--- a/src/wp-includes/pluggable.php +++ b/src/wp-includes/pluggable.php @@ -1160,7 +1160,7 @@ * @param int|string $action The nonce action. * @param string $query_arg Optional. Key to check for nonce in `$_REQUEST`. Default '_wpnonce'. * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago, - * 2 if the nonce is valid and generated between 12-24 hours ago. + * 2 if the nonce is valid and generated between 8-24 hours ago. * False if the nonce is invalid. */ function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { @@ -1179,7 +1179,7 @@ * * @param string $action The nonce action. * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between - * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. + * 0-12 hours ago, 2 if the nonce is valid and generated between 8-24 hours ago. */ do_action( 'check_admin_referer', $action, $result ); @@ -1205,7 +1205,7 @@ * @param bool $die Optional. Whether to die early when the nonce cannot be verified. * Default true. * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago, - * 2 if the nonce is valid and generated between 12-24 hours ago. + * 2 if the nonce is valid and generated between 8-24 hours ago. * False if the nonce is invalid. */ function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) { @@ -1232,7 +1232,7 @@ * * @param string $action The Ajax nonce action. * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between - * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. + * 0-12 hours ago, 2 if the nonce is valid and generated between 8-24 hours ago. */ do_action( 'check_ajax_referer', $action, $result ); @@ -2129,8 +2129,8 @@ /** * Returns the time-dependent variable for nonce creation. * - * A nonce has a lifespan of two ticks. Nonces in their second tick may be - * updated, e.g. by autosave. + * A nonce has a lifespan of six ticks. Nonces in their fourth tick onwards + * may be updated, e.g. by autosave. * * @since 2.5.0 * @@ -2146,7 +2146,7 @@ */ $nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS ); - return ceil( time() / ( $nonce_life / 2 ) ); + return ceil( time() / ( $nonce_life / 6 ) ); } endif; @@ -2154,14 +2154,14 @@ /** * Verifies that a correct security nonce was used with time limit. * - * A nonce is valid for 24 hours (by default). + * A nonce is valid for at most 24 hours (by default). * * @since 2.0.3 * * @param string $nonce Nonce value that was used for verification, usually via a form field. * @param string|int $action Should give context to what is taking place and be the same when nonce was created. * @return int|false 1 if the nonce is valid and generated between 0-12 hours ago, - * 2 if the nonce is valid and generated between 12-24 hours ago. + * 2 if the nonce is valid and generated between 8-24 hours ago. * False if the nonce is invalid. */ function wp_verify_nonce( $nonce, $action = -1 ) { @@ -2185,18 +2185,22 @@ } $token = wp_get_session_token(); - $i = wp_nonce_tick(); + $tick = wp_nonce_tick(); + $i = 0; - // Nonce generated 0-12 hours ago. - $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); - if ( hash_equals( $expected, $nonce ) ) { - return 1; - } + while ( $i < 6 ) { + $expected = substr( wp_hash( "$tick|$action|$uid|$token", 'nonce' ), -12, 10 ); + if ( hash_equals( $expected, $nonce ) ) { + // Nonce generated 0-12 hours ago. + if ( $i < 3 ) { + return 1; + } - // Nonce generated 12-24 hours ago. - $expected = substr( wp_hash( ( $i - 1 ) . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); - if ( hash_equals( $expected, $nonce ) ) { - return 2; + // Nonce generated 8-24 hours ago. + return 2; + } + $tick--; + $i++; } /** @@ -2236,9 +2240,9 @@ } $token = wp_get_session_token(); - $i = wp_nonce_tick(); + $tick = wp_nonce_tick(); - return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); + return substr( wp_hash( "$tick|$action|$uid|$token", 'nonce' ), -12, 10 ); } endif;