[wp-trac] [WordPress Trac] #42477: Cannot save theme customizer changes if nonce_life value is filtered in the active theme
WordPress Trac
noreply at wordpress.org
Thu Nov 9 01:03:24 UTC 2017
#42477: Cannot save theme customizer changes if nonce_life value is filtered in the
active theme
--------------------------+------------------------------
Reporter: figureone | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Customize | Version: 4.8.3
Severity: normal | Resolution:
Keywords: | Focuses: administration
--------------------------+------------------------------
Comment (by figureone):
Replying to [comment:1 westonruter]:
> @figureone Interesting scenario. Why would a theme be adding a
`nonce_life` filter in the first place?
Good question, and I don't have a great answer. :)
Once I diagnosed this issue, I simply removed the `nonce_life` filter that
a previous theme developer had written; their comments only pointed to:
https://wordpress.stackexchange.com/questions/94585/is-it-safe-to-assume-
that-a-nonce-may-be-validated-more-than-once
So I gather someone might use it if they are worried about nonces being
stolen and reused, but I don't think that is a great idea in a theme
context.
The fix here could simply be to add some notes to the documentation for
the filter; I just wanted to seek some input first to see if there were
other uses for the `nonce_life` filter that I wasn't thinking of.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42477#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list