Opened 5 years ago
Last modified 13 months ago
#35188 assigned feature request
Pass nonce action from "nonce_life" filter
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 4.6 |
| Component: | General | Keywords: | good-first-bug has-patch |
| Focuses: | Cc: |
Description
At the moment, nonce_life https://developer.wordpress.org/reference/hooks/nonce_life/ filter pass to callbacks only the nonce lifespan to be filtered.
There are cases in which a shorter nonce lifespan might be useful (default lifespan is one day), and would be handy being able to recognize the context for the nonce creation.
It means that wp_nonce_tick() https://developer.wordpress.org/reference/functions/wp_nonce_tick/ should receive the action as argument.
Providing a default (probably -1 that is the default none action) this change will be 100% backward compatible.
Currently the only (hackish) way to filter the lifespan only for specific nonces is to add a filter before to call both wp_create_nonce and wp_verify_nonce and remove the filter right after that. Two filter additions and two filter removals that may be replaced with a single filter addition if context would be provided by the nonce_life hook.
Attachments (4)
Change History (14)
#3
@
4 years ago
Hi @dwainm, thanks.
I think there are some issues in the patch.
In wp_verify_nonce default action is -1 and probably that should be used in wp_nonce_tick as well. (And doc bloc should say string|int).
Moreover, wp_nonce_tick is used in wp_create_nonce and not only in wp_verify_nonce.
Last very minor thing, there's an alignment issue in the doc bloc.
@
4 years ago
Updated doc blocks and added argument to wp_create_nonce function call to wp_nonce_tick call
#5
@
4 years ago
Hi @giuseppe.mazzapica @johnbillion
I would love to your feedback on the latest patch. Thank you.
#6
@
4 years ago
- Keywords has-patch added; needs-patch removed
- Owner set to dwainm
- Status changed from new to assigned
Assigning to mark the good-first-bug as "claimed".
See 35188-2.patch
This ticket was mentioned in Slack in #core by dwainm. View the logs.
4 years ago
#8
@
4 years ago
- Keywords needs-patch added; has-patch removed
Thanks for the patch. When a filter or function's signature is updated, the inline documentation should be updated with a changelog entry. Additionally, the patch uses spaces and not tabs, so it needs to be updated for that well. The PHP style guide is in the handbook.
#9
@
4 years ago
- Keywords has-patch added; needs-patch removed
- Version set to trunk
Thank you for your feedback @jorbin. I've updated the patch to include tabs not space and have updated the change log for both the function and the filter.
First attempt at giving more context to the 'nonce_life' filter