WC_Meta_Box_Order_Data::savepublic staticWC 1.0

Save meta box data.

Method of the class: WC_Meta_Box_Order_Data{}

No Hooks.

Returns

null. Nothing (null).

Usage

$result = WC_Meta_Box_Order_Data::save( $order_id );
$order_id(int) (required)
Order ID.

WC_Meta_Box_Order_Data::save() code WC 10.7.0

woocommerce/includes/admin/meta-boxes/class-wc-meta-box-order-data.php 
public static function save( $order_id ) {
	// phpcs:disable WordPress.Security.NonceVerification.Missing

	if ( ! isset( $_POST['order_status'] ) ) {
		throw new Exception( __( 'Order status is missing.', 'woocommerce' ), 400 );
	}

	if ( ! isset( $_POST['_payment_method'] ) ) {
		throw new Exception( __( 'Payment method is missing.', 'woocommerce' ), 400 );
	}

	// Ensure gateways are loaded in case they need to insert data into the emails.
	WC()->payment_gateways();
	WC()->shipping();

	// Get order object.
	$order = wc_get_order( $order_id );
	$props = array();

	// Create order key.
	if ( ! $order->get_order_key() ) {
		$props['order_key'] = wc_generate_order_key();
	}

	// Update customer.
	$customer_id = isset( $_POST['customer_user'] ) ? absint( $_POST['customer_user'] ) : 0;

	$selected_customer = Users::get_user_in_current_site( $customer_id );

	// Only update the customer ID if it's a guest (0) or if it's a different customer that exists in the current site.
	// If the customer doesn't exist in the current site (is_wp_error), we won't update the customer ID.
	$is_valid_guest_or_new_customer = $customer_id !== $order->get_customer_id() && ( 0 === $customer_id || ! is_wp_error( $selected_customer ) );
	if ( $is_valid_guest_or_new_customer ) {
		$props['customer_id'] = $customer_id;
	}

	// Update billing fields.
	$billing_fields = self::get_billing_fields( $order, 'edit' );

	// Only update billing fields if the order is for a valid user in the current site.
	// This is to prevent the user from being able to update the billing address of a user that does not exist in the current site.
	$save_metadata_for_guest_user_or_a_valid_user = 0 === $customer_id || ! is_wp_error( $selected_customer );

	if ( ! empty( $billing_fields ) && $save_metadata_for_guest_user_or_a_valid_user ) {
		foreach ( $billing_fields as $key => $field ) {
			if ( ! isset( $field['id'] ) ) {
				$field['id'] = '_billing_' . $key;
			}

			if ( ! isset( $_POST[ $field['id'] ] ) ) {
				continue;
			}

			$value = wc_clean( wp_unslash( $_POST[ $field['id'] ] ) );

			// Update a field if it includes an update callback.
			if ( isset( $field['update_callback'] ) ) {
				call_user_func( $field['update_callback'], $field['id'], $value, $order );
			} elseif ( is_callable( array( $order, 'set_billing_' . $key ) ) ) {
				$props[ 'billing_' . $key ] = $value;
			} else {
				$order->update_meta_data( $field['id'], $value );
			}
		}
	}

	// Update shipping fields.
	$shipping_fields = self::get_shipping_fields( $order, 'edit' );

	// Only update shipping fields if the order is for a valid user in the current site.
	// This is to prevent the user from being able to update the shipping address of a user that does not exist in the current site.
	if ( ! empty( $shipping_fields ) && $save_metadata_for_guest_user_or_a_valid_user ) {
		foreach ( $shipping_fields as $key => $field ) {
			if ( ! isset( $field['id'] ) ) {
				$field['id'] = '_shipping_' . $key;
			}

			if ( ! isset( $_POST[ $field['id'] ] ) ) {
				continue;
			}

			$value = isset( $_POST[ $field['id'] ] ) ? wc_clean( wp_unslash( $_POST[ $field['id'] ] ) ) : '';

			// Update a field if it includes an update callback.
			if ( isset( $field['update_callback'] ) ) {
				call_user_func( $field['update_callback'], $field['id'], $value, $order );
			} elseif ( is_callable( array( $order, 'set_shipping_' . $key ) ) ) {
				$props[ 'shipping_' . $key ] = $value;
			} else {
				$order->update_meta_data( $field['id'], $value );
			}
		}
	}

	if ( isset( $_POST['_transaction_id'] ) ) {
		$props['transaction_id'] = wc_clean( wp_unslash( $_POST['_transaction_id'] ) );
	}

	// Payment method handling.
	if ( $order->get_payment_method() !== wc_clean( wp_unslash( $_POST['_payment_method'] ) ) ) {
		$methods              = WC()->payment_gateways->payment_gateways();
		$payment_method       = wc_clean( wp_unslash( $_POST['_payment_method'] ) );
		$payment_method_title = $payment_method;

		if ( isset( $methods ) && isset( $methods[ $payment_method ] ) ) {
			$payment_method_title = $methods[ $payment_method ]->get_title();
		}

		if ( 'other' === $payment_method ) {
			$payment_method_title = esc_html__( 'Other', 'woocommerce' );
		}

		$props['payment_method']       = $payment_method;
		$props['payment_method_title'] = $payment_method_title;
	}

	// Update date.
	if ( empty( $_POST['order_date'] ) ) {
		$date = time();
	} else {
		if ( ! isset( $_POST['order_date_hour'] ) || ! isset( $_POST['order_date_minute'] ) || ! isset( $_POST['order_date_second'] ) ) {
			throw new Exception( __( 'Order date, hour, minute and/or second are missing.', 'woocommerce' ), 400 );
		}
		// phpcs:ignore WordPress.Security.ValidatedSanitizedInput
		$date = gmdate( 'Y-m-d H:i:s', strtotime( $_POST['order_date'] . ' ' . (int) $_POST['order_date_hour'] . ':' . (int) $_POST['order_date_minute'] . ':' . (int) $_POST['order_date_second'] ) );
	}

	$props['date_created'] = $date;

	// Set created via prop if new post.
	if ( isset( $_POST['original_post_status'] ) && OrderStatus::AUTO_DRAFT === $_POST['original_post_status'] ) {
		$props['created_via'] = 'admin';
	}

	// Customer note.
	if ( isset( $_POST['customer_note'] ) ) {
		$props['customer_note'] = sanitize_textarea_field( wp_unslash( $_POST['customer_note'] ) );
	}

	// Save order data.
	$order->set_props( $props );
	$order->set_status( wc_clean( wp_unslash( $_POST['order_status'] ) ), '', true );
	$order->save();

	// phpcs:enable WordPress.Security.NonceVerification.Missing
}