result['redirect'] ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
557	exit();
558	}
559	}
560	}
561	}
562
563	/**
564	* Process the delete payment method form.
565	*/
566	public static function delete_payment_method_action() {
567	global $wp;
568
569	if ( isset( $wp->query_vars['delete-payment-method'] ) ) {
570	wc_nocache_headers();
571
572	$token_id = absint( $wp->query_vars['delete-payment-method'] );
573	$token = WC_Payment_Tokens::get( $token_id );
574
575	if ( is_null( $token ) \|\| get_current_user_id() !== $token->get_user_id() \|\| ! isset( $_REQUEST['_wpnonce'] ) \|\| false === wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'] ), 'delete-payment-method-' . $token_id ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
576	wc_add_notice( __( 'Invalid payment method.', 'woocommerce' ), 'error' );
577	} else {
578	WC_Payment_Tokens::delete( $token_id );
579	wc_add_notice( __( 'Payment method deleted.', 'woocommerce' ) );
580	}
581
582	wp_safe_redirect( wc_get_account_endpoint_url( 'payment-methods' ) );
583	exit();
584	}
585
586	}
587
588	/**
589	* Process the delete payment method form.
590	*/
591	public static function set_default_payment_method_action() {
592	global $wp;
593
594	if ( isset( $wp->query_vars['set-default-payment-method'] ) ) {
595	wc_nocache_headers();
596
597	$token_id = absint( $wp->query_vars['set-default-payment-method'] );
598	$token = WC_Payment_Tokens::get( $token_id );
599
600	if ( is_null( $token ) \|\| get_current_user_id() !== $token->get_user_id() \|\| ! isset( $_REQUEST['_wpnonce'] ) \|\| false === wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'] ), 'set-default-payment-method-' . $token_id ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
601	wc_add_notice( __( 'Invalid payment method.', 'woocommerce' ), 'error' );
602	} else {
603	WC_Payment_Tokens::set_users_default( $token->get_user_id(), intval( $token_id ) );
604	wc_add_notice( __( 'This payment method was successfully set as your default.', 'woocommerce' ) );
605	}
606
607	wp_safe_redirect( wc_get_account_endpoint_url( 'payment-methods' ) );
608	exit();
609	}
610
611	}
612
613	/**
614	* Remove from cart/update.
615	*/
616	public static function update_cart_action() {
617	if ( ! ( isset( $_REQUEST['apply_coupon'] ) \|\| isset( $_REQUEST['remove_coupon'] ) \|\| isset( $_REQUEST['remove_item'] ) \|\| isset( $_REQUEST['undo_item'] ) \|\| isset( $_REQUEST['update_cart'] ) \|\| isset( $_REQUEST['proceed'] ) ) ) {
618	return;
619	}
620
621	wc_nocache_headers();
622
623	$nonce_value = wc_get_var( $_REQUEST['woocommerce-cart-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
624
625	if ( ! empty( $_POST['apply_coupon'] ) && ! empty( $_POST['coupon_code'] ) ) {
626	WC()->cart->add_discount( wc_format_coupon_code( wp_unslash( $_POST['coupon_code'] ) ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
627
628	} elseif ( isset( $_GET['remove_coupon'] ) ) {
629	WC()->cart->remove_coupon( wc_format_coupon_code( urldecode( wp_unslash( $_GET['remove_coupon'] ) ) ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
630
631	} elseif ( ! empty( $_GET['remove_item'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) {
632	$cart_item_key = sanitize_text_field( wp_unslash( $_GET['remove_item'] ) );
633	$cart_item = WC()->cart->get_cart_item( $cart_item_key );
634
635	if ( $cart_item ) {
636	WC()->cart->remove_cart_item( $cart_item_key );
637
638	$product = wc_get_product( $cart_item['product_id'] );
639
640	/* translators: %s: Item name. */
641	$item_removed_title = apply_filters( 'woocommerce_cart_item_removed_title', $product ? sprintf( _x( '“%s”', 'Item name in quotes', 'woocommerce' ), $product->get_name() ) : __( 'Item', 'woocommerce' ), $cart_item );
642
643	// Don't show undo link if removed item is out of stock.
644	if ( $product && $product->is_in_stock() && $product->has_enough_stock( $cart_item['quantity'] ) ) {
645	/* Translators: %s Product title. */
646	$removed_notice = sprintf( __( '%s removed.', 'woocommerce' ), $item_removed_title );
647	$removed_notice .= ' <a href="' . esc_url( wc_get_cart_undo_url( $cart_item_key ) ) . '" class="restore-item">' . __( 'Undo?', 'woocommerce' ) . '</a>';
648	} else {
649	/* Translators: %s Product title. */
650	$removed_notice = sprintf( __( '%s removed.', 'woocommerce' ), $item_removed_title );
651	}
652
653	wc_add_notice( $removed_notice, apply_filters( 'woocommerce_cart_item_removed_notice_type', 'success' ) );
654	}
655
656	$referer = wp_get_referer() ? remove_query_arg( array( 'remove_item', 'add-to-cart', 'added-to-cart', 'order_again', '_wpnonce' ), add_query_arg( 'removed_item', '1', wp_get_referer() ) ) : wc_get_cart_url();
657	wp_safe_redirect( $referer );
658	exit;
659
660	} elseif ( ! empty( $_GET['undo_item'] ) && isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) {
661
662	// Undo Cart Item.
663	$cart_item_key = sanitize_text_field( wp_unslash( $_GET['undo_item'] ) );
664
665	WC()->cart->restore_cart_item( $cart_item_key );
666
667	$referer = wp_get_referer() ? remove_query_arg( array( 'undo_item', '_wpnonce' ), wp_get_referer() ) : wc_get_cart_url();
668	wp_safe_redirect( $referer );
669	exit;
670
671	}
672
673	// Update Cart - checks apply_coupon too because they are in the same form.
674	if ( ( ! empty( $_POST['apply_coupon'] ) \|\| ! empty( $_POST['update_cart'] ) \|\| ! empty( $_POST['proceed'] ) ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) {
675
676	$cart_updated = false;
677	$cart_totals = isset( $_POST['cart'] ) ? wp_unslash( $_POST['cart'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
678
679	if ( ! WC()->cart->is_empty() && is_array( $cart_totals ) ) {
680	foreach ( WC()->cart->get_cart() as $cart_item_key => $values ) {
681
682	$_product = $values['data'];
683
684	// Skip product if no updated quantity was posted.
685	if ( ! isset( $cart_totals[ $cart_item_key ] ) \|\| ! isset( $cart_totals[ $cart_item_key ]['qty'] ) ) {
686	continue;
687	}
688
689	// Sanitize.
690	$quantity = apply_filters( 'woocommerce_stock_amount_cart_item', wc_stock_amount( preg_replace( '/[^0-9\.]/', '', $cart_totals[ $cart_item_key ]['qty'] ) ), $cart_item_key );
691
692	if ( '' === $quantity \|\| $quantity === $values['quantity'] ) {
693	continue;
694	}
695
696	// Update cart validation.
697	$passed_validation = apply_filters( 'woocommerce_update_cart_validation', true, $cart_item_key, $values, $quantity );
698
699	// is_sold_individually.
700	if ( $_product->is_sold_individually() && $quantity > 1 ) {
701	/* Translators: %s Product title. */
702	wc_add_notice( sprintf( __( 'You can only have 1 %s in your cart.', 'woocommerce' ), $_product->get_name() ), 'error' );
703	$passed_validation = false;
704	}
705
706	if ( $passed_validation ) {
707	WC()->cart->set_quantity( $cart_item_key, $quantity, false );
708	$cart_updated = true;
709	}
710	}
711	}
712
713	// Trigger action - let 3rd parties update the cart if they need to and update the $cart_updated variable.
714	$cart_updated = apply_filters( 'woocommerce_update_cart_action_cart_updated', $cart_updated );
715
716	if ( $cart_updated ) {
717	WC()->cart->calculate_totals();
718	}
719
720	if ( ! empty( $_POST['proceed'] ) ) {
721	wp_safe_redirect( wc_get_checkout_url() );
722	exit;
723	} elseif ( $cart_updated ) {
724	wc_add_notice( __( 'Cart updated.', 'woocommerce' ), apply_filters( 'woocommerce_cart_updated_notice_type', 'success' ) );
725	$referer = remove_query_arg( array( 'remove_coupon', 'add-to-cart' ), ( wp_get_referer() ? wp_get_referer() : wc_get_cart_url() ) );
726	wp_safe_redirect( $referer );
727	exit;
728	}
729	}
730	}
731
732	/**
733	* Place a previous order again.
734	*
735	* @deprecated 3.5.0 Logic moved to cart session handling.
736	*/
737	public static function order_again() {
738	wc_deprecated_function( 'WC_Form_Handler::order_again', '3.5', 'This method should not be called manually.' );
739	}
740
741	/**
742	* Cancel a pending order.
743	*/
744	public static function cancel_order() {
745	if (
746	isset( $_GET['cancel_order'] ) &&
747	isset( $_GET['order'] ) &&
748	isset( $_GET['order_id'] ) &&
749	( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), 'woocommerce-cancel_order' ) ) // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
750	) {
751	wc_nocache_headers();
752
753	$order_key = wp_unslash( $_GET['order'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
754	$order_id = absint( $_GET['order_id'] );
755	$order = wc_get_order( $order_id );
756	$user_can_cancel = current_user_can( 'cancel_order', $order_id );
757	$order_can_cancel = $order->has_status( apply_filters( 'woocommerce_valid_order_statuses_for_cancel', array( 'pending', 'failed' ), $order ) );
758	$redirect = isset( $_GET['redirect'] ) ? wp_unslash( $_GET['redirect'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
759
760	if ( $user_can_cancel && $order_can_cancel && $order->get_id() === $order_id && hash_equals( $order->get_order_key(), $order_key ) ) {
761
762	// Cancel the order + restore stock.
763	WC()->session->set( 'order_awaiting_payment', false );
764	$order->update_status( 'cancelled', __( 'Order cancelled by customer.', 'woocommerce' ) );
765
766	wc_add_notice( apply_filters( 'woocommerce_order_cancelled_notice', __( 'Your order was cancelled.', 'woocommerce' ) ), apply_filters( 'woocommerce_order_cancelled_notice_type', 'notice' ) );
767
768	do_action( 'woocommerce_cancelled_order', $order->get_id() );
769
770	} elseif ( $user_can_cancel && ! $order_can_cancel ) {
771	wc_add_notice( __( 'Your order can no longer be cancelled. Please contact us if you need assistance.', 'woocommerce' ), 'error' );
772	} else {
773	wc_add_notice( __( 'Invalid order.', 'woocommerce' ), 'error' );
774	}
775
776	if ( $redirect ) {
777	wp_safe_redirect( $redirect );
778	exit;
779	}
780	}
781	}
782
783	/**
784	* Add to cart action.
785	*
786	* Checks for a valid request, does validation (via hooks) and then redirects if valid.
787	*
788	* @param bool $url (default: false) URL to redirect to.
789	*/
790	public static function add_to_cart_action( $url = false ) {
791	if ( ! isset( $_REQUEST['add-to-cart'] ) \|\| ! is_numeric( wp_unslash( $_REQUEST['add-to-cart'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
792	return;
793	}
794
795	wc_nocache_headers();
796
797	$product_id = apply_filters( 'woocommerce_add_to_cart_product_id', absint( wp_unslash( $_REQUEST['add-to-cart'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
798	$was_added_to_cart = false;
799	$adding_to_cart = wc_get_product( $product_id );
800
801	if ( ! $adding_to_cart ) {
802	return;
803	}
804
805	$add_to_cart_handler = apply_filters( 'woocommerce_add_to_cart_handler', $adding_to_cart->get_type(), $adding_to_cart );
806
807	if ( 'variable' === $add_to_cart_handler \|\| 'variation' === $add_to_cart_handler ) {
808	$was_added_to_cart = self::add_to_cart_handler_variable( $product_id );
809	} elseif ( 'grouped' === $add_to_cart_handler ) {
810	$was_added_to_cart = self::add_to_cart_handler_grouped( $product_id );
811	} elseif ( has_action( 'woocommerce_add_to_cart_handler_' . $add_to_cart_handler ) ) {
812	do_action( 'woocommerce_add_to_cart_handler_' . $add_to_cart_handler, $url ); // Custom handler.
813	} else {
814	$was_added_to_cart = self::add_to_cart_handler_simple( $product_id );
815	}
816
817	// If we added the product to the cart we can now optionally do a redirect.
818	if ( $was_added_to_cart && 0 === wc_notice_count( 'error' ) ) {
819	$url = apply_filters( 'woocommerce_add_to_cart_redirect', $url, $adding_to_cart );
820
821	if ( $url ) {
822	wp_safe_redirect( $url );
823	exit;
824	} elseif ( 'yes' === get_option( 'woocommerce_cart_redirect_after_add' ) ) {
825	wp_safe_redirect( wc_get_cart_url() );
826	exit;
827	}
828	}
829	}
830
831	/**
832	* Handle adding simple products to the cart.
833	*
834	* @since 2.4.6 Split from add_to_cart_action.
835	* @param int $product_id Product ID to add to the cart.
836	* @return bool success or not
837	*/
838	private static function add_to_cart_handler_simple( $product_id ) {
839	$quantity = empty( $_REQUEST['quantity'] ) ? 1 : wc_stock_amount( wp_unslash( $_REQUEST['quantity'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
840	$passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $product_id, $quantity );
841
842	if ( $passed_validation && false !== WC()->cart->add_to_cart( $product_id, $quantity ) ) {
843	wc_add_to_cart_message( array( $product_id => $quantity ), true );
844	return true;
845	}
846	return false;
847	}
848
849	/**
850	* Handle adding grouped products to the cart.
851	*
852	* @since 2.4.6 Split from add_to_cart_action.
853	* @param int $product_id Product ID to add to the cart.
854	* @return bool success or not
855	*/
856	private static function add_to_cart_handler_grouped( $product_id ) {
857	$was_added_to_cart = false;
858	$added_to_cart = array();
859	$items = isset( $_REQUEST['quantity'] ) && is_array( $_REQUEST['quantity'] ) ? wp_unslash( $_REQUEST['quantity'] ) : array(); // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
860
861	if ( ! empty( $items ) ) {
862	$quantity_set = false;
863
864	foreach ( $items as $item => $quantity ) {
865	$quantity = wc_stock_amount( $quantity );
866	if ( $quantity <= 0 ) {
867	continue;
868	}
869	$quantity_set = true;
870
871	// Add to cart validation.
872	$passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $item, $quantity );
873
874	// Suppress total recalculation until finished.
875	remove_action( 'woocommerce_add_to_cart', array( WC()->cart, 'calculate_totals' ), 20, 0 );
876
877	if ( $passed_validation && false !== WC()->cart->add_to_cart( $item, $quantity ) ) {
878	$was_added_to_cart = true;
879	$added_to_cart[ $item ] = $quantity;
880	}
881
882	add_action( 'woocommerce_add_to_cart', array( WC()->cart, 'calculate_totals' ), 20, 0 );
883	}
884
885	if ( ! $was_added_to_cart && ! $quantity_set ) {
886	wc_add_notice( __( 'Please choose the quantity of items you wish to add to your cart…', 'woocommerce' ), 'error' );
887	} elseif ( $was_added_to_cart ) {
888	wc_add_to_cart_message( $added_to_cart );
889	WC()->cart->calculate_totals();
890	return true;
891	}
892	} elseif ( $product_id ) {
893	/* Link on product archives */
894	wc_add_notice( __( 'Please choose a product to add to your cart…', 'woocommerce' ), 'error' );
895	}
896	return false;
897	}
898
899	/**
900	* Handle adding variable products to the cart.
901	*
902	* @since 2.4.6 Split from add_to_cart_action.
903	* @throws Exception If add to cart fails.
904	* @param int $product_id Product ID to add to the cart.
905	* @return bool success or not
906	*/
907	private static function add_to_cart_handler_variable( $product_id ) {
908	$variation_id = empty( $_REQUEST['variation_id'] ) ? '' : absint( wp_unslash( $_REQUEST['variation_id'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
909	$quantity = empty( $_REQUEST['quantity'] ) ? 1 : wc_stock_amount( wp_unslash( $_REQUEST['quantity'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
910	$variations = array();
911
912	$product = wc_get_product( $product_id );
913
914	foreach ( $_REQUEST as $key => $value ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
915	if ( 'attribute_' !== substr( $key, 0, 10 ) ) {
916	continue;
917	}
918
919	$variations[ sanitize_title( wp_unslash( $key ) ) ] = wp_unslash( $value );
920	}
921
922	$passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $product_id, $quantity, $variation_id, $variations );
923
924	if ( ! $passed_validation ) {
925	return false;
926	}
927
928	// Prevent parent variable product from being added to cart.
929	if ( empty( $variation_id ) && $product && $product->is_type( 'variable' ) ) {
930	/* translators: 1: product link, 2: product name */
931	wc_add_notice( sprintf( __( 'Please choose product options by visiting <a href="%1$s" title="%2$s">%2$s</a>.', 'woocommerce' ), esc_url( get_permalink( $product_id ) ), esc_html( $product->get_name() ) ), 'error' );
932
933	return false;
934	}
935
936	if ( false !== WC()->cart->add_to_cart( $product_id, $quantity, $variation_id, $variations ) ) {
937	wc_add_to_cart_message( array( $product_id => $quantity ), true );
938	return true;
939	}
940
941	return false;
942	}
943
944	/**
945	* Process the login form.
946	*
947	* @throws Exception On login error.
948	*/
949	public static function process_login() {
950
951	static $valid_nonce = null;
952
953	if ( null === $valid_nonce ) {
954	// The global form-login.php template used `_wpnonce` in template versions < 3.3.0.
955	$nonce_value = wc_get_var( $_REQUEST['woocommerce-login-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
956
957	$valid_nonce = wp_verify_nonce( $nonce_value, 'woocommerce-login' );
958	}
959
960	if ( isset( $_POST['login'], $_POST['username'], $_POST['password'] ) && $valid_nonce ) {
961
962	try {
963	$creds = array(
964	'user_login' => trim( wp_unslash( $_POST['username'] ) ), // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
965	'user_password' => $_POST['password'], // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
966	'remember' => isset( $_POST['rememberme'] ), // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
967	);
968
969	$validation_error = new WP_Error();
970	$validation_error = apply_filters( 'woocommerce_process_login_errors', $validation_error, $creds['user_login'], $creds['user_password'] );
971
972	if ( $validation_error->get_error_code() ) {
973	throw new Exception( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . $validation_error->get_error_message() );
974	}
975
976	if ( empty( $creds['user_login'] ) ) {
977	throw new Exception( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . __( 'Username is required.', 'woocommerce' ) );
978	}
979
980	// On multisite, ensure user exists on current site, if not add them before allowing login.
981	if ( is_multisite() ) {
982	$user_data = get_user_by( is_email( $creds['user_login'] ) ? 'email' : 'login', $creds['user_login'] );
983
984	if ( $user_data && ! is_user_member_of_blog( $user_data->ID, get_current_blog_id() ) ) {
985	add_user_to_blog( get_current_blog_id(), $user_data->ID, 'customer' );
986	}
987	}
988
989	// Peform the login.
990	$user = wp_signon( apply_filters( 'woocommerce_login_credentials', $creds ), is_ssl() );
991
992	if ( is_wp_error( $user ) ) {
993	throw new Exception( $user->get_error_message() );
994	} else {
995
996	if ( ! empty( $_POST['redirect'] ) ) {
997	$redirect = wp_unslash( $_POST['redirect'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
998	} elseif ( wc_get_raw_referer() ) {
999	$redirect = wc_get_raw_referer();
1000	} else {
1001	$redirect = wc_get_page_permalink( 'myaccount' );
1002	}
1003
1004	$redirect = remove_query_arg( array( 'wc_error', 'password-reset' ), $redirect );
1005
1006	wp_redirect( wp_validate_redirect( apply_filters( 'woocommerce_login_redirect', $redirect, $user ), wc_get_page_permalink( 'myaccount' ) ) ); // phpcs:ignore
1007	exit;
1008	}
1009	} catch ( Exception $e ) {
1010	wc_add_notice( apply_filters( 'login_errors', $e->getMessage() ), 'error' );
1011	do_action( 'woocommerce_login_failed' );
1012	}
1013	}
1014	}
1015
1016	/**
1017	* Handle lost password form.
1018	*/
1019	public static function process_lost_password() {
1020	if ( isset( $_POST['wc_reset_password'], $_POST['user_login'] ) ) {
1021	$nonce_value = wc_get_var( $_REQUEST['woocommerce-lost-password-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
1022
1023	if ( ! wp_verify_nonce( $nonce_value, 'lost_password' ) ) {
1024	return;
1025	}
1026
1027	$success = WC_Shortcode_My_Account::retrieve_password();
1028
1029	// If successful, redirect to my account with query arg set.
1030	if ( $success ) {
1031	wp_safe_redirect( add_query_arg( 'reset-link-sent', 'true', wc_get_account_endpoint_url( 'lost-password' ) ) );
1032	exit;
1033	}
1034	}
1035	}
1036
1037	/**
1038	* Handle reset password form.
1039	*/
1040	public static function process_reset_password() {
1041	$nonce_value = wc_get_var( $_REQUEST['woocommerce-reset-password-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
1042
1043	if ( ! wp_verify_nonce( $nonce_value, 'reset_password' ) ) {
1044	return;
1045	}
1046
1047	$posted_fields = array( 'wc_reset_password', 'password_1', 'password_2', 'reset_key', 'reset_login' );
1048
1049	foreach ( $posted_fields as $field ) {
1050	if ( ! isset( $_POST[ $field ] ) ) {
1051	return;
1052	}
1053
1054	if ( in_array( $field, array( 'password_1', 'password_2' ), true ) ) {
1055	// Don't unslash password fields
1056	// @see https://github.com/woocommerce/woocommerce/issues/23922.
1057	$posted_fields[ $field ] = $_POST[ $field ]; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1058	} else {
1059	$posted_fields[ $field ] = wp_unslash( $_POST[ $field ] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1060	}
1061	}
1062
1063	$user = WC_Shortcode_My_Account::check_password_reset_key( $posted_fields['reset_key'], $posted_fields['reset_login'] );
1064
1065	if ( $user instanceof WP_User ) {
1066	if ( empty( $posted_fields['password_1'] ) ) {
1067	wc_add_notice( __( 'Please enter your password.', 'woocommerce' ), 'error' );
1068	}
1069
1070	if ( $posted_fields['password_1'] !== $posted_fields['password_2'] ) {
1071	wc_add_notice( __( 'Passwords do not match.', 'woocommerce' ), 'error' );
1072	}
1073
1074	$errors = new WP_Error();
1075
1076	do_action( 'validate_password_reset', $errors, $user );
1077
1078	wc_add_wp_error_notices( $errors );
1079
1080	if ( 0 === wc_notice_count( 'error' ) ) {
1081	WC_Shortcode_My_Account::reset_password( $user, $posted_fields['password_1'] );
1082
1083	do_action( 'woocommerce_customer_reset_password', $user );
1084
1085	wp_safe_redirect( add_query_arg( 'password-reset', 'true', wc_get_page_permalink( 'myaccount' ) ) );
1086	exit;
1087	}
1088	}
1089	}
1090
1091	/**
1092	* Process the registration form.
1093	*
1094	* @throws Exception On registration error.
1095	*/
1096	public static function process_registration() {
1097	$nonce_value = isset( $_POST['_wpnonce'] ) ? wp_unslash( $_POST['_wpnonce'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1098	$nonce_value = isset( $_POST['woocommerce-register-nonce'] ) ? wp_unslash( $_POST['woocommerce-register-nonce'] ) : $nonce_value; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1099
1100	if ( isset( $_POST['register'], $_POST['email'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-register' ) ) {
1101	$username = 'no' === get_option( 'woocommerce_registration_generate_username' ) && isset( $_POST['username'] ) ? wp_unslash( $_POST['username'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1102	$password = 'no' === get_option( 'woocommerce_registration_generate_password' ) && isset( $_POST['password'] ) ? $_POST['password'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1103	$email = wp_unslash( $_POST['email'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1104
1105	try {
1106	$validation_error = new WP_Error();
1107	$validation_error = apply_filters( 'woocommerce_process_registration_errors', $validation_error, $username, $password, $email );
1108	$validation_errors = $validation_error->get_error_messages();
1109
1110	if ( 1 === count( $validation_errors ) ) {
1111	throw new Exception( $validation_error->get_error_message() );
1112	} elseif ( $validation_errors ) {
1113	foreach ( $validation_errors as $message ) {
1114	wc_add_notice( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . $message, 'error' );
1115	}
1116	throw new Exception();
1117	}
1118
1119	$new_customer = wc_create_new_customer( sanitize_email( $email ), wc_clean( $username ), $password );
1120
1121	if ( is_wp_error( $new_customer ) ) {
1122	throw new Exception( $new_customer->get_error_message() );
1123	}
1124
1125	if ( 'yes' === get_option( 'woocommerce_registration_generate_password' ) ) {
1126	wc_add_notice( __( 'Your account was created successfully and a password has been sent to your email address.', 'woocommerce' ) );
1127	} else {
1128	wc_add_notice( __( 'Your account was created successfully. Your login details have been sent to your email address.', 'woocommerce' ) );
1129	}
1130
1131	// Only redirect after a forced login - otherwise output a success notice.
1132	if ( apply_filters( 'woocommerce_registration_auth_new_customer', true, $new_customer ) ) {
1133	wc_set_customer_auth_cookie( $new_customer );
1134
1135	if ( ! empty( $_POST['redirect'] ) ) {
1136	$redirect = wp_sanitize_redirect( wp_unslash( $_POST['redirect'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1137	} elseif ( wc_get_raw_referer() ) {
1138	$redirect = wc_get_raw_referer();
1139	} else {
1140	$redirect = wc_get_page_permalink( 'myaccount' );
1141	}
1142
1143	wp_redirect( wp_validate_redirect( apply_filters( 'woocommerce_registration_redirect', $redirect ), wc_get_page_permalink( 'myaccount' ) ) ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
1144	exit;
1145	}
1146	} catch ( Exception $e ) {
1147	if ( $e->getMessage() ) {
1148	wc_add_notice( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . $e->getMessage(), 'error' );
1149	}
1150	}
1151	}
1152	}
1153	}
1154
1155	WC_Form_Handler::init();
1156