Automattic\WooCommerce\Api\Pagination

IdCursorFilter::decode_id_cursorpublic staticWC 1.0

Decode a base64-encoded ID cursor into a positive integer.

Resolvers encode cursors via base64_encode( (string)$id) on the way out; this is the symmetric decode. base64_decode(..., true) returns false for malformed input, which (int) casts to 0 and {@see self::apply()} would silently treat as "no cursor" — leaving clients with unfiltered results instead of a clear error. Validate explicitly and throw INVALID_ARGUMENT → HTTP 400 on any bad input.

Method of the class: IdCursorFilter{}

No Hooks.

Returns

Int. The decoded positive integer ID.

Usage

$result = IdCursorFilter::decode_id_cursor( $cursor, $name ): int;
$cursor(string) (required)
The client-supplied cursor string.
$name(string) (required)
Which cursor argument (after / before), for error messages.

IdCursorFilter::decode_id_cursor() code WC 10.9.1

public static function decode_id_cursor( string $cursor, string $name ): int {
	$raw = base64_decode( $cursor, true );
	if ( false === $raw || ! ctype_digit( $raw ) || (int) $raw <= 0 ) {
		// phpcs:disable WordPress.Security.EscapeOutput.ExceptionNotEscaped -- Not HTML; serialized as JSON.
		throw new ApiException(
			sprintf( 'Invalid `%s` cursor.', $name ),
			'INVALID_ARGUMENT',
			status_code: 400,
		);
		// phpcs:enable WordPress.Security.EscapeOutput.ExceptionNotEscaped
	}
	return (int) $raw;
}