Make WordPress Core

Changeset 54218 for trunk


Ignore:
Timestamp:
09/19/2022 09:34:52 PM (2 years ago)
Author:
audrasjb
Message:

General: Pass $action to nonce_life filter.

This changeset contextualizes the usage of nonce_life filter by passing the $action parameter. It allows to alterate the default lifespan of nonces on a case by case basis.

Props giuseppemazzapica, dwainm, DrewAPicture, jorbin, audrasjb, SergeyBiryukov, costdev, antonvlasenko.
Fixes #35188.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r54190 r54218  
    22462246     *
    22472247     * @since 2.5.0
    2248      *
     2248     * @since 6.1.0 Added `action` argument.
     2249     *
     2250     * @param string|int $action Optional. The current nonce action. Default -1.
    22492251     * @return float Float value rounded up to the next highest integer.
    22502252     */
    2251     function wp_nonce_tick() {
     2253    function wp_nonce_tick( $action = -1 ) {
    22522254        /**
    22532255         * Filters the lifespan of nonces in seconds.
    22542256         *
    22552257         * @since 2.5.0
    2256          *
    2257          * @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
    2258          */
    2259         $nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS );
     2258         * @since 6.1.0 Added `action` argument to allow for more targeted filters.
     2259         *
     2260         * @param int        $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
     2261         * @param string|int $action   The current nonce action.
     2262         */
     2263        $nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS, $action );
    22602264
    22612265        return ceil( time() / ( $nonce_life / 2 ) );
     
    22982302
    22992303        $token = wp_get_session_token();
    2300         $i     = wp_nonce_tick();
     2304        $i     = wp_nonce_tick( $action );
    23012305
    23022306        // Nonce generated 0-12 hours ago.
     
    23482352        }
    23492353
    2350         $token = wp_get_session_token();
    2351         $i     = wp_nonce_tick();
     2354        $token = wp_get_session_token( $action );
     2355        $i     = wp_nonce_tick( $action );
    23522356
    23532357        return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
  • trunk/tests/phpunit/tests/pluggable.php

    r53767 r54218  
    202202                'notify'     => '',
    203203            ),
    204             'wp_nonce_tick'                   => array(),
     204            'wp_nonce_tick'                   => array( 'action' => -1 ),
    205205            'wp_verify_nonce'                 => array(
    206206                'nonce',
Note: See TracChangeset for help on using the changeset viewer.