[wp-trac] [WordPress Trac] #33635: $nonce_life is actually twice nonce life
WordPress Trac
noreply at wordpress.org
Mon Aug 31 19:59:44 UTC 2015
#33635: $nonce_life is actually twice nonce life
--------------------------+-----------------------------
Reporter: ericlewis | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
wp_nonce_tick() creates a deterministic string that changes when a nonce
expires.
The value `$nonce_life` is made available for filtering. The default says
a nonce lasts a day. This is incorrect because of the
[https://core.trac.wordpress.org/browser/tags/4.3/src/wp-
includes/pluggable.php#L1758 division by two used in the return
expression].
Here's some scratch math because yes I had to type this out
{{{
time() nonce_life return
0 86400 0 (Jan 1,
1970, 00:00:00)
1 86400 1 (Jan 1,
1970, 00:00:01)
43200 86400 1 (Jan 1,
1970, 12:00:00)
43201 86400 2 (Jan 1,
1970, 12:00:01)
86400 86400 2 (Jan 2,
1970, 00:00:00)
86401 86400 3 (Jan 2,
1970, 00:00:01)
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/33635>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list