[wp-trac] [WordPress Trac] #24030: Add an action for when nonce verification fails
WordPress Trac
noreply at wordpress.org
Wed Apr 10 10:21:37 UTC 2013
#24030: Add an action for when nonce verification fails
-----------------------------+--------------------------
Reporter: dd32 | Type: defect (bug)
Status: new | Priority: normal
Milestone: Awaiting Review | Component: General
Version: 3.4.1 | Severity: normal
Keywords: |
-----------------------------+--------------------------
Currently when a plugin (or core) calls `check_admin_referer()` there is
no way for auditing (or debugging) plugins to hook in and record an event
that the nonce check failed.
Previously it was possible to use the `explain_nonce_$nonce` filter to do
this, but that was removed in [21133].
If a plugin wants to record an event for a failing nonce, it'll need to
call wp_verify_nonce() manually itself, and die afterwards, or call
`check_admin_referer()` after verifying the nonce itself for logging
purposes.
I'd suggest either resurrecting the previous filter as an action (for back
compat) or adding a new nonce failure hook.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24030>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list