Make WordPress Core

Opened 9 months ago

Closed 2 weeks ago

Last modified 2 weeks ago

#60824 closed enhancement (duplicate)

Add filters to to wp_verify_nonce()

Reported by: tymotey's profile tymotey Owned by:
Milestone: Priority: normal
Severity: normal Version: 6.5
Component: Security Keywords: has-patch
Focuses: Cc:

Description

Allow a more customizable way to interact with wp_verify_nonce().
Improvements are meant to allow plugins to be able to modify/log the nonce sent, also allowing easy control on the return value in each situation(verify 1, verify 2, nonce failed to verify).

Change History (5)

This ticket was mentioned in PR #6305 on WordPress/wordpress-develop by @tymotey.


9 months ago
#1

  • Keywords has-patch added

Changes are meant for a improved way to modify input and output values of the function.

Trac ticket: https://core.trac.wordpress.org/ticket/60824#ticket

#2 @swissspidy
9 months ago

  • Summary changed from improvements to wp_verify_nonce() to Add filters to to wp_verify_nonce()

#3 @swissspidy
9 months ago

  • Focuses sustainability removed

#4 @johnbillion
2 weeks ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

I'm going to close this as a duplicate of, and for the same reasons as, #54280. Filtering nonce values without fully overriding its behaviour is an edge case and the functions involved are all pluggable. I don't think adding filters here provides a benefit.

#5 @tymotey
2 weeks ago

@johnbillion thank for your answer!

I will not argue the resolution, you have a wider view of the end results.

I have read both tickets and I feel like the idea is not the same as yours.
The idea of these filters is to give a way for multiple plugins to change or add their own checks for function verify_nonce, instead of 1 plugin overwriting the whole function :)

Thank you for reading and your time :)

Note: See TracTickets for help on using tickets.