WordPress.org

Make WordPress Core

Opened 5 years ago

Last modified 16 months ago

#35188 assigned feature request

Pass nonce action from "nonce_life" filter

Reported by: giuseppe.mazzapica Owned by: dwainm
Milestone: Priority: normal
Severity: normal Version: 4.6
Component: General Keywords: good-first-bug has-patch
Focuses: Cc:

Description

At the moment, nonce_life https://developer.wordpress.org/reference/hooks/nonce_life/ filter pass to callbacks only the nonce lifespan to be filtered.

There are cases in which a shorter nonce lifespan might be useful (default lifespan is one day), and would be handy being able to recognize the context for the nonce creation.

It means that wp_nonce_tick() https://developer.wordpress.org/reference/functions/wp_nonce_tick/ should receive the action as argument.

Providing a default (probably -1 that is the default none action) this change will be 100% backward compatible.

Currently the only (hackish) way to filter the lifespan only for specific nonces is to add a filter before to call both wp_create_nonce and wp_verify_nonce and remove the filter right after that. Two filter additions and two filter removals that may be replaced with a single filter addition if context would be provided by the nonce_life hook.

Attachments (4)

35188.diff (1.1 KB) - added by dwainm 5 years ago.
First attempt at giving more context to the 'nonce_life' filter
35188-2.patch (1.6 KB) - added by dwainm 5 years ago.
Updated doc blocks and added argument to wp_create_nonce function call to wp_nonce_tick call
35188-3.patch (897 bytes) - added by dwainm 4 years ago.
35188-patch-3
35188-4.patch (1.0 KB) - added by dwainm 4 years ago.
Adding changelog entries

Download all attachments as: .zip

Change History (14)

#1 @johnbillion
5 years ago

  • Keywords needs-patch good-first-bug added

@dwainm
5 years ago

First attempt at giving more context to the 'nonce_life' filter

#2 @dwainm
5 years ago

Hi @giuseppe.mazzapica , would love your feedback on the patch uploaded :)

#3 @giuseppe.mazzapica
5 years ago

Hi @dwainm, thanks.

I think there are some issues in the patch.

In wp_verify_nonce default action is -1 and probably that should be used in wp_nonce_tick as well. (And doc bloc should say string|int).

Moreover, wp_nonce_tick is used in wp_create_nonce and not only in wp_verify_nonce.

Last very minor thing, there's an alignment issue in the doc bloc.

@dwainm
5 years ago

Updated doc blocks and added argument to wp_create_nonce function call to wp_nonce_tick call

#4 @dwainm
5 years ago

Thank you for your feedback @giuseppe.mazzapica . Updated :)

#5 @dwainm
5 years ago

Hi @giuseppe.mazzapica @johnbillion

I would love to your feedback on the latest patch. Thank you.

#6 @DrewAPicture
4 years ago

  • Keywords has-patch added; needs-patch removed
  • Owner set to dwainm
  • Status changed from new to assigned

Assigning to mark the good-first-bug as "claimed".

See 35188-2.patch

This ticket was mentioned in Slack in #core by dwainm. View the logs.
4 years ago

#8 @jorbin
4 years ago

  • Keywords needs-patch added; has-patch removed

Thanks for the patch. When a filter or function's signature is updated, the inline documentation should be updated with a changelog entry. Additionally, the patch uses spaces and not tabs, so it needs to be updated for that well. The PHP style guide is in the handbook.

@dwainm
4 years ago

35188-patch-3

@dwainm
4 years ago

Adding changelog entries

#9 @dwainm
4 years ago

  • Keywords has-patch added; needs-patch removed
  • Version set to trunk

Thank you for your feedback @jorbin. I've updated the patch to include tabs not space and have updated the change log for both the function and the filter.

Last edited 4 years ago by dwainm (previous) (diff)

This ticket was mentioned in Slack in #core by dwainm. View the logs.
4 years ago

Note: See TracTickets for help on using tickets.