WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 20 months ago

#35188 assigned feature request

Pass nonce action from "nonce_life" filter

Reported by: giuseppe.mazzapica Owned by: dwainm
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.6
Component: General Keywords: good-first-bug has-patch
Focuses: Cc:

Description

At the moment, nonce_life https://developer.wordpress.org/reference/hooks/nonce_life/ filter pass to callbacks only the nonce lifespan to be filtered.

There are cases in which a shorter nonce lifespan might be useful (default lifespan is one day), and would be handy being able to recognize the context for the nonce creation.

It means that wp_nonce_tick() https://developer.wordpress.org/reference/functions/wp_nonce_tick/ should receive the action as argument.

Providing a default (probably -1 that is the default none action) this change will be 100% backward compatible.

Currently the only (hackish) way to filter the lifespan only for specific nonces is to add a filter before to call both wp_create_nonce and wp_verify_nonce and remove the filter right after that. Two filter additions and two filter removals that may be replaced with a single filter addition if context would be provided by the nonce_life hook.

Attachments (4)

35188.diff (1.1 KB) - added by dwainm 2 years ago.
First attempt at giving more context to the 'nonce_life' filter
35188-2.patch (1.6 KB) - added by dwainm 2 years ago.
Updated doc blocks and added argument to wp_create_nonce function call to wp_nonce_tick call
35188-3.patch (897 bytes) - added by dwainm 20 months ago.
35188-patch-3
35188-4.patch (1.0 KB) - added by dwainm 20 months ago.
Adding changelog entries

Download all attachments as: .zip

Change History (14)

#1 @johnbillion
2 years ago

  • Keywords needs-patch good-first-bug added

@dwainm
2 years ago

First attempt at giving more context to the 'nonce_life' filter

#2 @dwainm
2 years ago

Hi @giuseppe.mazzapica , would love your feedback on the patch uploaded :)

#3 @giuseppe.mazzapica
2 years ago

Hi @dwainm, thanks.

I think there are some issues in the patch.

In wp_verify_nonce default action is -1 and probably that should be used in wp_nonce_tick as well. (And doc bloc should say string|int).

Moreover, wp_nonce_tick is used in wp_create_nonce and not only in wp_verify_nonce.

Last very minor thing, there's an alignment issue in the doc bloc.

@dwainm
2 years ago

Updated doc blocks and added argument to wp_create_nonce function call to wp_nonce_tick call

#4 @dwainm
2 years ago

Thank you for your feedback @giuseppe.mazzapica . Updated :)

#5 @dwainm
2 years ago

Hi @giuseppe.mazzapica @johnbillion

I would love to your feedback on the latest patch. Thank you.

#6 @DrewAPicture
21 months ago

  • Keywords has-patch added; needs-patch removed
  • Owner set to dwainm
  • Status changed from new to assigned

Assigning to mark the good-first-bug as "claimed".

See 35188-2.patch

This ticket was mentioned in Slack in #core by dwainm. View the logs.


20 months ago

#8 @jorbin
20 months ago

  • Keywords needs-patch added; has-patch removed

Thanks for the patch. When a filter or function's signature is updated, the inline documentation should be updated with a changelog entry. Additionally, the patch uses spaces and not tabs, so it needs to be updated for that well. The PHP style guide is in the handbook.

@dwainm
20 months ago

35188-patch-3

@dwainm
20 months ago

Adding changelog entries

#9 @dwainm
20 months ago

  • Keywords has-patch added; needs-patch removed
  • Version set to trunk

Thank you for your feedback @jorbin. I've updated the patch to include tabs not space and have updated the change log for both the function and the filter.

Last edited 20 months ago by dwainm (previous) (diff)

This ticket was mentioned in Slack in #core by dwainm. View the logs.


20 months ago

Note: See TracTickets for help on using tickets.