Last active
August 6, 2020 02:10
-
-
Save timnolte/911bfc751469e4f592729a97b40ff582 to your computer and use it in GitHub Desktop.
WooCommerce Custom Fields with Custom Nonce and Validation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Create custom checkout field and nonce. | |
| * | |
| * @param WC_Checkout $checkout The checkout object. | |
| * | |
| * @return void | |
| */ | |
| function custom_checkout_field( $checkout ) { | |
| woocommerce_form_field( | |
| 'custom_checkout_field', | |
| array( | |
| 'type' => 'text', | |
| 'class' => array( 'custom-checkout-text-field form-row-wide' ), | |
| 'label' => __( 'Custom Field', 'plugin-text-domain' ), | |
| 'required' => true, | |
| ), | |
| $checkout->get_value( 'custom_checkout_field' ) | |
| ); | |
| $allowed_html = array( | |
| 'input' => array( | |
| 'type' => array(), | |
| 'class' => array(), | |
| 'name' => array(), | |
| 'id' => array(), | |
| 'value' => array(), | |
| ), | |
| ); | |
| /** | |
| * wp_kses() | |
| * @link https://developer.wordpress.org/reference/functions/wp_kses/ | |
| */ | |
| echo wp_kses( | |
| '<input type="hidden" class="input-hidden" name="_customfieldnonce" id="_customfieldnonce" value="' . | |
| /** | |
| * wp_create_nonce() | |
| * @link https://developer.wordpress.org/reference/functions/wp_create_nonce/ | |
| */ | |
| wp_create_nonce( 'custom_text_field_action' ) . | |
| '" />', | |
| $allowed_html | |
| ); | |
| } | |
| /** | |
| * Validate the nonce & custom field being required before checkout. | |
| * | |
| * @return void | |
| */ | |
| public function custom_field_validation() { | |
| if ( ! empty( $_REQUEST['_customfieldnonce'] ) && | |
| /** | |
| * wp_verify_nonce() | |
| * (int|false) 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. False if the nonce is invalid. | |
| * @link https://developer.wordpress.org/reference/functions/wp_verify_nonce/#return | |
| */ | |
| wp_verify_nonce( sanitize_text_field( stripslashes_from_strings_only( $_REQUEST['_customfieldnonce'] ) ), 'custom_text_field_action' ) == 1 ) { | |
| // Check if set, if its not set add an error. | |
| if ( empty( wc_get_post_data_by_key( 'custom_checkout_field' ) ) ) { | |
| wc_add_notice( __( 'Please enter a value.', 'plugin-text-domain' ), 'error' ); | |
| } | |
| } else { | |
| // Bad or expired nonce. | |
| wc_add_notice( __( 'Expired or invalid submission!.', 'plugin-text-domain' ), 'error' ); | |
| } | |
| } | |
| /** | |
| * Update the order meta with the custom text field value. | |
| * | |
| * @param integer $order_id The ID of the order you want meta data for. | |
| * | |
| * @return void | |
| */ | |
| public function update_order_meta( $order_id ) { | |
| if ( ! empty( $_REQUEST['_customfieldnonce'] ) && | |
| /** | |
| * wp_verify_nonce() | |
| * (int|false) 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. False if the nonce is invalid. | |
| * @link https://developer.wordpress.org/reference/functions/wp_verify_nonce/#return | |
| */ | |
| wp_verify_nonce( sanitize_text_field( stripslashes_from_strings_only( $_REQUEST['_customfieldnonce'] ) ), 'custom_text_field_action' ) == 1 ) { | |
| // Check if set, if its not set add an error. | |
| if ( empty( wc_get_post_data_by_key( 'custom_checkout_field' ) ) ) { | |
| update_post_meta( $order_id, '_custom_checkout_field', wc_get_post_data_by_key( 'custom_checkout_field' ) ); | |
| } | |
| } else { | |
| // Bad or expired nonce. | |
| wc_add_notice( __( 'Expired or invalid submission!', 'plugin-text-domain' ), 'error' ); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment