WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/29/16 03:00:54 (18 months ago)
Author:
rachelbaker
Message:

REST API: Include a refreshed nonce in a X-WP-Nonce header when responding to an authenticated request.

Props adamsilverstein, welcher, markjaquith, aidvu.
Fixes #35662.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r37544 r37905  
    549549 * @since 4.4.0 
    550550 * 
    551  * @global mixed $wp_rest_auth_cookie 
    552  * 
    553  * @param WP_Error|mixed $result Error from another authentication handler, null if we should handle it, 
    554  *                               or another value if not. 
     551 * @global mixed          $wp_rest_auth_cookie 
     552 * @global WP_REST_Server $wp_rest_server      REST server instance. 
     553 * 
     554 * @param WP_Error|mixed $result Error from another authentication handler, 
     555 *                               null if we should handle it, or another value 
     556 *                               if not. 
    555557 * @return WP_Error|mixed|bool WP_Error if the cookie is invalid, the $result, otherwise true. 
    556558 */ 
     
    560562    } 
    561563 
    562     global $wp_rest_auth_cookie; 
     564    global $wp_rest_auth_cookie, $wp_rest_server; 
    563565 
    564566    /* 
     
    593595    } 
    594596 
     597    // Send a refreshed nonce in header. 
     598    $wp_rest_server->send_header( 'X-WP-Nonce', wp_create_nonce( 'wp_rest' ) ); 
     599 
    595600    return true; 
    596601} 
Note: See TracChangeset for help on using the changeset viewer.