WordPress.org

Make WordPress Core

Opened 3 months ago

Last modified 3 months ago

#50382 new enhancement

Language improvement: reconsider use of the word 'nonce', as used in WordPress

Reported by: dartiss Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Text Changes Keywords: 2nd-opinion
Focuses: Cc:

Description

Although, in most languages, nonce means a "one or single occasion", it has a much more unfortunate usage in British English: https://en.wiktionary.org/wiki/nonce.

Not only do we use the word in WordPress' code base but also in output messages.

Could we consider changing usage of this word to something else?

Change History (6)

#1 @dartiss
3 months ago

Just to be clear, I've not raised this as a translation issue as this is a code issue - unless we change what we refer to it as in core code, changing message output is not, imo, something we can do (otherwise people won't understand what the error messages are referring back to - we need a singular word to use for this but one that doesn't offend).

#2 follow-up: @SergeyBiryukov
3 months ago

  • Keywords 2nd-opinion added

Thanks for the ticket!

Unfortunately, with functions like wp_create_nonce(), wp_verify_nonce(), or wp_nonce_field() being used 100,000+ times in 16,000+ plugins and 7,000+ in 2,000 themes, it doesn't seem like replacing them would be feasible.

We could look into changing the output messages, however, as you mentioned, that would introduce confusion as to what the messages are referring to.

#3 in reply to: ↑ 2 @dartiss
3 months ago

Replying to SergeyBiryukov:

Thanks for the ticket!

Unfortunately, with functions like wp_create_nonce(), wp_verify_nonce(), or wp_nonce_field() being used 100,000+ times in 16,000+ plugins and 7,000+ in 2,000 themes, it doesn't seem like replacing them would be feasible.

We could look into changing the output messages, however, as you mentioned, that would introduce confusion as to what the messages are referring to.

It's true that we can't change that third party code and, yes, you're right about only changing the messages - we need a consistent wording policy.

However, we could rename those functions and put aliases into place for backwards compatibility. The messages would refer to the new functions and the old name would only remain in place for the purposes of that compatibility. We could then push for developers to start using the new functions over time.

#4 @williampatton
3 months ago

Just noting that, as someone who natively speaks British English and is aware of the alternative meaning of this term, I have never misunderstood it's use in code nor found it offensive in any way.

I have also only ever seen the alternate version spelled differently - with an 's' rather than a 'c'.

#5 @dartiss
3 months ago

As far as I can tell, only nonce is the correct spelling, whether used in code or as the British slang term.

Are people being offended? The term suggests that someone is a sexual predator towards children.

https://twitter.com/search?q=wordpress%20nonce&src=typed_query would suggest that a good deal of people are, at least, mentioning it because it seems, well, odd to be using that term.

Personally, I don't wait around for offence to occur before correcting something that is, in my opinion, wrong. We should change this.

As for all the functions and global that use it, something similar is being down with blacklist (see https://core.trac.wordpress.org/ticket/48900), including renaming globals and putting temporary aliases in place.

Last edited 3 months ago by dartiss (previous) (diff)

#6 @johnbillion
3 months ago

Does WordPress still expose the word "nonce" to end-users? I thought we'd improved most of those error messages. If there are still some, we should improve those regardless.

Note: See TracTickets for help on using tickets.