/** * Add CSRF token hidden input field */ private function addCSRFTokenField() { $this->nonceValue = $this->createNonce(); $nonce = new FormField(FormField::TYPE_HIDDEN); $nonce->setName('nonce')->setValue($this->createNonce())->setValidationCallback(function ($value) { if (function_exists('wp_verify_nonce')) { if (!wp_verify_nonce($value, $this->nonceKey)) { throw new \Exception('Unauthorized request'); } } else { if (!isset($_SESSION['csrf_tokens'][$value])) { throw new \Exception('Unauthorized request'); } else { unset($_SESSION['csrf_tokens'][$value]); } } return false; })->setMandatory(true); $key = 'nonce'; $this->addField($key, $nonce); }