WC_WCCOM_Site::verify_wccom_request( string $body, string $signature, string $access_token_secret )
Verify WooCommerce.com request from a given body and signature request.
Description Description
Parameters Parameters
- $body
-
(Required) Request body.
- $signature
-
(Required) Request signature found in X-Woo-Signature header.
- $access_token_secret
-
(Required) Access token secret for this site.
Return Return
(bool)
Source Source
File: includes/wccom-site/class-wc-wccom-site.php
protected static function verify_wccom_request( $body, $signature, $access_token_secret ) {
// phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotValidated, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
$data = array(
'host' => $_SERVER['HTTP_HOST'],
'request_uri' => urldecode( remove_query_arg( array( 'token', 'signature' ), $_SERVER['REQUEST_URI'] ) ),
'method' => strtoupper( $_SERVER['REQUEST_METHOD'] ),
);
// phpcs:enable
if ( ! empty( $body ) ) {
$data['body'] = $body;
}
$expected_signature = hash_hmac( 'sha256', wp_json_encode( $data ), $access_token_secret );
return hash_equals( $expected_signature, $signature );
}
Changelog Changelog
| Version | Description |
|---|---|
| 3.7.0 | Introduced. |