WC_WCCOM_Site::verify_wccom_request()
Verify WooCommerce.com request from a given body and signature request.
Method of the class: WC_WCCOM_Site{}
No Hooks.
Return
true|false
.
Usage
$result = WC_WCCOM_Site::verify_wccom_request( $body, $signature, $access_token_secret );
- $body(string) (required)
- Request body.
- $signature(string) (required)
- Request signature found in X-Woo-Signature header.
- $access_token_secret(string) (required)
- Access token secret for this site.
Changelog
Since 3.7.0 | Introduced. |
WC_WCCOM_Site::verify_wccom_request() WC WCCOM Site::verify wccom request code WC 9.4.2
protected static function verify_wccom_request( $body, $signature, $access_token_secret ) { // phpcs:disable WordPress.Security.ValidatedSanitizedInput.InputNotValidated, WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized $data = array( 'host' => $_SERVER['HTTP_HOST'], 'request_uri' => urldecode( remove_query_arg( array( 'token', 'signature' ), $_SERVER['REQUEST_URI'] ) ), 'method' => strtoupper( $_SERVER['REQUEST_METHOD'] ), ); // phpcs:enable if ( ! empty( $body ) ) { $data['body'] = $body; } $expected_signature = hash_hmac( 'sha256', wp_json_encode( $data ), $access_token_secret ); return hash_equals( $expected_signature, $signature ); }