WordPress.org

Make WordPress Core

Opened 6 weeks ago

#54280 new enhancement

wp_verify_nonce should return a filter

Reported by: shawfactor Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: trunk
Component: Security Keywords:
Focuses: Cc:

Description

Yes I am aware that wp_verify_nonce() is pluggable. However you may simply want to change the return value from false to 1 or 2. Creating a whole new pluggable function for this is not only overkill but also means that solutions that want to change the way nonces are verified (e.g. using different hashing functions) cannot coexist with people who simply want to change the return value.

Adding the filter would mean that as long as whoever was creating the new pluggable function kept the filter then their solution could co exists with other users who simply want to change the return value for specific situations.

e.g.

Invalid nonce.

return apply_filters( 'new_filter_wp_verify_nonce_failed', false, $nonce, $token, $uid);

BTW my use case for this was building a plugin where one user can message another on behalf of another. In a similar way that facebook alows messaging or commenting as a page.

Change History (0)

Note: See TracTickets for help on using tickets.