* Functionality that takes a static URL, constructs a cart, and redirects to the checkout with a cart session.
namespace Automattic\WooCommerce\Blocks\Domain\Services;
use Automattic\WooCommerce\Blocks\Utils\CartCheckoutUtils;
use Automattic\WooCommerce\StoreApi\Utilities\CartTokenUtils;
use Automattic\WooCommerce\StoreApi\Utilities\CartController;
defined( 'ABSPATH' ) || exit;
* Initialize the checkout link service.
add_action( 'init', array( $this, 'add_checkout_link_endpoint' ) );
add_filter( 'query_vars', array( $this, 'add_query_vars' ), 0 );
add_action( 'template_redirect', array( $this, 'handle_checkout_link_endpoint' ) );
* Add the checkout link endpoint.
public function add_checkout_link_endpoint() {
// get registered rewrite rules.
$rules = get_option( 'rewrite_rules', array() );
$regex = '^checkout-link$';
add_rewrite_rule( $regex, 'index.php?checkout-link=true', 'top' );
// maybe flush rewrite rules if it was not previously in the option.
if ( ! isset( $rules[ $regex ] ) ) {
* Add the checkout link query var.
* @param array $vars The query vars.
* @return array The query vars.
public function add_query_vars( $vars ) {
$vars[] = 'checkout-link';
* Handle the checkout link endpoint.
public function handle_checkout_link_endpoint() {
if ( ! get_query_var( 'checkout-link' ) ) {
if ( ! $this->validate_checkout_link() ) {
$redirect = add_query_arg( 'wc_error', rawurlencode( __( 'The provided checkout link was out of date or invalid. No products were added to the cart.', 'woocommerce' ) ), wc_get_cart_url() );
wc()->cart->empty_cart();
$redirect = $this->get_checkout_link();
wp_safe_redirect( $redirect );
* Validate the checkout link.
* @return bool True if the checkout link is valid, false otherwise.
protected function validate_checkout_link() {
$products = $this->get_products_from_checkout_link();
return ! empty( $products );
* Get the products from the checkout link.
* @return array The products (keys) and their quantities (values).
protected function get_products_from_checkout_link() {
$raw_products = array_filter( explode( ',', wc_clean( wp_unslash( $_GET['products'] ?? '' ) ) ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended
foreach ( $raw_products as $product_id_qty ) {
if ( strpos( $product_id_qty, ':' ) !== false ) {
list( $product_id, $qty ) = explode( ':', $product_id_qty );
$product_id = $product_id_qty;
$product_id = absint( $product_id );
if ( ! $product_id || ! $qty ) {
$products[ $product_id ] = $qty;
* Add error notices to the cart.
* @param \WP_Error $errors The errors.
protected function add_error_notices( \WP_Error $errors ) {
foreach ( $errors->get_error_messages() as $message ) {
wc_add_notice( $message, 'error' );
* Process the query params and return the checkout link to redirect to complete with session token.
* @return string The checkout link.
protected function get_checkout_link() {
$controller = new CartController();
$products = $this->get_products_from_checkout_link();
$errors = new \WP_Error();
foreach ( $products as $product_id => $qty ) {
$controller->add_to_cart(
} catch ( \Exception $e ) {
$errors->add( 'error', $e->getMessage() );
// Nothing was added to the cart. We need to redirect to the cart page with an error notice. Since guests may not
// have a session, add the notice in the query string.
if ( wc()->cart->is_empty() ) {
$errors->add( 'error', __( 'The provided checkout link was out of date or invalid. No products were added to the cart.', 'woocommerce' ) );
if ( ! wc()->session->has_session() ) {
return add_query_arg( 'wc_error', rawurlencode( $errors->get_error_message() ), wc_get_cart_url() );
$this->add_error_notices( $errors );
return wc_get_cart_url();
// Apply coupon if provided.
$coupon = wc_format_coupon_code( wp_unslash( $_GET['coupon'] ?? '' ) ); // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
if ( wc_coupons_enabled() && ! empty( $coupon ) ) {
$controller->apply_coupon( $coupon );
} catch ( \Exception $e ) {
$errors->add( 'error', $e->getMessage() );
// Add error notices to the cart. This requires a session otherwise the notices will not be displayed.
$this->add_error_notices( $errors );
$redirect_url = wc_get_checkout_url();
// Preserve the query string--pass it to the checkout page.
if ( ! empty( $_SERVER['QUERY_STRING'] ) ) {
$redirect_url = remove_query_arg(
add_query_arg( wp_unslash( $_SERVER['QUERY_STRING'] ), '', $redirect_url ) // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
// If the user is logged in, the session is tied to the user ID. Do not use a cart token.
if ( ! is_user_logged_in() ) {
$session_token = CartTokenUtils::get_cart_token( (string) wc()->session->get_customer_id() );
$redirect_url = add_query_arg( 'session', $session_token, $redirect_url );
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
