Opened 5 years ago
Closed 4 years ago
#50382 closed enhancement (fixed)
Language improvement: reconsider use of the word 'nonce', as used in WordPress
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 5.8 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Text Changes | Keywords: | has-patch |
Focuses: | Cc: |
Description
Although, in most languages, nonce means a "one or single occasion", it has a much more unfortunate usage in British English: https://en.wiktionary.org/wiki/nonce.
Not only do we use the word in WordPress' code base but also in output messages.
Could we consider changing usage of this word to something else?
Attachments (1)
Change History (9)
#2
follow-up:
↓ 3
@
5 years ago
- Keywords 2nd-opinion added
Thanks for the ticket!
Unfortunately, with functions like wp_create_nonce()
, wp_verify_nonce()
, or wp_nonce_field()
being used 100,000+ times in 16,000+ plugins and 7,000+ in 2,000 themes, it doesn't seem like replacing them would be feasible.
We could look into changing the output messages, however, as you mentioned, that would introduce confusion as to what the messages are referring to.
#3
in reply to:
↑ 2
@
5 years ago
Replying to SergeyBiryukov:
Thanks for the ticket!
Unfortunately, with functions like
wp_create_nonce()
,wp_verify_nonce()
, orwp_nonce_field()
being used 100,000+ times in 16,000+ plugins and 7,000+ in 2,000 themes, it doesn't seem like replacing them would be feasible.
We could look into changing the output messages, however, as you mentioned, that would introduce confusion as to what the messages are referring to.
It's true that we can't change that third party code and, yes, you're right about only changing the messages - we need a consistent wording policy.
However, we could rename those functions and put aliases into place for backwards compatibility. The messages would refer to the new functions and the old name would only remain in place for the purposes of that compatibility. We could then push for developers to start using the new functions over time.
#4
@
5 years ago
Just noting that, as someone who natively speaks British English and is aware of the alternative meaning of this term, I have never misunderstood it's use in code nor found it offensive in any way.
I have also only ever seen the alternate version spelled differently - with an 's' rather than a 'c'.
#5
@
5 years ago
As far as I can tell, only nonce
is the correct spelling, whether used in code or as the British slang term.
Are people being offended? The term suggests that someone is a sexual predator towards children. That's what it means. And WordPress puts our errors such as...
Error: invalid nonce
Has anybody been offended? https://twitter.com/search?q=wordpress%20nonce&src=typed_query would suggest that a good deal of people are, at least, mentioning it because it seems, well, odd to be using that term. Personally, I don't wait around for offence to occur before correcting something that is, in my opinion, wrong. We should change this.
As for all the functions and global that use it, something similar is being down with blacklist (see https://core.trac.wordpress.org/ticket/48900), including renaming globals and putting temporary aliases in place.
Or is the fact that this (potentially) only offends people in one country a limiting factor in how much work can be justified to correct it?
#6
@
5 years ago
Does WordPress still expose the word "nonce" to end-users? I thought we'd improved most of those error messages. If there are still some, we should improve those regardless.
#7
@
4 years ago
- Keywords has-patch added; 2nd-opinion removed
- Milestone changed from Awaiting Review to 5.8
Replying to dartiss:
Not only do we use the word in WordPress' code base but also in output messages.
Replying to johnbillion:
Does WordPress still expose the word "nonce" to end-users? I thought we'd improved most of those error messages. If there are still some, we should improve those regardless.
I've checked the core for any instances of the word in user-facing messages, and the three strings in 50382.diff are the only ones I've found. Let's improve them in 5.8.
Looks like this was also previously considered in comment:1:ticket:43617.
If any plugin or theme uses the word in other user-facing messages, it would be up to their authors to fix that.
Just to be clear, I've not raised this as a translation issue as this is a code issue - unless we change what we refer to it as in core code, changing message output is not, imo, something we can do (otherwise people won't understand what the error messages are referring back to - we need a singular word to use for this but one that doesn't offend).