Opened 3 years ago
#54280 new enhancement
wp_verify_nonce should return a filter
Reported by: | shawfactor | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 5.9 |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
Yes I am aware that wp_verify_nonce() is pluggable. However you may simply want to change the return value from false to 1 or 2. Creating a whole new pluggable function for this is not only overkill but also means that solutions that want to change the way nonces are verified (e.g. using different hashing functions) cannot coexist with people who simply want to change the return value.
Adding the filter would mean that as long as whoever was creating the new pluggable function kept the filter then their solution could co exists with other users who simply want to change the return value for specific situations.
e.g.
Invalid nonce.
return apply_filters( 'new_filter_wp_verify_nonce_failed', false, $nonce, $token, $uid);
BTW my use case for this was building a plugin where one user can message another on behalf of another. In a similar way that facebook alows messaging or commenting as a page.