class-wc-form-handler.php — WooCommerce 9.8.5

woocommerce / includes / class-wc-form-handler.php

woocommerce / includes Last commit date

class-wc-form-handler.php

1185 lines

1	<?php
2	/**
3	* Handle frontend forms.
4	*
5	* @package WooCommerce\Classes\
6	*/
7
8	use Automattic\WooCommerce\Enums\OrderStatus;
9	use Automattic\WooCommerce\Enums\ProductType;
10
11	defined( 'ABSPATH' ) \|\| exit;
12
13	/**
14	* WC_Form_Handler class.
15	*/
16	class WC_Form_Handler {
17
18	/**
19	* Hook in methods.
20	*/
21	public static function init() {
22	add_action( 'template_redirect', array( __CLASS__, 'redirect_reset_password_link' ) );
23	add_action( 'template_redirect', array( __CLASS__, 'save_address' ) );
24	add_action( 'template_redirect', array( __CLASS__, 'save_account_details' ) );
25	add_action( 'wp_loaded', array( __CLASS__, 'checkout_action' ), 20 );
26	add_action( 'wp_loaded', array( __CLASS__, 'process_login' ), 20 );
27	add_action( 'wp_loaded', array( __CLASS__, 'process_registration' ), 20 );
28	add_action( 'wp_loaded', array( __CLASS__, 'process_lost_password' ), 20 );
29	add_action( 'wp_loaded', array( __CLASS__, 'process_reset_password' ), 20 );
30	add_action( 'wp_loaded', array( __CLASS__, 'cancel_order' ), 20 );
31	add_action( 'wp_loaded', array( __CLASS__, 'update_cart_action' ), 20 );
32	add_action( 'wp_loaded', array( __CLASS__, 'add_to_cart_action' ), 20 );
33
34	// May need $wp global to access query vars.
35	add_action( 'wp', array( __CLASS__, 'pay_action' ), 20 );
36	add_action( 'wp', array( __CLASS__, 'add_payment_method_action' ), 20 );
37	add_action( 'wp', array( __CLASS__, 'delete_payment_method_action' ), 20 );
38	add_action( 'wp', array( __CLASS__, 'set_default_payment_method_action' ), 20 );
39	}
40
41	/**
42	* Remove key and user ID (or user login, as a fallback) from query string, set cookie, and redirect to account page to show the form.
43	*/
44	public static function redirect_reset_password_link() {
45	if ( is_account_page() && isset( $_GET['key'] ) && ( isset( $_GET['id'] ) \|\| isset( $_GET['login'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
46
47	// If available, get $user_id from query string parameter for fallback purposes.
48	if ( isset( $_GET['login'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
49	$user = get_user_by( 'login', sanitize_user( wp_unslash( $_GET['login'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
50	$user_id = $user ? $user->ID : 0;
51	} else {
52	$user_id = absint( $_GET['id'] ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
53	}
54
55	// If the reset token is not for the current user, ignore the reset request (don't redirect).
56	$logged_in_user_id = get_current_user_id();
57	if ( $logged_in_user_id && $logged_in_user_id !== $user_id ) {
58	wc_add_notice( __( 'This password reset key is for a different user account. Please log out and try again.', 'woocommerce' ), 'error' );
59	return;
60	}
61
62	$action = isset( $_GET['action'] ) ? sanitize_text_field( wp_unslash( $_GET['action'] ) ) : '';
63	$value = sprintf( '%d:%s', $user_id, wp_unslash( $_GET['key'] ) ); // phpcs:ignore
64	WC_Shortcode_My_Account::set_reset_password_cookie( $value );
65	wp_safe_redirect(
66	add_query_arg(
67	array(
68	'show-reset-form' => 'true',
69	'action' => $action,
70	),
71	wc_lostpassword_url()
72	)
73	);
74	exit;
75	}
76	}
77
78	/**
79	* Save and and update a billing or shipping address if the
80	* form was submitted through the user account page.
81	*/
82	public static function save_address() {
83	global $wp;
84
85	$nonce_value = wc_get_var( $_REQUEST['woocommerce-edit-address-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
86
87	if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-edit_address' ) ) {
88	return;
89	}
90
91	if ( empty( $_POST['action'] ) \|\| 'edit_address' !== $_POST['action'] ) {
92	return;
93	}
94
95	wc_nocache_headers();
96
97	$user_id = get_current_user_id();
98
99	if ( $user_id <= 0 ) {
100	return;
101	}
102
103	$customer = new WC_Customer( $user_id );
104
105	if ( ! $customer ) {
106	return;
107	}
108
109	$address_type = isset( $wp->query_vars['edit-address'] ) ? wc_edit_address_i18n( sanitize_title( $wp->query_vars['edit-address'] ), true ) : 'billing';
110
111	if ( ! isset( $_POST[ $address_type . '_country' ] ) ) {
112	return;
113	}
114
115	$address = WC()->countries->get_address_fields( wc_clean( wp_unslash( $_POST[ $address_type . '_country' ] ) ), $address_type . '_' );
116
117	foreach ( $address as $key => $field ) {
118	if ( ! isset( $field['type'] ) ) {
119	$field['type'] = 'text';
120	}
121
122	// Get Value.
123	if ( 'checkbox' === $field['type'] ) {
124	$value = (int) isset( $_POST[ $key ] );
125	} else {
126	$value = isset( $_POST[ $key ] ) ? wc_clean( wp_unslash( $_POST[ $key ] ) ) : '';
127	}
128
129	// Hook to allow modification of value.
130	$value = apply_filters( 'woocommerce_process_myaccount_field_' . $key, $value );
131
132	// Validation: Required fields.
133	if ( ! empty( $field['required'] ) && empty( $value ) ) {
134	/* translators: %s: Field name. */
135	wc_add_notice( sprintf( __( '%s is a required field.', 'woocommerce' ), $field['label'] ), 'error', array( 'id' => $key ) );
136	}
137
138	if ( ! empty( $value ) ) {
139	// Validation and formatting rules.
140	if ( ! empty( $field['validate'] ) && is_array( $field['validate'] ) ) {
141	foreach ( $field['validate'] as $rule ) {
142	switch ( $rule ) {
143	case 'postcode':
144	$country = wc_clean( wp_unslash( $_POST[ $address_type . '_country' ] ) );
145	$value = wc_format_postcode( $value, $country );
146
147	if ( '' !== $value && ! WC_Validation::is_postcode( $value, $country ) ) {
148	switch ( $country ) {
149	case 'IE':
150	$postcode_validation_notice = __( 'Please enter a valid Eircode.', 'woocommerce' );
151	break;
152	default:
153	$postcode_validation_notice = __( 'Please enter a valid postcode / ZIP.', 'woocommerce' );
154	}
155	wc_add_notice( $postcode_validation_notice, 'error' );
156	}
157	break;
158	case 'phone':
159	if ( '' !== $value && ! WC_Validation::is_phone( $value ) ) {
160	/* translators: %s: Phone number. */
161	wc_add_notice( sprintf( __( '%s is not a valid phone number.', 'woocommerce' ), '<strong>' . $field['label'] . '</strong>' ), 'error' );
162	}
163	break;
164	case 'email':
165	$value = strtolower( $value );
166
167	if ( ! is_email( $value ) ) {
168	/* translators: %s: Email address. */
169	wc_add_notice( sprintf( __( '%s is not a valid email address.', 'woocommerce' ), '<strong>' . $field['label'] . '</strong>' ), 'error' );
170	}
171	break;
172	}
173	}
174	}
175	}
176
177	try {
178	// Set prop in customer object.
179	if ( is_callable( array( $customer, "set_$key" ) ) ) {
180	$customer->{"set_$key"}( $value );
181	} else {
182	$customer->update_meta_data( $key, $value );
183	}
184	} catch ( WC_Data_Exception $e ) {
185	// Set notices. Ignore invalid billing email, since is already validated.
186	if ( 'customer_invalid_billing_email' !== $e->getErrorCode() ) {
187	wc_add_notice( $e->getMessage(), 'error' );
188	}
189	}
190	}
191
192	/**
193	* Hook: woocommerce_after_save_address_validation.
194	*
195	* Allow developers to add custom validation logic and throw an error to prevent save.
196	*
197	* @since 3.6.0
198	* @param int $user_id User ID being saved.
199	* @param string $address_type Type of address; 'billing' or 'shipping'.
200	* @param array $address The address fields.
201	* @param WC_Customer $customer The customer object being saved.
202	*/
203	do_action( 'woocommerce_after_save_address_validation', $user_id, $address_type, $address, $customer );
204
205	if ( 0 < wc_notice_count( 'error' ) ) {
206	return;
207	}
208
209	$customer->save();
210
211	/**
212	* Hook: woocommerce_customer_save_address.
213	*
214	* Fires after a customer address has been saved.
215	*
216	* @since 3.6.0
217	* @param int $user_id User ID being saved.
218	* @param string $address_type Type of address; 'billing' or 'shipping'.
219	* @param array $address The address fields. Since 9.8.0.
220	* @param WC_Customer $customer The customer object being saved. Since 9.8.0.
221	*/
222	do_action( 'woocommerce_customer_save_address', $user_id, $address_type, $address, $customer );
223
224	if ( 0 < wc_notice_count( 'error' ) ) {
225	return;
226	}
227
228	wc_add_notice( __( 'Address changed successfully.', 'woocommerce' ) );
229	wp_safe_redirect( wc_get_endpoint_url( 'edit-address', '', wc_get_page_permalink( 'myaccount' ) ) );
230	exit;
231	}
232
233	/**
234	* Save the password/account details and redirect back to the my account page.
235	*/
236	public static function save_account_details() {
237	$nonce_value = wc_get_var( $_REQUEST['save-account-details-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
238
239	if ( ! wp_verify_nonce( $nonce_value, 'save_account_details' ) ) {
240	return;
241	}
242
243	if ( empty( $_POST['action'] ) \|\| 'save_account_details' !== $_POST['action'] ) {
244	return;
245	}
246
247	wc_nocache_headers();
248
249	$user_id = get_current_user_id();
250
251	if ( $user_id <= 0 ) {
252	return;
253	}
254
255	$account_first_name = ! empty( $_POST['account_first_name'] ) ? wc_clean( wp_unslash( $_POST['account_first_name'] ) ) : '';
256	$account_last_name = ! empty( $_POST['account_last_name'] ) ? wc_clean( wp_unslash( $_POST['account_last_name'] ) ) : '';
257	$account_display_name = ! empty( $_POST['account_display_name'] ) ? wc_clean( wp_unslash( $_POST['account_display_name'] ) ) : '';
258	$account_email = ! empty( $_POST['account_email'] ) ? wc_clean( wp_unslash( $_POST['account_email'] ) ) : '';
259	$pass_cur = ! empty( $_POST['password_current'] ) ? $_POST['password_current'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
260	$pass1 = ! empty( $_POST['password_1'] ) ? $_POST['password_1'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
261	$pass2 = ! empty( $_POST['password_2'] ) ? $_POST['password_2'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
262	$save_pass = true;
263
264	// Current user data.
265	$current_user = get_user_by( 'id', $user_id );
266	$current_first_name = $current_user->first_name;
267	$current_last_name = $current_user->last_name;
268	$current_email = $current_user->user_email;
269
270	// New user data.
271	$user = new stdClass();
272	$user->ID = $user_id;
273	$user->first_name = $account_first_name;
274	$user->last_name = $account_last_name;
275	$user->display_name = $account_display_name;
276
277	// Prevent display name to be changed to email.
278	if ( is_email( $account_display_name ) ) {
279	wc_add_notice( __( 'Display name cannot be changed to email address due to privacy concern.', 'woocommerce' ), 'error' );
280	}
281
282	// Handle required fields.
283	$required_fields = apply_filters(
284	'woocommerce_save_account_details_required_fields',
285	array(
286	'account_first_name' => __( 'First name', 'woocommerce' ),
287	'account_last_name' => __( 'Last name', 'woocommerce' ),
288	'account_display_name' => __( 'Display name', 'woocommerce' ),
289	'account_email' => __( 'Email address', 'woocommerce' ),
290	)
291	);
292
293	foreach ( $required_fields as $field_key => $field_name ) {
294	if ( empty( $_POST[ $field_key ] ) ) {
295	/* translators: %s: Field name. */
296	wc_add_notice( sprintf( __( '%s is a required field.', 'woocommerce' ), '<strong>' . esc_html( $field_name ) . '</strong>' ), 'error', array( 'id' => $field_key ) );
297	}
298	}
299
300	if ( $account_email ) {
301	$account_email = sanitize_email( $account_email );
302	if ( ! is_email( $account_email ) ) {
303	wc_add_notice( __( 'Please provide a valid email address.', 'woocommerce' ), 'error' );
304	} elseif ( email_exists( $account_email ) && $account_email !== $current_user->user_email ) {
305	wc_add_notice( __( 'This email address is already registered.', 'woocommerce' ), 'error' );
306	}
307	$user->user_email = $account_email;
308	}
309
310	if ( ! empty( $pass_cur ) && empty( $pass1 ) && empty( $pass2 ) ) {
311	wc_add_notice( __( 'Please fill out all password fields.', 'woocommerce' ), 'error' );
312	$save_pass = false;
313	} elseif ( ! empty( $pass1 ) && empty( $pass_cur ) ) {
314	wc_add_notice( __( 'Please enter your current password.', 'woocommerce' ), 'error' );
315	$save_pass = false;
316	} elseif ( ! empty( $pass1 ) && empty( $pass2 ) ) {
317	wc_add_notice( __( 'Please re-enter your password.', 'woocommerce' ), 'error' );
318	$save_pass = false;
319	} elseif ( ( ! empty( $pass1 ) \|\| ! empty( $pass2 ) ) && $pass1 !== $pass2 ) {
320	wc_add_notice( __( 'New passwords do not match.', 'woocommerce' ), 'error' );
321	$save_pass = false;
322	} elseif ( ! empty( $pass1 ) && ! wp_check_password( $pass_cur, $current_user->user_pass, $current_user->ID ) ) {
323	wc_add_notice( __( 'Your current password is incorrect.', 'woocommerce' ), 'error' );
324	$save_pass = false;
325	}
326
327	if ( $pass1 && $save_pass ) {
328	$user->user_pass = $pass1;
329	}
330
331	// Allow plugins to return their own errors.
332	$errors = new WP_Error();
333	do_action_ref_array( 'woocommerce_save_account_details_errors', array( &$errors, &$user ) );
334
335	if ( $errors->get_error_messages() ) {
336	foreach ( $errors->get_error_messages() as $error ) {
337	wc_add_notice( $error, 'error' );
338	}
339	}
340
341	if ( wc_notice_count( 'error' ) === 0 ) {
342	wp_update_user( $user );
343
344	// Update customer object to keep data in sync.
345	try {
346	$customer = new WC_Customer( $user->ID );
347
348	// Keep billing data in sync if data changed.
349	if ( isset( $user->user_email ) && is_email( $user->user_email ) && $current_email !== $user->user_email ) {
350	$customer->set_billing_email( $user->user_email );
351	}
352
353	if ( $current_first_name !== $user->first_name ) {
354	$customer->set_billing_first_name( $user->first_name );
355	}
356
357	if ( $current_last_name !== $user->last_name ) {
358	$customer->set_billing_last_name( $user->last_name );
359	}
360
361	$customer->save();
362	} catch ( WC_Data_Exception $e ) {
363	// These error messages are already translated.
364	wc_add_notice( $e->getMessage(), 'error' );
365	} catch ( \Exception $e ) {
366	wc_add_notice(
367	sprintf(
368	/* translators: %s: Error message. */
369	__( 'An error occurred while saving account details: %s', 'woocommerce' ),
370	esc_html( $e->getMessage() )
371	),
372	'error'
373	);
374	}
375
376	/**
377	* Hook: woocommerce_save_account_details.
378	*
379	* @since 3.6.0
380	* @param int $user_id User ID being saved.
381	*/
382	do_action( 'woocommerce_save_account_details', $user->ID );
383
384	// Notices are checked here so that if something created a notice during the save hooks above, the redirect will not happen.
385	if ( 0 === wc_notice_count( 'error' ) ) {
386	wc_add_notice( __( 'Account details changed successfully.', 'woocommerce' ) );
387	wp_safe_redirect( wc_get_endpoint_url( 'edit-account', '', wc_get_page_permalink( 'myaccount' ) ) );
388	exit;
389	}
390	}
391	}
392
393	/**
394	* Process the checkout form.
395	*/
396	public static function checkout_action() {
397	if ( isset( $_POST['woocommerce_checkout_place_order'] ) \|\| isset( $_POST['woocommerce_checkout_update_totals'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Missing
398	wc_nocache_headers();
399
400	if ( WC()->cart->is_empty() ) {
401	wp_safe_redirect( wc_get_cart_url() );
402	exit;
403	}
404
405	wc_maybe_define_constant( 'WOOCOMMERCE_CHECKOUT', true );
406
407	WC()->checkout()->process_checkout();
408	}
409	}
410
411	/**
412	* Process the pay form.
413	*
414	* @throws Exception On payment error.
415	*/
416	public static function pay_action() {
417	global $wp;
418
419	if ( isset( $_POST['woocommerce_pay'], $_GET['key'] ) ) {
420	wc_nocache_headers();
421
422	$nonce_value = wc_get_var( $_REQUEST['woocommerce-pay-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
423
424	if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-pay' ) ) {
425	return;
426	}
427
428	ob_start();
429
430	// Pay for existing order.
431	$order_key = wp_unslash( $_GET['key'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
432	$order_id = absint( $wp->query_vars['order-pay'] );
433	$order = wc_get_order( $order_id );
434
435	if ( $order_id === $order->get_id() && hash_equals( $order->get_order_key(), $order_key ) && $order->needs_payment() ) {
436
437	do_action( 'woocommerce_before_pay_action', $order );
438
439	WC()->customer->set_props(
440	array(
441	'billing_country' => $order->get_billing_country() ? $order->get_billing_country() : null,
442	'billing_state' => $order->get_billing_state() ? $order->get_billing_state() : null,
443	'billing_postcode' => $order->get_billing_postcode() ? $order->get_billing_postcode() : null,
444	'billing_city' => $order->get_billing_city() ? $order->get_billing_city() : null,
445	)
446	);
447	WC()->customer->save();
448
449	if ( ! empty( $_POST['terms-field'] ) && empty( $_POST['terms'] ) ) {
450	wc_add_notice( __( 'Please read and accept the terms and conditions to proceed with your order.', 'woocommerce' ), 'error' );
451	return;
452	}
453
454	// Update payment method.
455	if ( $order->needs_payment() ) {
456	try {
457	$payment_method_id = isset( $_POST['payment_method'] ) ? wc_clean( wp_unslash( $_POST['payment_method'] ) ) : false;
458
459	if ( ! $payment_method_id ) {
460	throw new Exception( __( 'Invalid payment method.', 'woocommerce' ) );
461	}
462
463	$available_gateways = WC()->payment_gateways->get_available_payment_gateways();
464	$payment_method = isset( $available_gateways[ $payment_method_id ] ) ? $available_gateways[ $payment_method_id ] : false;
465
466	if ( ! $payment_method ) {
467	throw new Exception( __( 'Invalid payment method.', 'woocommerce' ) );
468	}
469
470	$order->set_payment_method( $payment_method );
471	$order->save();
472
473	$payment_method->validate_fields();
474
475	if ( 0 === wc_notice_count( 'error' ) ) {
476
477	$result = $payment_method->process_payment( $order_id );
478
479	// Redirect to success/confirmation/payment page.
480	if ( isset( $result['result'] ) && 'success' === $result['result'] ) {
481	$result['order_id'] = $order_id;
482
483	$result = apply_filters( 'woocommerce_payment_successful_result', $result, $order_id );
484
485	wp_redirect( $result['redirect'] ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
486	exit;
487	}
488	}
489	} catch ( Exception $e ) {
490	wc_add_notice( $e->getMessage(), 'error' );
491	}
492	} else {
493	// No payment was required for order.
494	$order->payment_complete();
495	wp_safe_redirect( $order->get_checkout_order_received_url() );
496	exit;
497	}
498
499	do_action( 'woocommerce_after_pay_action', $order );
500
501	}
502	}
503	}
504
505	/**
506	* Process the add payment method form.
507	*/
508	public static function add_payment_method_action() {
509	if ( isset( $_POST['woocommerce_add_payment_method'], $_POST['payment_method'] ) ) {
510	wc_nocache_headers();
511
512	$nonce_value = wc_get_var( $_REQUEST['woocommerce-add-payment-method-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
513
514	if ( ! wp_verify_nonce( $nonce_value, 'woocommerce-add-payment-method' ) ) {
515	return;
516	}
517
518	if ( ! apply_filters( 'woocommerce_add_payment_method_form_is_valid', true ) ) {
519	return;
520	}
521
522	// Test rate limit.
523	$current_user_id = get_current_user_id();
524	$rate_limit_id = 'add_payment_method_' . $current_user_id;
525	$delay = (int) apply_filters( 'woocommerce_payment_gateway_add_payment_method_delay', 20 );
526
527	if ( WC_Rate_Limiter::retried_too_soon( $rate_limit_id ) ) {
528	wc_add_notice(
529	sprintf(
530	/* translators: %d number of seconds */
531	_n(
532	'You cannot add a new payment method so soon after the previous one. Please wait for %d second.',
533	'You cannot add a new payment method so soon after the previous one. Please wait for %d seconds.',
534	$delay,
535	'woocommerce'
536	),
537	$delay
538	),
539	'error'
540	);
541	return;
542	}
543
544	WC_Rate_Limiter::set_rate_limit( $rate_limit_id, $delay );
545
546	ob_start();
547
548	$payment_method_id = wc_clean( wp_unslash( $_POST['payment_method'] ) );
549	$available_gateways = WC()->payment_gateways->get_available_payment_gateways();
550
551	if ( isset( $available_gateways[ $payment_method_id ] ) ) {
552	$gateway = $available_gateways[ $payment_method_id ];
553
554	if ( ! $gateway->supports( 'add_payment_method' ) && ! $gateway->supports( 'tokenization' ) ) {
555	wc_add_notice( __( 'Invalid payment gateway.', 'woocommerce' ), 'error' );
556	return;
557	}
558
559	$gateway->validate_fields();
560
561	if ( wc_notice_count( 'error' ) > 0 ) {
562	return;
563	}
564
565	$result = $gateway->add_payment_method();
566
567	if ( 'success' === $result['result'] ) {
568	wc_add_notice( __( 'Payment method successfully added.', 'woocommerce' ) );
569	}
570
571	if ( 'failure' === $result['result'] ) {
572	wc_add_notice( __( 'Unable to add payment method to your account.', 'woocommerce' ), 'error' );
573	}
574
575	if ( ! empty( $result['redirect'] ) ) {
576	wp_redirect( $result['redirect'] ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
577	exit();
578	}
579	}
580	}
581	}
582
583	/**
584	* Process the delete payment method form.
585	*/
586	public static function delete_payment_method_action() {
587	global $wp;
588
589	if ( isset( $wp->query_vars['delete-payment-method'] ) ) {
590	wc_nocache_headers();
591
592	$token_id = absint( $wp->query_vars['delete-payment-method'] );
593	$token = WC_Payment_Tokens::get( $token_id );
594
595	if ( is_null( $token ) \|\| get_current_user_id() !== $token->get_user_id() \|\| ! isset( $_REQUEST['_wpnonce'] ) \|\| false === wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'] ), 'delete-payment-method-' . $token_id ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
596	wc_add_notice( __( 'Invalid payment method.', 'woocommerce' ), 'error' );
597	} else {
598	WC_Payment_Tokens::delete( $token_id );
599	wc_add_notice( __( 'Payment method deleted.', 'woocommerce' ) );
600	}
601
602	wp_safe_redirect( wc_get_account_endpoint_url( 'payment-methods' ) );
603	exit();
604	}
605	}
606
607	/**
608	* Process the delete payment method form.
609	*/
610	public static function set_default_payment_method_action() {
611	global $wp;
612
613	if ( isset( $wp->query_vars['set-default-payment-method'] ) ) {
614	wc_nocache_headers();
615
616	$token_id = absint( $wp->query_vars['set-default-payment-method'] );
617	$token = WC_Payment_Tokens::get( $token_id );
618
619	if ( is_null( $token ) \|\| get_current_user_id() !== $token->get_user_id() \|\| ! isset( $_REQUEST['_wpnonce'] ) \|\| false === wp_verify_nonce( wp_unslash( $_REQUEST['_wpnonce'] ), 'set-default-payment-method-' . $token_id ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
620	wc_add_notice( __( 'Invalid payment method.', 'woocommerce' ), 'error' );
621	} else {
622	WC_Payment_Tokens::set_users_default( $token->get_user_id(), intval( $token_id ) );
623	wc_add_notice( __( 'This payment method was successfully set as your default.', 'woocommerce' ) );
624	}
625
626	wp_safe_redirect( wc_get_account_endpoint_url( 'payment-methods' ) );
627	exit();
628	}
629	}
630
631	/**
632	* Remove from cart/update.
633	*/
634	public static function update_cart_action() {
635	if ( ! ( isset( $_REQUEST['apply_coupon'] ) \|\| isset( $_REQUEST['remove_coupon'] ) \|\| isset( $_REQUEST['remove_item'] ) \|\| isset( $_REQUEST['undo_item'] ) \|\| isset( $_REQUEST['update_cart'] ) \|\| isset( $_REQUEST['proceed'] ) ) ) {
636	return;
637	}
638
639	wc_nocache_headers();
640
641	$nonce_value = wc_get_var( $_REQUEST['woocommerce-cart-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
642
643	if ( ! empty( $_POST['apply_coupon'] ) && ! empty( $_POST['coupon_code'] ) ) {
644	WC()->cart->add_discount( wc_format_coupon_code( wp_unslash( $_POST['coupon_code'] ) ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
645
646	} elseif ( isset( $_GET['remove_coupon'] ) ) {
647	WC()->cart->remove_coupon( wc_format_coupon_code( urldecode( wp_unslash( $_GET['remove_coupon'] ) ) ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
648
649	} elseif ( ! empty( $_GET['remove_item'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) {
650	$cart_item_key = sanitize_text_field( wp_unslash( $_GET['remove_item'] ) );
651	$cart_item = WC()->cart->get_cart_item( $cart_item_key );
652
653	if ( $cart_item ) {
654	WC()->cart->remove_cart_item( $cart_item_key );
655
656	$product = wc_get_product( $cart_item['product_id'] );
657
658	/* translators: %s: Item name. */
659	$item_removed_title = apply_filters( 'woocommerce_cart_item_removed_title', $product ? sprintf( _x( '“%s”', 'Item name in quotes', 'woocommerce' ), $product->get_name() ) : __( 'Item', 'woocommerce' ), $cart_item );
660
661	// Don't show undo link if removed item is out of stock.
662	if ( $product && $product->is_in_stock() && $product->has_enough_stock( $cart_item['quantity'] ) ) {
663	/* Translators: %s Product title. */
664	$removed_notice = sprintf( __( '%s removed.', 'woocommerce' ), $item_removed_title );
665	$removed_notice .= ' <a href="' . esc_url( wc_get_cart_undo_url( $cart_item_key ) ) . '" class="restore-item">' . __( 'Undo?', 'woocommerce' ) . '</a>';
666	} else {
667	/* Translators: %s Product title. */
668	$removed_notice = sprintf( __( '%s removed.', 'woocommerce' ), $item_removed_title );
669	}
670
671	wc_add_notice( $removed_notice, apply_filters( 'woocommerce_cart_item_removed_notice_type', 'success' ) );
672	}
673
674	if ( wp_get_referer() ) {
675	wp_safe_redirect( remove_query_arg( array( 'remove_item', 'add-to-cart', 'added-to-cart', 'order_again', '_wpnonce' ), add_query_arg( 'removed_item', '1', wp_get_referer() ) ) );
676	exit;
677	}
678	} elseif ( ! empty( $_GET['undo_item'] ) && isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) {
679
680	// Undo Cart Item.
681	$cart_item_key = sanitize_text_field( wp_unslash( $_GET['undo_item'] ) );
682
683	WC()->cart->restore_cart_item( $cart_item_key );
684
685	if ( wp_get_referer() ) {
686	wp_safe_redirect( remove_query_arg( array( 'undo_item', '_wpnonce' ), wp_get_referer() ) );
687	exit;
688	}
689	}
690
691	// Update Cart - checks apply_coupon too because they are in the same form.
692	if ( ( ! empty( $_POST['apply_coupon'] ) \|\| ! empty( $_POST['update_cart'] ) \|\| ! empty( $_POST['proceed'] ) ) && wp_verify_nonce( $nonce_value, 'woocommerce-cart' ) ) {
693
694	$cart_updated = false;
695	$cart_totals = isset( $_POST['cart'] ) ? wp_unslash( $_POST['cart'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
696
697	if ( ! WC()->cart->is_empty() && is_array( $cart_totals ) ) {
698	foreach ( WC()->cart->get_cart() as $cart_item_key => $values ) {
699
700	$_product = $values['data'];
701
702	// Skip product if no updated quantity was posted.
703	if ( ! isset( $cart_totals[ $cart_item_key ] ) \|\| ! isset( $cart_totals[ $cart_item_key ]['qty'] ) ) {
704	continue;
705	}
706
707	// Sanitize.
708	$quantity = apply_filters( 'woocommerce_stock_amount_cart_item', wc_stock_amount( preg_replace( '/[^0-9\.]/', '', $cart_totals[ $cart_item_key ]['qty'] ) ), $cart_item_key );
709
710	if ( '' === $quantity \|\| $quantity === $values['quantity'] ) {
711	continue;
712	}
713
714	// Update cart validation.
715	$passed_validation = apply_filters( 'woocommerce_update_cart_validation', true, $cart_item_key, $values, $quantity );
716
717	// is_sold_individually.
718	if ( $_product->is_sold_individually() && $quantity > 1 ) {
719	/* Translators: %s Product title. */
720	wc_add_notice( sprintf( __( 'You can only have 1 %s in your cart.', 'woocommerce' ), $_product->get_name() ), 'error' );
721	$passed_validation = false;
722	}
723
724	if ( $passed_validation ) {
725	WC()->cart->set_quantity( $cart_item_key, $quantity, false );
726	$cart_updated = true;
727	}
728	}
729	}
730
731	// Trigger action - let 3rd parties update the cart if they need to and update the $cart_updated variable.
732	$cart_updated = apply_filters( 'woocommerce_update_cart_action_cart_updated', $cart_updated );
733
734	if ( $cart_updated ) {
735	WC()->cart->calculate_totals();
736	}
737
738	if ( ! empty( $_POST['proceed'] ) ) {
739	wp_safe_redirect( wc_get_checkout_url() );
740	exit;
741	} elseif ( $cart_updated ) {
742	wc_add_notice( __( 'Cart updated.', 'woocommerce' ), apply_filters( 'woocommerce_cart_updated_notice_type', 'success' ) );
743
744	if ( wp_get_referer() ) {
745	wp_safe_redirect( remove_query_arg( array( 'remove_coupon', 'add-to-cart' ), wp_get_referer() ) );
746	exit;
747	}
748	}
749	}
750	}
751
752	/**
753	* Place a previous order again.
754	*
755	* @deprecated 3.5.0 Logic moved to cart session handling.
756	*/
757	public static function order_again() {
758	wc_deprecated_function( 'WC_Form_Handler::order_again', '3.5', 'This method should not be called manually.' );
759	}
760
761	/**
762	* Cancel a pending order.
763	*/
764	public static function cancel_order() {
765	if (
766	isset( $_GET['cancel_order'] ) &&
767	isset( $_GET['order'] ) &&
768	isset( $_GET['order_id'] ) &&
769	( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), 'woocommerce-cancel_order' ) ) // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
770	) {
771	wc_nocache_headers();
772
773	$order_key = wp_unslash( $_GET['order'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
774	$order_id = absint( $_GET['order_id'] );
775	$order = wc_get_order( $order_id );
776	/**
777	* Filter valid order statuses for cancel.
778	*
779	* @since 3.5.0
780	*
781	* @param array $valid_statuses Array of valid order statuses for cancel.
782	* @param WC_Order $order Order object.
783	*/
784	$valid_statuses = apply_filters( 'woocommerce_valid_order_statuses_for_cancel', array( OrderStatus::PENDING, OrderStatus::FAILED ), $order );
785	$user_can_cancel = current_user_can( 'cancel_order', $order_id );
786	$order_can_cancel = $order->has_status( $valid_statuses );
787	$redirect = isset( $_GET['redirect'] ) ? wp_unslash( $_GET['redirect'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
788
789	if ( $user_can_cancel && $order_can_cancel && $order->get_id() === $order_id && hash_equals( $order->get_order_key(), $order_key ) ) {
790
791	// Cancel the order + restore stock.
792	WC()->session->set( 'order_awaiting_payment', false );
793	$order->update_status( OrderStatus::CANCELLED, __( 'Order cancelled by customer.', 'woocommerce' ) );
794
795	wc_add_notice( apply_filters( 'woocommerce_order_cancelled_notice', __( 'Your order was cancelled.', 'woocommerce' ) ), apply_filters( 'woocommerce_order_cancelled_notice_type', 'notice' ) );
796
797	do_action( 'woocommerce_cancelled_order', $order->get_id() );
798
799	} elseif ( $user_can_cancel && ! $order_can_cancel ) {
800	wc_add_notice( __( 'Your order can no longer be cancelled. Please contact us if you need assistance.', 'woocommerce' ), 'error' );
801	} else {
802	wc_add_notice( __( 'Invalid order.', 'woocommerce' ), 'error' );
803	}
804
805	if ( $redirect ) {
806	wp_safe_redirect( $redirect );
807	exit;
808	}
809	}
810	}
811
812	/**
813	* Add to cart action.
814	*
815	* Checks for a valid request, does validation (via hooks) and then redirects if valid.
816	*
817	* @param bool $url (default: false) URL to redirect to.
818	*/
819	public static function add_to_cart_action( $url = false ) {
820	if ( ! isset( $_REQUEST['add-to-cart'] ) \|\| ! is_numeric( wp_unslash( $_REQUEST['add-to-cart'] ) ) ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
821	return;
822	}
823
824	wc_nocache_headers();
825
826	$product_id = apply_filters( 'woocommerce_add_to_cart_product_id', absint( wp_unslash( $_REQUEST['add-to-cart'] ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
827	$was_added_to_cart = false;
828	$adding_to_cart = wc_get_product( $product_id );
829
830	if ( ! $adding_to_cart ) {
831	return;
832	}
833
834	$add_to_cart_handler = apply_filters( 'woocommerce_add_to_cart_handler', $adding_to_cart->get_type(), $adding_to_cart );
835
836	if ( ProductType::VARIABLE === $add_to_cart_handler \|\| ProductType::VARIATION === $add_to_cart_handler ) {
837	$was_added_to_cart = self::add_to_cart_handler_variable( $product_id );
838	} elseif ( ProductType::GROUPED === $add_to_cart_handler ) {
839	$was_added_to_cart = self::add_to_cart_handler_grouped( $product_id );
840	} elseif ( has_action( 'woocommerce_add_to_cart_handler_' . $add_to_cart_handler ) ) {
841	do_action( 'woocommerce_add_to_cart_handler_' . $add_to_cart_handler, $url ); // Custom handler.
842	} else {
843	$was_added_to_cart = self::add_to_cart_handler_simple( $product_id );
844	}
845
846	// If we added the product to the cart we can now optionally do a redirect.
847	if ( $was_added_to_cart && 0 === wc_notice_count( 'error' ) ) {
848	$url = apply_filters( 'woocommerce_add_to_cart_redirect', $url, $adding_to_cart );
849
850	if ( $url ) {
851	wp_safe_redirect( $url );
852	exit;
853	} elseif ( 'yes' === get_option( 'woocommerce_cart_redirect_after_add' ) ) {
854	wp_safe_redirect( wc_get_cart_url() );
855	exit;
856	}
857	}
858	}
859
860	/**
861	* Handle adding simple products to the cart.
862	*
863	* @since 2.4.6 Split from add_to_cart_action.
864	* @param int $product_id Product ID to add to the cart.
865	* @return bool success or not
866	*/
867	private static function add_to_cart_handler_simple( $product_id ) {
868	$quantity = empty( $_REQUEST['quantity'] ) ? 1 : wc_stock_amount( wp_unslash( $_REQUEST['quantity'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
869	$passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $product_id, $quantity );
870
871	if ( $passed_validation && false !== WC()->cart->add_to_cart( $product_id, $quantity ) ) {
872	wc_add_to_cart_message( array( $product_id => $quantity ), true );
873	return true;
874	}
875	return false;
876	}
877
878	/**
879	* Handle adding grouped products to the cart.
880	*
881	* @since 2.4.6 Split from add_to_cart_action.
882	* @param int $product_id Product ID to add to the cart.
883	* @return bool success or not
884	*/
885	private static function add_to_cart_handler_grouped( $product_id ) {
886	$was_added_to_cart = false;
887	$added_to_cart = array();
888	$items = isset( $_REQUEST['quantity'] ) && is_array( $_REQUEST['quantity'] ) ? wp_unslash( $_REQUEST['quantity'] ) : array(); // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
889
890	if ( ! empty( $items ) ) {
891	$quantity_set = false;
892
893	foreach ( $items as $item => $quantity ) {
894	$quantity = wc_stock_amount( $quantity );
895	if ( $quantity <= 0 ) {
896	continue;
897	}
898	$quantity_set = true;
899
900	// Add to cart validation.
901	$passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $item, $quantity );
902
903	// Suppress total recalculation until finished.
904	remove_action( 'woocommerce_add_to_cart', array( WC()->cart, 'calculate_totals' ), 20, 0 );
905
906	if ( $passed_validation && false !== WC()->cart->add_to_cart( $item, $quantity ) ) {
907	$was_added_to_cart = true;
908	$added_to_cart[ $item ] = $quantity;
909	}
910
911	add_action( 'woocommerce_add_to_cart', array( WC()->cart, 'calculate_totals' ), 20, 0 );
912	}
913
914	if ( ! $was_added_to_cart && ! $quantity_set ) {
915	wc_add_notice( __( 'Please choose the quantity of items you wish to add to your cart…', 'woocommerce' ), 'error' );
916	} elseif ( $was_added_to_cart ) {
917	wc_add_to_cart_message( $added_to_cart );
918	WC()->cart->calculate_totals();
919	return true;
920	}
921	} elseif ( $product_id ) {
922	/* Link on product archives */
923	wc_add_notice( __( 'Please choose a product to add to your cart…', 'woocommerce' ), 'error' );
924	}
925	return false;
926	}
927
928	/**
929	* Handle adding variable products to the cart.
930	*
931	* @since 2.4.6 Split from add_to_cart_action.
932	* @throws Exception If add to cart fails.
933	* @param int $product_id Product ID to add to the cart.
934	* @return bool success or not
935	*/
936	private static function add_to_cart_handler_variable( $product_id ) {
937	$variation_id = empty( $_REQUEST['variation_id'] ) ? '' : absint( wp_unslash( $_REQUEST['variation_id'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
938	$quantity = empty( $_REQUEST['quantity'] ) ? 1 : wc_stock_amount( wp_unslash( $_REQUEST['quantity'] ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
939	$variations = array();
940
941	$product = wc_get_product( $product_id );
942
943	foreach ( $_REQUEST as $key => $value ) { // phpcs:ignore WordPress.Security.NonceVerification.Recommended
944	if ( 'attribute_' !== substr( $key, 0, 10 ) ) {
945	continue;
946	}
947
948	$variations[ sanitize_title( wp_unslash( $key ) ) ] = wp_unslash( $value );
949	}
950
951	$passed_validation = apply_filters( 'woocommerce_add_to_cart_validation', true, $product_id, $quantity, $variation_id, $variations );
952
953	if ( ! $passed_validation ) {
954	return false;
955	}
956
957	// Prevent parent variable product from being added to cart.
958	if ( empty( $variation_id ) && $product && $product->is_type( ProductType::VARIABLE ) ) {
959	/* translators: 1: product link, 2: product name */
960	wc_add_notice( sprintf( __( 'Please choose product options by visiting <a href="%1$s" title="%2$s">%2$s</a>.', 'woocommerce' ), esc_url( get_permalink( $product_id ) ), esc_html( $product->get_name() ) ), 'error' );
961
962	return false;
963	}
964
965	if ( false !== WC()->cart->add_to_cart( $product_id, $quantity, $variation_id, $variations ) ) {
966	wc_add_to_cart_message( array( $product_id => $quantity ), true );
967	return true;
968	}
969
970	return false;
971	}
972
973	/**
974	* Process the login form.
975	*
976	* @throws Exception On login error.
977	*/
978	public static function process_login() {
979
980	static $valid_nonce = null;
981
982	if ( null === $valid_nonce ) {
983	// The global form-login.php template used `_wpnonce` in template versions < 3.3.0.
984	$nonce_value = wc_get_var( $_REQUEST['woocommerce-login-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
985
986	$valid_nonce = wp_verify_nonce( $nonce_value, 'woocommerce-login' );
987	}
988
989	if ( isset( $_POST['login'], $_POST['username'], $_POST['password'] ) && $valid_nonce ) {
990
991	try {
992	$creds = array(
993	'user_login' => trim( wp_unslash( $_POST['username'] ) ), // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
994	'user_password' => $_POST['password'], // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
995	'remember' => isset( $_POST['rememberme'] ), // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
996	);
997
998	$validation_error = new WP_Error();
999	$validation_error = apply_filters( 'woocommerce_process_login_errors', $validation_error, $creds['user_login'], $creds['user_password'] );
1000
1001	if ( $validation_error->get_error_code() ) {
1002	throw new Exception( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . $validation_error->get_error_message() );
1003	}
1004
1005	if ( empty( $creds['user_login'] ) ) {
1006	throw new Exception( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . __( 'Username is required.', 'woocommerce' ) );
1007	}
1008
1009	// On multisite, ensure user exists on current site, if not add them before allowing login.
1010	if ( is_multisite() ) {
1011	$user_data = get_user_by( is_email( $creds['user_login'] ) ? 'email' : 'login', $creds['user_login'] );
1012
1013	if ( $user_data && ! is_user_member_of_blog( $user_data->ID, get_current_blog_id() ) ) {
1014	add_user_to_blog( get_current_blog_id(), $user_data->ID, 'customer' );
1015	}
1016	}
1017
1018	// Perform the login.
1019	$user = wp_signon( apply_filters( 'woocommerce_login_credentials', $creds ), is_ssl() );
1020
1021	if ( is_wp_error( $user ) ) {
1022	throw new Exception( $user->get_error_message() );
1023	} else {
1024
1025	if ( ! empty( $_POST['redirect'] ) ) {
1026	$redirect = wp_unslash( $_POST['redirect'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1027	} elseif ( wc_get_raw_referer() ) {
1028	$redirect = wc_get_raw_referer();
1029	} else {
1030	$redirect = wc_get_page_permalink( 'myaccount' );
1031	}
1032
1033	$redirect = remove_query_arg( array( 'wc_error', 'password-reset' ), $redirect );
1034
1035	wp_redirect( wp_validate_redirect( apply_filters( 'woocommerce_login_redirect', $redirect, $user ), wc_get_page_permalink( 'myaccount' ) ) ); // phpcs:ignore
1036	exit;
1037	}
1038	} catch ( Exception $e ) {
1039	wc_add_notice( apply_filters( 'login_errors', $e->getMessage() ), 'error' );
1040	do_action( 'woocommerce_login_failed' );
1041	}
1042	}
1043	}
1044
1045	/**
1046	* Handle lost password form.
1047	*/
1048	public static function process_lost_password() {
1049	if ( isset( $_POST['wc_reset_password'], $_POST['user_login'] ) ) {
1050	$nonce_value = wc_get_var( $_REQUEST['woocommerce-lost-password-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
1051
1052	if ( ! wp_verify_nonce( $nonce_value, 'lost_password' ) ) {
1053	return;
1054	}
1055
1056	$success = WC_Shortcode_My_Account::retrieve_password();
1057
1058	// If successful, redirect to my account with query arg set.
1059	if ( $success ) {
1060	wp_safe_redirect( add_query_arg( 'reset-link-sent', 'true', wc_get_account_endpoint_url( 'lost-password' ) ) );
1061	exit;
1062	}
1063	}
1064	}
1065
1066	/**
1067	* Handle reset password form.
1068	*/
1069	public static function process_reset_password() {
1070	$nonce_value = wc_get_var( $_REQUEST['woocommerce-reset-password-nonce'], wc_get_var( $_REQUEST['_wpnonce'], '' ) ); // @codingStandardsIgnoreLine.
1071
1072	if ( ! wp_verify_nonce( $nonce_value, 'reset_password' ) ) {
1073	return;
1074	}
1075
1076	$posted_fields = array( 'wc_reset_password', 'password_1', 'password_2', 'reset_key', 'reset_login' );
1077
1078	foreach ( $posted_fields as $field ) {
1079	if ( ! isset( $_POST[ $field ] ) ) {
1080	return;
1081	}
1082
1083	if ( in_array( $field, array( 'password_1', 'password_2' ), true ) ) {
1084	// Don't unslash password fields
1085	// @see https://github.com/woocommerce/woocommerce/issues/23922.
1086	$posted_fields[ $field ] = $_POST[ $field ]; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1087	} else {
1088	$posted_fields[ $field ] = wp_unslash( $_POST[ $field ] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1089	}
1090	}
1091
1092	$user = WC_Shortcode_My_Account::check_password_reset_key( $posted_fields['reset_key'], $posted_fields['reset_login'] );
1093
1094	if ( $user instanceof WP_User ) {
1095	if ( empty( $posted_fields['password_1'] ) ) {
1096	wc_add_notice( __( 'Please enter your password.', 'woocommerce' ), 'error' );
1097	}
1098
1099	if ( $posted_fields['password_1'] !== $posted_fields['password_2'] ) {
1100	wc_add_notice( __( 'Passwords do not match.', 'woocommerce' ), 'error' );
1101	}
1102
1103	$errors = new WP_Error();
1104
1105	do_action( 'validate_password_reset', $errors, $user );
1106
1107	wc_add_wp_error_notices( $errors );
1108
1109	if ( 0 === wc_notice_count( 'error' ) ) {
1110	WC_Shortcode_My_Account::reset_password( $user, $posted_fields['password_1'] );
1111
1112	do_action( 'woocommerce_customer_reset_password', $user );
1113
1114	wp_safe_redirect( add_query_arg( 'password-reset', 'true', wc_get_page_permalink( 'myaccount' ) ) );
1115	exit;
1116	}
1117	}
1118	}
1119
1120	/**
1121	* Process the registration form.
1122	*
1123	* @throws Exception On registration error.
1124	*/
1125	public static function process_registration() {
1126	$nonce_value = isset( $_POST['_wpnonce'] ) ? wp_unslash( $_POST['_wpnonce'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1127	$nonce_value = isset( $_POST['woocommerce-register-nonce'] ) ? wp_unslash( $_POST['woocommerce-register-nonce'] ) : $nonce_value; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1128
1129	if ( isset( $_POST['register'], $_POST['email'] ) && wp_verify_nonce( $nonce_value, 'woocommerce-register' ) ) {
1130	$username = 'no' === get_option( 'woocommerce_registration_generate_username' ) && isset( $_POST['username'] ) ? wp_unslash( $_POST['username'] ) : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1131	$password = 'no' === get_option( 'woocommerce_registration_generate_password' ) && isset( $_POST['password'] ) ? $_POST['password'] : ''; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.MissingUnslash
1132	$email = wp_unslash( $_POST['email'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1133
1134	try {
1135	$validation_error = new WP_Error();
1136	$validation_error = apply_filters( 'woocommerce_process_registration_errors', $validation_error, $username, $password, $email );
1137	$validation_errors = $validation_error->get_error_messages();
1138
1139	if ( 1 === count( $validation_errors ) ) {
1140	throw new Exception( $validation_error->get_error_message() );
1141	} elseif ( $validation_errors ) {
1142	foreach ( $validation_errors as $message ) {
1143	wc_add_notice( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . $message, 'error' );
1144	}
1145	throw new Exception();
1146	}
1147
1148	$new_customer = wc_create_new_customer( sanitize_email( $email ), wc_clean( $username ), $password );
1149
1150	if ( is_wp_error( $new_customer ) ) {
1151	throw new Exception( $new_customer->get_error_message() );
1152	}
1153
1154	if ( 'yes' === get_option( 'woocommerce_registration_generate_password' ) ) {
1155	wc_add_notice( __( 'Your account was created successfully and a password has been sent to your email address.', 'woocommerce' ) );
1156	} else {
1157	wc_add_notice( __( 'Your account was created successfully. Your login details have been sent to your email address.', 'woocommerce' ) );
1158	}
1159
1160	// Only redirect after a forced login - otherwise output a success notice.
1161	if ( apply_filters( 'woocommerce_registration_auth_new_customer', true, $new_customer ) ) {
1162	wc_set_customer_auth_cookie( $new_customer );
1163
1164	if ( ! empty( $_POST['redirect'] ) ) {
1165	$redirect = wp_sanitize_redirect( wp_unslash( $_POST['redirect'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
1166	} elseif ( wc_get_raw_referer() ) {
1167	$redirect = wc_get_raw_referer();
1168	} else {
1169	$redirect = wc_get_page_permalink( 'myaccount' );
1170	}
1171
1172	wp_redirect( wp_validate_redirect( apply_filters( 'woocommerce_registration_redirect', $redirect ), wc_get_page_permalink( 'myaccount' ) ) ); //phpcs:ignore WordPress.Security.SafeRedirect.wp_redirect_wp_redirect
1173	exit;
1174	}
1175	} catch ( Exception $e ) {
1176	if ( $e->getMessage() ) {
1177	wc_add_notice( '<strong>' . __( 'Error:', 'woocommerce' ) . '</strong> ' . $e->getMessage(), 'error' );
1178	}
1179	}
1180	}
1181	}
1182	}
1183
1184	WC_Form_Handler::init();
1185