Removed nonce helper

@coe

admin/woocommerce-admin-settings.php

@@ -204,7 +204,7 @@ function woocommerce_settings() {
 						do_action( 'woocommerce_settings_tabs' );
 					?>
 				</h2>
-				<?php wp_nonce_field( 'woocommerce-settings', '_wpnonce', true, true ); ?>
+				<?php wp_nonce_field( 'woocommerce-settings' ); ?>
 
 				<?php if ( ! get_option('hide-wc-extensions-message') ) : ?>
 					<div id="woocommerce_extensions"><a href="<?php echo add_query_arg('hide-wc-extensions-message', 'true') ?>" class="hide">&times;</a><?php printf(__( 'More functionality and gateway options available via <a href="%s" target="_blank">WC official extensions</a>.', 'woocommerce' ), 'http://www.woothemes.com/extensions/woocommerce-extensions/'); ?></div>

includes/class-wc-cart.php

@@ -682,7 +682,7 @@ public function get_remove_url( $cart_item_key ) {
 			global $woocommerce;
 			$cart_page_id = woocommerce_get_page_id('cart');
 			if ($cart_page_id)
-				return apply_filters( 'woocommerce_get_remove_url', $woocommerce->get_helper( 'nonce' )->nonce_url( 'cart', add_query_arg( 'remove_item', $cart_item_key, get_permalink($cart_page_id) ) ) );
+				return apply_filters( 'woocommerce_get_remove_url', wp_nonce_url( add_query_arg( 'remove_item', $cart_item_key, get_permalink( $cart_page_id ) ), 'woocommerce-cart' ) );
 		}
 
 		/**

includes/class-wc-checkout.php

@@ -340,7 +340,7 @@ public function create_order() {
 	public function process_checkout() {
 		global $wpdb, $woocommerce, $current_user;
 
-		$woocommerce->get_helper( 'nonce' )->verify_nonce( 'process_checkout' );
+		wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-process_checkout' );
 
 		if ( ! defined( 'WOOCOMMERCE_CHECKOUT' ) )
 			define( 'WOOCOMMERCE_CHECKOUT', true );

includes/class-wc-order.php

@@ -1147,7 +1147,7 @@ public function get_checkout_order_received_url() {
 	 */
 	public function get_cancel_order_url() {
 		global $woocommerce;
-		return apply_filters('woocommerce_get_cancel_order_url', $woocommerce->get_helper( 'nonce' )->nonce_url( 'cancel_order', add_query_arg('cancel_order', 'true', add_query_arg('order', $this->order_key, add_query_arg('order_id', $this->id, trailingslashit( home_url() ))))));
+		return apply_filters('woocommerce_get_cancel_order_url', wp_nonce_url( add_query_arg( array( 'cancel_order' => 'true', 'order' => $this->order_key, 'order_id' => $this->id ), trailingslashit( home_url() ) ), 'woocommerce-cancel_order' ) );
 	}
 
 	/**

includes/shortcodes/class-wc-shortcode-cart.php

@@ -38,7 +38,7 @@ public static function output( $atts ) {
 			$woocommerce->cart->remove_coupons( $_GET['remove_discounts'] );
 
 		// Update Shipping
-		} elseif ( ! empty( $_POST['calc_shipping'] ) && $woocommerce->get_helper( 'nonce' )->verify_nonce('cart') ) {
+		} elseif ( ! empty( $_POST['calc_shipping'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-cart' ) ) {
 
 			$validation = $woocommerce->validation();
 

includes/shortcodes/class-wc-shortcode-lost-password.php

@@ -42,7 +42,7 @@ public static function output( $atts ) {
 		// process lost password form
 		if( isset( $_POST['user_login'] ) ) {
 
-			$woocommerce->get_helper( 'nonce' )->verify_nonce( 'lost_password' );
+			wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-lost_password' );
 
 			self::retrieve_password();
 		}
@@ -72,7 +72,7 @@ public static function output( $atts ) {
 				$args['key'] = esc_attr( $_POST['reset_key'] );
 				$args['login'] = esc_attr( $_POST['reset_login'] );
 
-				$woocommerce->get_helper( 'nonce' )->verify_nonce( 'reset_password' );
+				wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-reset_password' );
 
 				if( empty( $_POST['password_1'] ) || empty( $_POST['password_2'] ) ) {
 					wc_add_error( __( 'Please enter your password.', 'woocommerce' ) );

includes/shortcodes/class-wc-shortcode-order-tracking.php

@@ -41,7 +41,7 @@ public static function output( $atts ) {
 
 		if ( ! empty( $_REQUEST['orderid'] ) ) {
 
-			$woocommerce->get_helper( 'nonce' )->verify_nonce( 'order_tracking' );
+			wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-order_tracking' );
 
 			$order_id 		= empty( $_REQUEST['orderid'] ) ? 0 : esc_attr( $_REQUEST['orderid'] );
 			$order_email	= empty( $_REQUEST['order_email'] ) ? '' : esc_attr( $_REQUEST['order_email']) ;

templates/cart/cart.php

@@ -135,7 +135,7 @@
 
 				<?php do_action('woocommerce_proceed_to_checkout'); ?>
 
-				<?php $woocommerce->get_helper( 'nonce' )->nonce_field('cart') ?>
+				<?php wp_nonce_field( 'woocommerce-cart') ?>
 			</td>
 		</tr>
 

templates/cart/shipping-calculator.php

@@ -84,7 +84,7 @@
 
 		<p><button type="submit" name="calc_shipping" value="1" class="button"><?php _e( 'Update Totals', 'woocommerce' ); ?></button></p>
 
-		<?php $woocommerce->get_helper( 'nonce' )->nonce_field('cart') ?>
+		<?php wp_nonce_field( 'woocommerce-cart') ?>
 	</section>
 </form>
 

templates/checkout/form-pay.php

@@ -83,7 +83,7 @@
 		<?php endif; ?>
 
 		<div class="form-row">
-			<?php $woocommerce->get_helper( 'nonce' )->nonce_field('pay')?>
+			<?php wp_nonce_field( 'woocommerce-pay')?>
 			<input type="submit" class="button alt" id="place_order" value="<?php _e( 'Pay for order', 'woocommerce' ); ?>" />
 			<input type="hidden" name="woocommerce_pay" value="1" />
 		</div>

templates/checkout/review-order.php

@@ -184,7 +184,7 @@
 
 			<noscript><?php _e( 'Since your browser does not support JavaScript, or it is disabled, please ensure you click the <em>Update Totals</em> button before placing your order. You may be charged more than the amount stated above if you fail to do so.', 'woocommerce' ); ?><br/><input type="submit" class="button alt" name="woocommerce_checkout_update_totals" value="<?php _e( 'Update totals', 'woocommerce' ); ?>" /></noscript>
 
-			<?php $woocommerce->get_helper( 'nonce' )->nonce_field('process_checkout')?>
+			<?php wp_nonce_field( 'woocommerce-process_checkout')?>
 
 			<?php do_action( 'woocommerce_review_order_before_submit' ); ?>
 

templates/myaccount/form-change-password.php

@@ -28,7 +28,7 @@
 
 	<p><input type="submit" class="button" name="change_password" value="<?php _e( 'Save', 'woocommerce' ); ?>" /></p>
 
-	<?php $woocommerce->get_helper( 'nonce' )->nonce_field('change_password')?>
+	<?php wp_nonce_field( 'woocommerce-change_password')?>
 	<input type="hidden" name="action" value="change_password" />
 
 </form>

templates/myaccount/form-edit-address.php

@@ -41,7 +41,7 @@
 
 		<p>
 			<input type="submit" class="button" name="save_address" value="<?php _e( 'Save Address', 'woocommerce' ); ?>" />
-			<?php $woocommerce->get_helper( 'nonce' )->nonce_field('edit_address') ?>
+			<?php wp_nonce_field( 'woocommerce-edit_address') ?>
 			<input type="hidden" name="action" value="edit_address" />
 		</p>
 

templates/myaccount/form-login.php

@@ -36,7 +36,7 @@
 			</p>
 
 			<p class="form-row">
-				<?php $woocommerce->get_helper( 'nonce' )->nonce_field('login', 'login') ?>
+				<?php wp_nonce_field( 'woocommerce-login', 'login') ?>
 				<input type="submit" class="button" name="login" value="<?php _e( 'Login', 'woocommerce' ); ?>" /> <a class="lost_password" href="<?php
 
 				$lost_password_page_id = woocommerce_get_page_id( 'lost_password' );
@@ -85,7 +85,7 @@
 			<?php do_action( 'register_form' ); ?>
 
 			<p class="form-row">
-				<?php $woocommerce->get_helper( 'nonce' )->nonce_field('register', 'register') ?>
+				<?php wp_nonce_field( 'woocommerce-register', 'register') ?>
 				<input type="submit" class="button" name="register" value="<?php _e( 'Register', 'woocommerce' ); ?>" />
 			</p>
 		</form>

templates/myaccount/form-lost-password.php

@@ -43,6 +43,6 @@
     <div class="clear"></div>
 
     <p class="form-row"><input type="submit" class="button" name="reset" value="<?php echo 'lost_password' == $args['form'] ? __( 'Reset Password', 'woocommerce' ) : __( 'Save', 'woocommerce' ); ?>" /></p>
-	<?php $woocommerce->get_helper( 'nonce' )->nonce_field( $args['form'] ); ?>
+	<?php wp_nonce_field( $args['form'] ); ?>
 
 </form>

templates/order/form-tracking.php

@@ -21,6 +21,6 @@
 	<div class="clear"></div>
 
 	<p class="form-row"><input type="submit" class="button" name="track" value="<?php _e( 'Track', 'woocommerce' ); ?>" /></p>
-	<?php $woocommerce->get_helper( 'nonce' )->nonce_field('order_tracking') ?>
+	<?php wp_nonce_field( 'woocommerce-order_tracking') ?>
 
 </form>

templates/shop/form-login.php

@@ -27,7 +27,7 @@
 	<div class="clear"></div>
 
 	<p class="form-row">
-		<?php $woocommerce->get_helper( 'nonce' )->nonce_field('login', 'login') ?>
+		<?php wp_nonce_field( 'woocommerce-login' ) ?>
 		<input type="submit" class="button" name="login" value="<?php _e( 'Login', 'woocommerce' ); ?>" />
 		<input type="hidden" name="redirect" value="<?php echo esc_url( $redirect ) ?>" />
 		<a class="lost_password" href="<?php echo esc_url( wp_lostpassword_url( home_url() ) ); ?>"><?php _e( 'Lost Password?', 'woocommerce' ); ?></a>

templates/single-product-reviews.php

@@ -104,7 +104,7 @@
 
 	}
 
-	$comment_form['comment_field'] .= '<p class="comment-form-comment"><label for="comment">' . __( 'Your Review', 'woocommerce' ) . '</label><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true"></textarea></p>' . $woocommerce->get_helper( 'nonce' )->nonce_field('comment_rating', true, false);
+	$comment_form['comment_field'] .= '<p class="comment-form-comment"><label for="comment">' . __( 'Your Review', 'woocommerce' ) . '</label><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true"></textarea></p>' . wp_nonce_field( 'woocommerce-comment_rating', true, false);
 
 	comment_form( apply_filters( 'woocommerce_product_review_comment_form_args', $comment_form ) );
 

woocommerce-functions.php

@@ -211,7 +211,7 @@ function woocommerce_update_cart_action() {
 	global $woocommerce;
 
 	// Remove from cart
-	if ( isset($_GET['remove_item']) && $_GET['remove_item'] && $woocommerce->get_helper( 'nonce' )->verify_nonce('cart', '_GET')) {
+	if ( ! empty( $_GET['remove_item'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'woocommerce-cart' ) ) {
 
 		$woocommerce->cart->set_quantity( $_GET['remove_item'], 0 );
 
@@ -222,7 +222,7 @@ function woocommerce_update_cart_action() {
 		exit;
 
 	// Update Cart
-	} elseif ( ( ! empty( $_POST['update_cart'] ) || ! empty( $_POST['proceed'] ) ) && $woocommerce->get_helper( 'nonce' )->verify_nonce('cart')) {
+	} elseif ( ( ! empty( $_POST['update_cart'] ) || ! empty( $_POST['proceed'] ) ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-cart' ) ) {
 
 		$cart_totals = isset( $_POST['cart'] ) ? $_POST['cart'] : '';
 
@@ -567,7 +567,7 @@ function woocommerce_checkout_action() {
 function woocommerce_pay_action() {
 	global $woocommerce, $wp;
 
-	if ( isset( $_POST['woocommerce_pay'] ) && $woocommerce->get_helper( 'nonce' )->verify_nonce( 'pay' ) ) {
+	if ( isset( $_POST['woocommerce_pay'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-pay' ) ) {
 
 		ob_start();
 
@@ -644,7 +644,7 @@ function woocommerce_process_login() {
 
 	if ( ! empty( $_POST['login'] ) ) {
 
-		$woocommerce->get_helper( 'nonce' )->verify_nonce( 'login' );
+		wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-login' );
 
 		try {
 			$creds = array();
@@ -711,7 +711,7 @@ function woocommerce_create_new_customer( $email, $username = '', $password = ''
 	if ( email_exists( $email ) )
 		return new WP_Error( "registration-error", __( "An account is already registered with your email address. Please login.", "woocommerce" ) );
 
-	$woocommerce->get_helper( 'nonce' )->verify_nonce( 'register' );
+	wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-register' );
 
 	// Handle username creation
 	if ( get_option( 'woocommerce_registration_generate_username' ) == 'no' || ! empty( $username ) ) {
@@ -864,7 +864,7 @@ function woocommerce_order_again() {
 	global $woocommerce;
 
 	// Nothing to do
-	if ( ! isset( $_GET['order_again'] ) || ! is_user_logged_in() || ! $woocommerce->verify_nonce( 'order_again', '_GET' ) || ! $woocommerce->get_helper( 'nonce' )->verify_nonce( 'order_again', '_GET' ) )
+	if ( ! isset( $_GET['order_again'] ) || ! is_user_logged_in() || ! $woocommerce->verify_nonce( 'order_again', '_GET' ) || ! wp_verify_nonce( $_GET['_wpnonce'], 'woocommerce-order_again' ) )
 		return;
 
 	// Clear current cart
@@ -929,7 +929,7 @@ function woocommerce_cancel_order() {
 
 		$order = new WC_Order( $order_id );
 
-		if ( $order->id == $order_id && $order->order_key == $order_key && in_array( $order->status, array( 'pending', 'failed' ) ) && $woocommerce->get_helper( 'nonce' )->verify_nonce( 'cancel_order', '_GET' ) ) :
+		if ( $order->id == $order_id && $order->order_key == $order_key && in_array( $order->status, array( 'pending', 'failed' ) ) && wp_verify_nonce( $_GET['_wpnonce'], 'woocommerce-cancel_order' ) ) :
 
 			// Cancel the order + restore stock
 			$order->cancel_order( __('Order cancelled by customer.', 'woocommerce' ) );
@@ -1303,7 +1303,7 @@ function woocommerce_check_comment_rating( $comment_data ) {
 	global $woocommerce;
 
 	// If posting a comment (not trackback etc) and not logged in
-	if ( isset( $_POST['rating'] ) && ! $woocommerce->get_helper( 'nonce' )->verify_nonce('comment_rating') )
+	if ( isset( $_POST['rating'] ) && ! wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-comment_rating' ) )
 		wp_die( __( 'You have taken too long. Please go back and refresh the page.', 'woocommerce' ) );
 
 	elseif ( isset( $_POST['rating'] ) && empty( $_POST['rating'] ) && $comment_data['comment_type'] == '' && get_option('woocommerce_review_rating_required') == 'yes' ) {
@@ -1588,7 +1588,7 @@ function woocommerce_save_account_details() {
 	if ( empty( $_POST[ 'action' ] ) || ( 'save_account_details' !== $_POST[ 'action' ] ) )
 		return;
 
-	$woocommerce->get_helper( 'nonce' )->verify_nonce( 'save_account_details' );
+	wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-save_account_details' );
 
 	$update       = true;
 	$errors       = new WP_Error();
@@ -1666,7 +1666,7 @@ function woocommerce_save_address() {
 	if ( empty( $_POST[ 'action' ] ) || ( 'edit_address' !== $_POST[ 'action' ] ) )
 		return;
 
-	$woocommerce->get_helper( 'nonce' )->verify_nonce( 'edit_address' );
+	wp_verify_nonce( $_POST['_wpnonce'], 'woocommerce-edit_address' );
 
 	$validation = $woocommerce->validation();
 

woocommerce-template.php

@@ -1228,7 +1228,7 @@ function woocommerce_order_again_button( $order ) {
 
 		?>
 		<p class="order-again">
-			<a href="<?php echo esc_url( $woocommerce->nonce_url( 'order_again', add_query_arg( 'order_again', $order->id ) ) ); ?>" class="button"><?php _e( 'Order Again', 'woocommerce' ); ?></a>
+			<a href="<?php echo esc_url( wp_nonce_url( add_query_arg( 'order_again', $order->id ) ), 'woocommerce-order_again' ); ?>" class="button"><?php _e( 'Order Again', 'woocommerce' ); ?></a>
 		</p>
 		<?php
 	}

woocommerce.php

@@ -936,22 +936,22 @@ public function output_inline_js() {
 		$this->get_helper( 'inline-javascript' )->output_inline_js();
 	}
 
-	// Deprecated 2.1.0 Access via the WC_Nonce_Helper helper
+	// Deprecated 2.1.0
 	public function nonce_field( $action, $referer = true , $echo = true ) {
-		_deprecated_function( 'Woocommerce->nonce_field', '2.1', 'WC_Nonce_Helper->nonce_field' );
-		return $this->get_helper( 'nonce' )->nonce_field( $action, $referer, $echo );
+		_deprecated_function( 'Woocommerce->nonce_field', '2.1', 'wp_nonce_field' );
+		return wp_nonce_field('woocommerce-' . $action, '_wpnonce', $referer, $echo );
 	}
 
-	// Deprecated 2.1.0 Access via the WC_Nonce_Helper helper
+	// Deprecated 2.1.0
 	public function nonce_url( $action, $url = '' ) {
-		_deprecated_function( 'Woocommerce->nonce_url', '2.1', 'WC_Nonce_Helper->nonce_url' );
-		return $this->get_helper( 'nonce' )->nonce_url( $action, $url );
+		_deprecated_function( 'Woocommerce->nonce_url', '2.1', 'wp_nonce_url' );
+		return wp_nonce_url( $url , 'woocommerce-' . $action );
 	}
 
 	// Deprecated 2.1.0 Access via the WC_Nonce_Helper helper
-	public function verify_nonce( $action, $method='_POST', $error_message = false ) {
+	public function verify_nonce( $action, $method = '_POST', $error_message = false ) {
 		_deprecated_function( 'Woocommerce->verify_nonce', '2.1', 'WC_Nonce_Helper->verify_nonce' );
-		return $this->get_helper( 'nonce' )->verify_nonce( $action, $method, $error_message );
+		return wp_verify_nonce( $$_method[ '_wpnonce' ], 'woocommerce-' . $action );
 	}
 
 	// Deprecated 2.1.0 Access via the WC_Shortcode_Helper helper