[wp-trac] [WordPress Trac] #41993: wp_nonce_tick() - is division on 2 it a real need?
WordPress Trac
noreply at wordpress.org
Tue Sep 26 11:38:22 UTC 2017
#41993: wp_nonce_tick() - is division on 2 it a real need?
-------------------------+-----------------------------
Reporter: Tkama | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.8.2
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
Let's look into code
{{{#!php
function wp_nonce_tick() {
/**
* Filters the lifespan of nonces in seconds.
*
* @since 2.5.0
*
* @param int $lifespan Lifespan of nonces in seconds. Default
86,400 seconds, or one day.
*/
$nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS );
return ceil(time() / ( $nonce_life / 2 ));
}
}}}
It seams right to do division in filter value - `DAY_IN_SECONDS/2`
Because, for example, let's see what last division without `ceil()`
returns:
{{{#!php
<?php
$nonce = function( $nonce_life = 4 ){
echo time() / ( $nonce_life / 2 ) ."<br>";
sleep(1);
};
$nonce(); $nonce(); $nonce(); $nonce();
/* result
753212654
753212654.5
753212655
753212655.5
*/
}}}
As we see `$nonce_life = 4 sec` and in 4 sec nonce code changes two times,
but not one time as we expected, because set life of nonce to 4sec...
So if we have nonce_life as `DAY_IN_SECONDS` - real nonce life becomes
`DAY_IN_SECONDS/2`.
Why it is correct, why we need this logic?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/41993>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list