WordPress.org

Make WordPress Core

Ticket #53236: nonce-age-resolution.patch

File nonce-age-resolution.patch, 4.6 KB (added by lev0, 7 months ago)
  • src/wp-includes/pluggable.php

    a b  
    11601160         * @param int|string $action    The nonce action.
    11611161         * @param string     $query_arg Optional. Key to check for nonce in `$_REQUEST`. Default '_wpnonce'.
    11621162         * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago,
    1163          *                   2 if the nonce is valid and generated between 12-24 hours ago.
     1163         *                   2 if the nonce is valid and generated between 8-24 hours ago.
    11641164         *                   False if the nonce is invalid.
    11651165         */
    11661166        function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
     
    11791179                 *
    11801180                 * @param string    $action The nonce action.
    11811181                 * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
    1182                  *                          0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
     1182                 *                          0-12 hours ago, 2 if the nonce is valid and generated between 8-24 hours ago.
    11831183                 */
    11841184                do_action( 'check_admin_referer', $action, $result );
    11851185
     
    12051205         * @param bool         $die       Optional. Whether to die early when the nonce cannot be verified.
    12061206         *                                Default true.
    12071207         * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago,
    1208          *                   2 if the nonce is valid and generated between 12-24 hours ago.
     1208         *                   2 if the nonce is valid and generated between 8-24 hours ago.
    12091209         *                   False if the nonce is invalid.
    12101210         */
    12111211        function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
     
    12321232                 *
    12331233                 * @param string    $action The Ajax nonce action.
    12341234                 * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
    1235                  *                          0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
     1235                 *                          0-12 hours ago, 2 if the nonce is valid and generated between 8-24 hours ago.
    12361236                 */
    12371237                do_action( 'check_ajax_referer', $action, $result );
    12381238
     
    21292129        /**
    21302130         * Returns the time-dependent variable for nonce creation.
    21312131         *
    2132          * A nonce has a lifespan of two ticks. Nonces in their second tick may be
    2133          * updated, e.g. by autosave.
     2132         * A nonce has a lifespan of six ticks. Nonces in their fourth tick onwards
     2133         * may be updated, e.g. by autosave.
    21342134         *
    21352135         * @since 2.5.0
    21362136         *
     
    21462146                 */
    21472147                $nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS );
    21482148
    2149                 return ceil( time() / ( $nonce_life / 2 ) );
     2149                return ceil( time() / ( $nonce_life / 6 ) );
    21502150        }
    21512151endif;
    21522152
     
    21542154        /**
    21552155         * Verifies that a correct security nonce was used with time limit.
    21562156         *
    2157          * A nonce is valid for 24 hours (by default).
     2157         * A nonce is valid for at most 24 hours (by default).
    21582158         *
    21592159         * @since 2.0.3
    21602160         *
    21612161         * @param string     $nonce  Nonce value that was used for verification, usually via a form field.
    21622162         * @param string|int $action Should give context to what is taking place and be the same when nonce was created.
    21632163         * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago,
    2164          *                   2 if the nonce is valid and generated between 12-24 hours ago.
     2164         *                   2 if the nonce is valid and generated between 8-24 hours ago.
    21652165         *                   False if the nonce is invalid.
    21662166         */
    21672167        function wp_verify_nonce( $nonce, $action = -1 ) {
     
    21852185                }
    21862186
    21872187                $token = wp_get_session_token();
    2188                 $i     = wp_nonce_tick();
     2188                $tick  = wp_nonce_tick();
     2189                $i     = 0;
    21892190
    2190                 // Nonce generated 0-12 hours ago.
    2191                 $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
    2192                 if ( hash_equals( $expected, $nonce ) ) {
    2193                         return 1;
    2194                 }
     2191                while ( $i < 6 ) {
     2192                        $expected = substr( wp_hash( "$tick|$action|$uid|$token", 'nonce' ), -12, 10 );
     2193                        if ( hash_equals( $expected, $nonce ) ) {
     2194                                // Nonce generated 0-12 hours ago.
     2195                                if ( $i < 3 ) {
     2196                                        return 1;
     2197                                }
    21952198
    2196                 // Nonce generated 12-24 hours ago.
    2197                 $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
    2198                 if ( hash_equals( $expected, $nonce ) ) {
    2199                         return 2;
     2199                                // Nonce generated 8-24 hours ago.
     2200                                return 2;
     2201                        }
     2202                        $tick--;
     2203                        $i++;
    22002204                }
    22012205
    22022206                /**
     
    22362240                }
    22372241
    22382242                $token = wp_get_session_token();
    2239                 $i     = wp_nonce_tick();
     2243                $tick  = wp_nonce_tick();
    22402244
    2241                 return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
     2245                return substr( wp_hash( "$tick|$action|$uid|$token", 'nonce' ), -12, 10 );
    22422246        }
    22432247endif;
    22442248