WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

General: Pass `$action` to `nonce_life` filter. 

This changeset contextualizes the usage of `nonce_life` filter by passing the `$action` parameter. It allows to alterate the default lifespan of nonces on a case by case basis.

Props giuseppemazzapica, dwainm, DrewAPicture, jorbin, audrasjb, SergeyBiryukov, costdev, antonvlasenko.
Fixes #35188.

Built from https://develop.svn.wordpress.org/trunk@54218


git-svn-id: http://core.svn.wordpress.org/trunk@53777 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
audrasjb 2022-09-19 21:36:10 +00:00
parent 8c7039e9c8
commit 4bb6301eb9
2 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
wp-includes/pluggable.php
View File

@ -2245,18 +2245,22 @@ if ( ! function_exists( 'wp_nonce_tick' ) ) :
* updated, e.g. by autosave. * updated, e.g. by autosave.
* *
* @since 2.5.0 * @since 2.5.0
* @since 6.1.0 Added `action` argument.
* *
* @param string|int $action Optional. The current nonce action. Default -1.
* @return float Float value rounded up to the next highest integer. * @return float Float value rounded up to the next highest integer.
*/ */
function wp_nonce_tick() { function wp_nonce_tick( $action = -1 ) {
/** /**
* Filters the lifespan of nonces in seconds. * Filters the lifespan of nonces in seconds.
* *
* @since 2.5.0 * @since 2.5.0
* @since 6.1.0 Added `action` argument to allow for more targeted filters.
* *
* @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day. * @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
* @param string|int $action The current nonce action.
*/ */
$nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS ); $nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS, $action );
return ceil( time() / ( $nonce_life / 2 ) ); return ceil( time() / ( $nonce_life / 2 ) );
} }
@ -2297,7 +2301,7 @@ if ( ! function_exists( 'wp_verify_nonce' ) ) :
} }
$token = wp_get_session_token(); $token = wp_get_session_token();
$i = wp_nonce_tick(); $i = wp_nonce_tick( $action );
// Nonce generated 0-12 hours ago. // Nonce generated 0-12 hours ago.
$expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); $expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
@ -2347,8 +2351,8 @@ if ( ! function_exists( 'wp_create_nonce' ) ) :
$uid = apply_filters( 'nonce_user_logged_out', $uid, $action ); $uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
} }
$token = wp_get_session_token(); $token = wp_get_session_token( $action );
$i = wp_nonce_tick(); $i = wp_nonce_tick( $action );
return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 ); return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
} }

2
wp-includes/version.php
View File

@ -16,7 +16,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '6.1-alpha-54217'; $wp_version = '6.1-alpha-54218';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.