[wp-trac] [WordPress Trac] #24030: Add an action for when nonce verification fails

WordPress Trac noreply at wordpress.org
Wed Apr 10 10:21:37 UTC 2013


#24030: Add an action for when nonce verification fails
-----------------------------+--------------------------
 Reporter:  dd32             |       Type:  defect (bug)
   Status:  new              |   Priority:  normal
Milestone:  Awaiting Review  |  Component:  General
  Version:  3.4.1            |   Severity:  normal
 Keywords:                   |
-----------------------------+--------------------------
 Currently when a plugin (or core) calls `check_admin_referer()` there is
 no way for auditing (or debugging) plugins to hook in and record an event
 that the nonce check failed.

 Previously it was possible to use the `explain_nonce_$nonce` filter to do
 this, but that was removed in [21133].

 If a plugin wants to record an event for a failing nonce, it'll need to
 call wp_verify_nonce() manually itself, and die afterwards, or call
 `check_admin_referer()` after verifying the nonce itself for logging
 purposes.

 I'd suggest either resurrecting the previous filter as an action (for back
 compat) or adding a new nonce failure hook.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/24030>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list