/**
* Add CSRF token hidden input field
*/
private function addCSRFTokenField()
{
$this->nonceValue = $this->createNonce();
$nonce = new FormField(FormField::TYPE_HIDDEN);
$nonce->setName('nonce')->setValue($this->createNonce())->setValidationCallback(function ($value) {
if (function_exists('wp_verify_nonce')) {
if (!wp_verify_nonce($value, $this->nonceKey)) {
throw new \Exception('Unauthorized request');
}
} else {
if (!isset($_SESSION['csrf_tokens'][$value])) {
throw new \Exception('Unauthorized request');
} else {
unset($_SESSION['csrf_tokens'][$value]);
}
}
return false;
})->setMandatory(true);
$key = 'nonce';
$this->addField($key, $nonce);
}
