Check nonces

modules/ppcp-subscription/src/SubscriptionModule.php

@@ -100,7 +100,7 @@ class SubscriptionModule implements ModuleInterface {
 		add_filter(
 			'ppcp_create_order_request_body_data',
 			function( array $data ) use ( $c ) {
-				// phpcs:ignore WordPress.Security.NonceVerification.Missing)
+				// phpcs:ignore WordPress.Security.NonceVerification.Missing
 				$wc_order_action = wc_clean( wp_unslash( $_POST['wc_order_action'] ?? '' ) );
 				if (
 					$wc_order_action === 'wcs_process_renewal'

modules/ppcp-vaulting/src/CustomerApprovalListener.php

@@ -53,6 +53,7 @@ class CustomerApprovalListener {
 	 * @return void
 	 */
 	public function listen(): void {
+		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
 		$token = wc_clean( wp_unslash( $_GET['approval_token_id'] ?? '' ) );
 		if ( ! $token ) {
 			return;

modules/ppcp-vaulting/src/VaultedCreditCardHandler.php

@@ -144,6 +144,7 @@ class VaultedCreditCardHandler {
 		WC_Order $wc_order
 	): WC_Order {
 		if (
+			// phpcs:ignore WordPress.Security.NonceVerification.Missing
 			isset( $_POST['woocommerce_change_payment'] )
 			&& $this->subscription_helper->has_subscription( $wc_order->get_id() )
 			&& $this->subscription_helper->is_subscription_change_payment()

modules/ppcp-wc-gateway/src/Gateway/PayUponInvoice/FraudNetSessionId.php

@@ -33,6 +33,7 @@ class FraudNetSessionId {
 
 		// phpcs:ignore WordPress.Security.NonceVerification.Recommended
 		if ( isset( $_GET['pay_for_order'] ) && 'true' === $_GET['pay_for_order'] ) {
+			// phpcs:ignore WordPress.Security.NonceVerification.Missing
 			$pui_pay_for_order_session_id = wc_clean( wp_unslash( $_POST['pui_pay_for_order_session_id'] ?? '' ) );
 			if ( $pui_pay_for_order_session_id && '' !== $pui_pay_for_order_session_id ) {
 				return $pui_pay_for_order_session_id;

modules/ppcp-wc-gateway/src/Gateway/PayUponInvoice/PayUponInvoice.php

@@ -425,6 +425,7 @@ class PayUponInvoice {
 					$errors->add( 'validation', __( 'Invalid birth date.', 'woocommerce-paypal-payments' ) );
 				}
 
+				// phpcs:ignore WordPress.Security.NonceVerification.Missing
 				$national_number = wc_clean( wp_unslash( $_POST['billing_phone'] ?? 0 ) );
 				if ( ! $national_number ) {
 					$errors->add( 'validation', __( 'Phone field cannot be empty.', 'woocommerce-paypal-payments' ) );
@@ -530,7 +531,7 @@ class PayUponInvoice {
 			'add_meta_boxes',
 			function( string $post_type ) {
 				if ( $post_type === 'shop_order' ) {
-					// phpcs:ignore WordPress.Security.NonceVerification.Missing
+					// phpcs:ignore WordPress.Security.NonceVerification.Recommended
 					$post_id = wc_clean( wp_unslash( $_GET['post'] ?? 0 ) );
 					$order   = wc_get_order( $post_id );
 					if ( is_a( $order, WC_Order::class ) && $order->get_payment_method() === PayUponInvoiceGateway::ID ) {

modules/ppcp-wc-gateway/src/Gateway/PayUponInvoice/PayUponInvoiceGateway.php

@@ -205,6 +205,7 @@ class PayUponInvoiceGateway extends WC_Payment_Gateway {
 		$wc_order = wc_get_order( $order_id );
 		// phpcs:disable WordPress.Security.NonceVerification.Missing
 		$birth_date = wc_clean( wp_unslash( $_POST['billing_birth_date'] ?? '' ) );
+		// phpcs:disable WordPress.Security.NonceVerification.Recommended
 		$pay_for_order = wc_clean( wp_unslash( $_GET['pay_for_order'] ?? '' ) );
 		if ( 'true' === $pay_for_order ) {
 			if ( ! $this->checkout_helper->validate_birth_date( $birth_date ) ) {

modules/ppcp-wc-gateway/src/Gateway/PayUponInvoice/PaymentSourceFactory.php

@@ -25,6 +25,7 @@ class PaymentSourceFactory {
 	 */
 	public function from_wc_order( WC_Order $order, string $birth_date ) {
 		$address = $order->get_address();
+		// phpcs:ignore WordPress.Security.NonceVerification.Missing
 		$phone              = wc_clean( wp_unslash( $_POST['billing_phone'] ?? '' ) ) ?? $address['phone'] ?? '';
 		$phone_country_code = WC()->countries->get_country_calling_code( $address['country'] );
 		$phone_country_code = is_array( $phone_country_code ) && ! empty( $phone_country_code ) ? $phone_country_code[0] : $phone_country_code;