Skip to content

Instantly share code, notes, and snippets.

@timnolte
Last active August 6, 2020 02:10
Show Gist options
  • Save timnolte/911bfc751469e4f592729a97b40ff582 to your computer and use it in GitHub Desktop.
Save timnolte/911bfc751469e4f592729a97b40ff582 to your computer and use it in GitHub Desktop.
WooCommerce Custom Fields with Custom Nonce and Validation
<?php
/**
* Create custom checkout field and nonce.
*
* @param WC_Checkout $checkout The checkout object.
*
* @return void
*/
function custom_checkout_field( $checkout ) {
woocommerce_form_field(
'custom_checkout_field',
array(
'type' => 'text',
'class' => array( 'custom-checkout-text-field form-row-wide' ),
'label' => __( 'Custom Field', 'plugin-text-domain' ),
'required' => true,
),
$checkout->get_value( 'custom_checkout_field' )
);
$allowed_html = array(
'input' => array(
'type' => array(),
'class' => array(),
'name' => array(),
'id' => array(),
'value' => array(),
),
);
/**
* wp_kses()
* @link https://developer.wordpress.org/reference/functions/wp_kses/
*/
echo wp_kses(
'<input type="hidden" class="input-hidden" name="_customfieldnonce" id="_customfieldnonce" value="' .
/**
* wp_create_nonce()
* @link https://developer.wordpress.org/reference/functions/wp_create_nonce/
*/
wp_create_nonce( 'custom_text_field_action' ) .
'" />',
$allowed_html
);
}
/**
* Validate the nonce & custom field being required before checkout.
*
* @return void
*/
public function custom_field_validation() {
if ( ! empty( $_REQUEST['_customfieldnonce'] ) &&
/**
* wp_verify_nonce()
* (int|false) 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. False if the nonce is invalid.
* @link https://developer.wordpress.org/reference/functions/wp_verify_nonce/#return
*/
wp_verify_nonce( sanitize_text_field( stripslashes_from_strings_only( $_REQUEST['_customfieldnonce'] ) ), 'custom_text_field_action' ) == 1 ) {
// Check if set, if its not set add an error.
if ( empty( wc_get_post_data_by_key( 'custom_checkout_field' ) ) ) {
wc_add_notice( __( 'Please enter a value.', 'plugin-text-domain' ), 'error' );
}
} else {
// Bad or expired nonce.
wc_add_notice( __( 'Expired or invalid submission!.', 'plugin-text-domain' ), 'error' );
}
}
/**
* Update the order meta with the custom text field value.
*
* @param integer $order_id The ID of the order you want meta data for.
*
* @return void
*/
public function update_order_meta( $order_id ) {
if ( ! empty( $_REQUEST['_customfieldnonce'] ) &&
/**
* wp_verify_nonce()
* (int|false) 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. False if the nonce is invalid.
* @link https://developer.wordpress.org/reference/functions/wp_verify_nonce/#return
*/
wp_verify_nonce( sanitize_text_field( stripslashes_from_strings_only( $_REQUEST['_customfieldnonce'] ) ), 'custom_text_field_action' ) == 1 ) {
// Check if set, if its not set add an error.
if ( empty( wc_get_post_data_by_key( 'custom_checkout_field' ) ) ) {
update_post_meta( $order_id, '_custom_checkout_field', wc_get_post_data_by_key( 'custom_checkout_field' ) );
}
} else {
// Bad or expired nonce.
wc_add_notice( __( 'Expired or invalid submission!', 'plugin-text-domain' ), 'error' );
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment