woocommerce/woocommerce-paypal-payments
2
0
Fork 0
mirror of https://github.com/woocommerce/woocommerce-paypal-payments.git synced 2025-09-06 12:25:15 +08:00
Code Issues Projects Packages Wiki Activity Actions

prevent failing the nonce validation // pcp-14

Browse source
This commit is contained in:
David Remer 2020-05-27 09:58:33 +03:00
parent c3d07e74ff
commit 772c1f52d7
1 changed files with 15 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
modules.local/ppcp-button/src/Endpoint/RequestData.php
View file

@ -13,18 +13,33 @@ class RequestData
{ {
$stream = file_get_contents('php://input'); $stream = file_get_contents('php://input');
$json = json_decode($stream, true); $json = json_decode($stream, true);
add_filter('nonce_user_logged_out', array($this, 'nonceFix'), 100);
if ( if (
! isset($json['nonce']) ! isset($json['nonce'])
|| !wp_verify_nonce($json['nonce'], $nonce) || !wp_verify_nonce($json['nonce'], $nonce)
) { ) {
remove_filter('nonce_user_logged_out', array($this, 'nonceFix'), 100);
throw new RuntimeException( throw new RuntimeException(
__('Could not validate nonce.', 'woocommerce-paypal-commerce-gateway') __('Could not validate nonce.', 'woocommerce-paypal-commerce-gateway')
); );
} }
remove_filter('nonce_user_logged_out', array($this, 'nonceFix'), 100);
return $this->sanitize($json); return $this->sanitize($json);
} }
/**
* woocommerce will give you a customer object on your 2nd request. the first page
* load will not yet have this customer object, but the ajax request will. Therefore
* the nonce validation will fail. this fixes this problem:
*
* @wp-hook nonce_user_logged_out
* @see https://github.com/woocommerce/woocommerce/blob/69e3835041113bee80379c1037e97e26815a699b/includes/class-wc-session-handler.php#L288-L296 * @return int
*/
public function nonceFix() {
return 0;
}
private function sanitize(array $assocArray): array private function sanitize(array $assocArray): array
{ {
$data = []; $data = [];