Dev news

Commit fdbc411c246 for woocommerce

commit fdbc411c246a3cdb3d140b62b901b9d16add4630
Author: Mayisha <33387139+Mayisha@users.noreply.github.com>
Date:   Thu Mar 26 23:59:03 2026 +0600

    PayPal Standard: Unblock legacy order in shipping callback (#63833)

    * move token check later

    * Add changefile(s) from automation for the following project(s): woocommerce

diff --git a/plugins/woocommerce/changelog/63833-fix-paypal-standard-unblock-legacy-order-in-shipping-callback b/plugins/woocommerce/changelog/63833-fix-paypal-standard-unblock-legacy-order-in-shipping-callback
new file mode 100644
index 00000000000..cd6cf9c25ec
--- /dev/null
+++ b/plugins/woocommerce/changelog/63833-fix-paypal-standard-unblock-legacy-order-in-shipping-callback
@@ -0,0 +1,4 @@
+Significance: patch
+Type: fix
+
+Fix older PayPal Standard orders failing shipping callbacks when the request has no token by checking for token meta before validating the token parameter.
\ No newline at end of file
diff --git a/plugins/woocommerce/includes/rest-api/Controllers/Version3/class-wc-rest-paypal-standard-controller.php b/plugins/woocommerce/includes/rest-api/Controllers/Version3/class-wc-rest-paypal-standard-controller.php
index 40738f27f31..4c8b209b96d 100644
--- a/plugins/woocommerce/includes/rest-api/Controllers/Version3/class-wc-rest-paypal-standard-controller.php
+++ b/plugins/woocommerce/includes/rest-api/Controllers/Version3/class-wc-rest-paypal-standard-controller.php
@@ -75,11 +75,6 @@ class WC_REST_Paypal_Standard_Controller extends WC_REST_Controller {
 	 * @return bool True if the request is valid, false otherwise.
 	 */
 	public function validate_shipping_callback_request( WP_REST_Request $request ) { // phpcs:ignore Squiz.Commenting.FunctionComment.IncorrectTypeHint
-		$token = $request->get_param( 'token' );
-		if ( empty( $token ) ) {
-			return false;
-		}
-
 		$purchase_units = $request->get_param( 'purchase_units' );
 		if ( empty( $purchase_units ) || empty( $purchase_units[0]['custom_id'] ) ) {
 			return false;
@@ -97,6 +92,12 @@ class WC_REST_Paypal_Standard_Controller extends WC_REST_Controller {
 			return true;
 		}

+		// Validate the token.
+		$token = $request->get_param( 'token' );
+		if ( empty( $token ) ) {
+			return false;
+		}
+
 		$shipping_callback_token = $order->get_meta( PayPalConstants::PAYPAL_ORDER_META_SHIPPING_CALLBACK_TOKEN, true );

 		if ( empty( $shipping_callback_token ) || ! hash_equals( $token, $shipping_callback_token ) ) {