WordPress.org

Make WordPress Core

Changeset 33744


Ignore:
Timestamp:
08/26/2015 12:05:11 AM (6 years ago)
Author:
SergeyBiryukov
Message:

Add 'wp_verify_nonce_failed' action that fires when nonce verification fails.

props johnbillion, garza, Shelob9.
fixes #24030.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r33743 r33744  
    18131813    }
    18141814
     1815    /**
     1816     * Fires when nonce verification fails.
     1817     *
     1818     * @since 4.4.0
     1819     *
     1820     * @param string     $nonce  The invalid nonce.
     1821     * @param string|int $action The nonce action.
     1822     * @param WP_User    $user   The current user object.
     1823     * @param string     $token  The user's session token.
     1824     */
     1825    do_action( 'wp_verify_nonce_failed', $nonce, $action, $user, $token );
     1826
    18151827    // Invalid nonce
    18161828    return false;
  • trunk/tests/phpunit/tests/auth.php

    r33019 r33744  
    99    var $wp_hasher;
    1010
     11    /**
     12     * action hook
     13     */
     14    protected $nonce_failure_hook = 'wp_verify_nonce_failed';
     15
    1116    function setUp() {
    1217        parent::setUp();
     
    111116    }
    112117
     118    /**
     119     * @ticket 24030
     120     */
     121    function test_wp_nonce_verify_failed() {
     122        $nonce = substr( md5( uniqid() ), 0, 10 );
     123        $count = did_action( $this->nonce_failure_hook );
     124
     125        wp_verify_nonce( $nonce, 'nonce_test_action' );
     126
     127        $this->assertEquals( ( $count + 1 ), did_action( $this->nonce_failure_hook ) );
     128    }
     129
     130    /**
     131     * @ticket 24030
     132     */
     133    function test_wp_nonce_verify_success() {
     134        $nonce = wp_create_nonce( 'nonce_test_action' );
     135        $count = did_action( $this->nonce_failure_hook );
     136
     137        wp_verify_nonce( $nonce, 'nonce_test_action' );
     138
     139        $this->assertEquals( $count, did_action( $this->nonce_failure_hook ) );
     140    }
     141
    113142    function test_password_length_limit() {
    114143        $passwords = array(
Note: See TracChangeset for help on using the changeset viewer.