Make WordPress Core

Opened 4 years ago

Closed 3 years ago

#50382 closed enhancement (fixed)

Language improvement: reconsider use of the word 'nonce', as used in WordPress

Reported by: dartiss's profile dartiss Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 5.8 Priority: normal
Severity: normal Version:
Component: Text Changes Keywords: has-patch
Focuses: Cc:

Description

Although, in most languages, nonce means a "one or single occasion", it has a much more unfortunate usage in British English: https://en.wiktionary.org/wiki/nonce.

Not only do we use the word in WordPress' code base but also in output messages.

Could we consider changing usage of this word to something else?

Attachments (1)

50382.diff (2.1 KB) - added by SergeyBiryukov 3 years ago.

Download all attachments as: .zip

Change History (9)

#1 @dartiss
4 years ago

Just to be clear, I've not raised this as a translation issue as this is a code issue - unless we change what we refer to it as in core code, changing message output is not, imo, something we can do (otherwise people won't understand what the error messages are referring back to - we need a singular word to use for this but one that doesn't offend).

#2 follow-up: @SergeyBiryukov
4 years ago

  • Keywords 2nd-opinion added

Thanks for the ticket!

Unfortunately, with functions like wp_create_nonce(), wp_verify_nonce(), or wp_nonce_field() being used 100,000+ times in 16,000+ plugins and 7,000+ in 2,000 themes, it doesn't seem like replacing them would be feasible.

We could look into changing the output messages, however, as you mentioned, that would introduce confusion as to what the messages are referring to.

#3 in reply to: ↑ 2 @dartiss
4 years ago

Replying to SergeyBiryukov:

Thanks for the ticket!

Unfortunately, with functions like wp_create_nonce(), wp_verify_nonce(), or wp_nonce_field() being used 100,000+ times in 16,000+ plugins and 7,000+ in 2,000 themes, it doesn't seem like replacing them would be feasible.

We could look into changing the output messages, however, as you mentioned, that would introduce confusion as to what the messages are referring to.

It's true that we can't change that third party code and, yes, you're right about only changing the messages - we need a consistent wording policy.

However, we could rename those functions and put aliases into place for backwards compatibility. The messages would refer to the new functions and the old name would only remain in place for the purposes of that compatibility. We could then push for developers to start using the new functions over time.

#4 @williampatton
4 years ago

Just noting that, as someone who natively speaks British English and is aware of the alternative meaning of this term, I have never misunderstood it's use in code nor found it offensive in any way.

I have also only ever seen the alternate version spelled differently - with an 's' rather than a 'c'.

#5 @dartiss
4 years ago

As far as I can tell, only nonce is the correct spelling, whether used in code or as the British slang term.

Are people being offended? The term suggests that someone is a sexual predator towards children.

https://twitter.com/search?q=wordpress%20nonce&src=typed_query would suggest that a good deal of people are, at least, mentioning it because it seems, well, odd to be using that term.

Personally, I don't wait around for offence to occur before correcting something that is, in my opinion, wrong. We should change this.

As for all the functions and global that use it, something similar is being down with blacklist (see https://core.trac.wordpress.org/ticket/48900), including renaming globals and putting temporary aliases in place.

Last edited 4 years ago by dartiss (previous) (diff)

#6 @johnbillion
4 years ago

Does WordPress still expose the word "nonce" to end-users? I thought we'd improved most of those error messages. If there are still some, we should improve those regardless.

@SergeyBiryukov
3 years ago

#7 @SergeyBiryukov
3 years ago

  • Keywords has-patch added; 2nd-opinion removed
  • Milestone changed from Awaiting Review to 5.8

Replying to dartiss:

Not only do we use the word in WordPress' code base but also in output messages.

Replying to johnbillion:

Does WordPress still expose the word "nonce" to end-users? I thought we'd improved most of those error messages. If there are still some, we should improve those regardless.

I've checked the core for any instances of the word in user-facing messages, and the three strings in 50382.diff are the only ones I've found. Let's improve them in 5.8.

Looks like this was also previously considered in comment:1:ticket:43617.

If any plugin or theme uses the word in other user-facing messages, it would be up to their authors to fix that.

#8 @SergeyBiryukov
3 years ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 50947:

Text Changes: Improve the wording of some error messages.

Props dartiss, williampatton, johnbillion, SergeyBiryukov.
Fixes #50382.

Note: See TracTickets for help on using tickets.