[wp-trac] [WordPress Trac] #35188: Pass nonce action from "nonce_life" filter
WordPress Trac
noreply at wordpress.org
Mon Sep 12 12:46:08 UTC 2022
#35188: Pass nonce action from "nonce_life" filter
-------------------------------------------------+-------------------------
Reporter: giuseppe.mazzapica | Owner: audrasjb
Type: feature request | Status: accepted
Priority: normal | Milestone: 6.1
Component: General | Version: 4.6
Severity: normal | Resolution:
Keywords: has-patch needs-dev-note needs- | Focuses:
testing needs-testing-info has-unit-tests |
dev-feedback |
-------------------------------------------------+-------------------------
Changes (by audrasjb):
* keywords:
has-patch needs-dev-note needs-testing needs-testing-info has-unit-
tests
=>
has-patch needs-dev-note needs-testing needs-testing-info has-unit-
tests dev-feedback
Comment:
So @costdev I went to some tests and it looks like it doesn't work as
expected… or maybe it's just me… :D
First, create a simple plugin which will generate a link at the end of
each singular post of your test site.
This link contains a nonce, and when you click on the link, you'll get the
following message:
- if the nonce is valid (24 hours time limit by default), it will display
"Nonce is valid".
- if the nonce is invalid, it will display "Nonce is invalid"
Then we'll add a small snippet to this plugin, to change the time
limitation of our nonce only for the `nonce-life-tester`.
Here is the code of the plugin:
{{{#!php
<?php
/*
Plugin Name: nonce-life-tester
Author: audrasjb
Version: 0.1
Author URI: https://profiles.wordpress.org/audrasjb
*/
function nonce_life_tester_display_link( $content ) {
// Check if we're inside the main loop in a single Post.
$nonce = $_GET['_wpnonce'];
if ( isset( $nonce ) && ! empty( $nonce ) ) {
// Check Nonce and display verification results.
$verify = wp_verify_nonce( $nonce, 'nonce-life-tester' );
switch ( $verify ) {
case 1:
$result = 'Nonce is valid (less than 12
hours old)';
break;
case 2:
$result = 'Nonce is valid (between 12 and
24 hours old)';
break;
default:
$result = 'Nonce is invalid';
}
$content .= '<p>Nonce verification: <code>' . $result .
'</code></p>';
} else {
// Display a link with a Nonce.
if ( is_singular() && in_the_loop() && is_main_query() ) {
$url = wp_nonce_url( get_permalink(), 'nonce-life-
tester' );
$content .= '<p><a href="' . $url . '">Testing
nonces</a></p>';
}
}
return $content;
}
add_action( 'the_content', 'nonce_life_tester_display_link' );
function nonce_life_tester_reduce_time_limit( $lifespan, $action ) {
// Modify the lifespan of our specific Nonce.
if ( 'nonce-life-tester' === $action ) {
return 10; // 10 Seconds.
} else {
return $lifespan;
}
}
add_filter( 'nonce_life', 'nonce_life_tester_reduce_time_limit', 10, 2 );
}}}
Using the current PR, I always get `Nonce is invalid` message.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35188#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list