Add an action for when nonce verification fails
|Reported by:||dd32||Owned by:||Shelob9|
|Component:||Security||Keywords:||good-first-bug has-patch dev-feedback needs-testing|
Currently when a plugin (or core) calls check_admin_referer() there is no way for auditing (or debugging) plugins to hook in and record an event that the nonce check failed.
Previously it was possible to use the explain_nonce_$nonce filter to do this, but that was removed in .
If a plugin wants to record an event for a failing nonce, it'll need to call wp_verify_nonce() manually itself, and die afterwards, or call check_admin_referer() after verifying the nonce itself for logging purposes.
I'd suggest either resurrecting the previous filter as an action (for back compat) or adding a new nonce failure hook.
Change History (11)
- Component changed from General to Security
- Keywords needs-patch good-first-bug added
- Milestone changed from Awaiting Review to Future Release
- Keywords has-patch added; needs-patch removed