[wp-trac] [WordPress Trac] #21111: Make nonce unique for users AND non-users
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 29 14:38:15 UTC 2012
#21111: Make nonce unique for users AND non-users
-------------------------+------------------------------
Reporter: sc0ttkclark | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.4
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+------------------------------
Changes (by sc0ttkclark):
* keywords: => has-patch
Comment:
No way for me to modify the original description now, but attached a
solution in the form of running a filter if $uid is empty. Please excuse
my original solution example, I'm working on a low amount of sleep at the
moment trying to get a project finished.
With the patch, plugin authors are free to interact with sessions/cookies
to create unique IDs for non-users and continue using wp nonce functions
instead of having to roll their own, which means they either have to use
their own plus wp nonce functions for logged in users, or their own
entirely. This solves that issue.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21111#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list