Make WordPress Core

Opened 8 months ago

#59384 new enhancement

`wp_create_nonce()` should not have a default parameter

Reported by: bor0's profile bor0 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

If wp_create_nonce() is called multiple times, it will produce the same nonce, since wp_create_nonce's $action defaults to -1.

This might be against the developer's expectation "I called this twice, should get a different nonce", so it might be interpreted as a security trap in a way.

wp> wp_create_nonce()
=> string(10) "6f11a1efea"
wp> wp_create_nonce()
=> string(10) "6f11a1efea"

This is a minor issue/devex improvement, just being more explicit about the nonce's action.

Attachments (1)

59384.patch (503 bytes) - added by bor0 8 months ago.

Download all attachments as: .zip

Change History (1)

@bor0
8 months ago

Note: See TracTickets for help on using tickets.