Opened 15 months ago
#59384 new enhancement
`wp_create_nonce()` should not have a default parameter
Reported by: | bor0 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
If wp_create_nonce()
is called multiple times, it will produce the same nonce, since wp_create_nonce
's $action
defaults to -1
.
This might be against the developer's expectation "I called this twice, should get a different nonce", so it might be interpreted as a security trap in a way.
wp> wp_create_nonce()
=> string(10) "6f11a1efea"
wp> wp_create_nonce()
=> string(10) "6f11a1efea"
This is a minor issue/devex improvement, just being more explicit about the nonce's action.
Attachments (1)
Note: See
TracTickets for help on using
tickets.