WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/29/2016 03:00:54 AM (2 years ago)
Author:
rachelbaker
Message:

REST API: Include a refreshed nonce in a X-WP-Nonce header when responding to an authenticated request.

Props adamsilverstein, welcher, markjaquith, aidvu.
Fixes #35662.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api.php

    r37544 r37905  
    549549 * @since 4.4.0
    550550 *
    551  * @global mixed $wp_rest_auth_cookie
    552  *
    553  * @param WP_Error|mixed $result Error from another authentication handler, null if we should handle it,
    554  *                               or another value if not.
     551 * @global mixed          $wp_rest_auth_cookie
     552 * @global WP_REST_Server $wp_rest_server      REST server instance.
     553 *
     554 * @param WP_Error|mixed $result Error from another authentication handler,
     555 *                               null if we should handle it, or another value
     556 *                               if not.
    555557 * @return WP_Error|mixed|bool WP_Error if the cookie is invalid, the $result, otherwise true.
    556558 */
     
    560562    }
    561563
    562     global $wp_rest_auth_cookie;
     564    global $wp_rest_auth_cookie, $wp_rest_server;
    563565
    564566    /*
     
    593595    }
    594596
     597    // Send a refreshed nonce in header.
     598    $wp_rest_server->send_header( 'X-WP-Nonce', wp_create_nonce( 'wp_rest' ) );
     599
    595600    return true;
    596601}
Note: See TracChangeset for help on using the changeset viewer.