WordPress.org

Make WordPress Core

Changeset 45565


Ignore:
Timestamp:
06/25/2019 05:06:57 PM (3 months ago)
Author:
johnbillion
Message:

Docs: Correct and improve the docs for a few nonce-related functions.

See #47110

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r45489 r45565  
    10751075if ( ! function_exists( 'check_admin_referer' ) ) :
    10761076    /**
    1077      * Makes sure that a user was referred from another admin page.
    1078      *
    1079      * To avoid security exploits.
     1077     * Ensures intent by verifying that a user was referred from another admin page with the correct security nonce.
     1078     *
     1079     * This function ensures the user intends to perform a given action, which helps protect against clickjacking style
     1080     * attacks. It verifies intent, not authorisation, therefore it does not verify the user's capabilities. This should
     1081     * be performed with `current_user_can()` or similar.
     1082     *
     1083     * If the nonce value is invalid, the function will exit with an "Are You Sure?" style message.
    10801084     *
    10811085     * @since 1.2.0
    1082      *
    1083      * @param int|string $action    Action nonce.
    1084      * @param string     $query_arg Optional. Key to check for nonce in `$_REQUEST` (since 2.5).
    1085      *                             Default '_wpnonce'.
     1086     * @since 2.5.0 The `$query_arg` parameter was added.
     1087     *
     1088     * @param int|string $action    The nonce action.
     1089     * @param string     $query_arg Optional. Key to check for nonce in `$_REQUEST`. Default '_wpnonce'.
    10861090     * @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between
    10871091     *                   0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
     
    20192023if ( ! function_exists( 'wp_nonce_tick' ) ) :
    20202024    /**
    2021      * Get the time-dependent variable for nonce creation.
     2025     * Returns the time-dependent variable for nonce creation.
    20222026     *
    20232027     * A nonce has a lifespan of two ticks. Nonces in their second tick may be
     
    20442048if ( ! function_exists( 'wp_verify_nonce' ) ) :
    20452049    /**
    2046      * Verify that correct nonce was used with time limit.
    2047      *
    2048      * The user is given an amount of time to use the token, so therefore, since the
    2049      * UID and $action remain the same, the independent variable is the time.
     2050     * Verifies that a correct security nonce was used with time limit.
     2051     *
     2052     * A nonce is valid for 24 hours (by default).
    20502053     *
    20512054     * @since 2.0.3
    20522055     *
    2053      * @param string     $nonce  Nonce that was used in the form to verify
     2056     * @param string     $nonce  Nonce value that was used for verification, usually via a form field.
    20542057     * @param string|int $action Should give context to what is taking place and be the same when nonce was created.
    20552058     * @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between
     
    21362139if ( ! function_exists( 'wp_salt' ) ) :
    21372140    /**
    2138      * Get salt to add to hashes.
     2141     * Returns a salt to add to hashes.
    21392142     *
    21402143     * Salts are created using secret keys. Secret keys are located in two places:
Note: See TracChangeset for help on using the changeset viewer.