[wp-trac] [WordPress Trac] #54280: wp_verify_nonce should return a filter

WordPress Trac noreply at wordpress.org
Sun Oct 17 04:38:02 UTC 2021


#54280: wp_verify_nonce should return a filter
-------------------------+-----------------------------
 Reporter:  shawfactor   |      Owner:  (none)
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  Security     |    Version:  trunk
 Severity:  normal       |   Keywords:
  Focuses:               |
-------------------------+-----------------------------
 Yes I am aware that wp_verify_nonce() is pluggable. However you may simply
 want to change the return value from false to 1 or 2. Creating a whole new
 pluggable function for this is not only overkill but also means that
 solutions that want to change the way nonces are verified (e.g. using
 different hashing functions) cannot coexist with people who simply want to
 change the return value.

 Adding the filter would mean that as long as whoever was creating the new
 pluggable function kept the filter then their solution could co exists
 with other users who simply want to change the return value for specific
 situations.

 e.g.

 // Invalid nonce.
     return apply_filters( 'new_filter_wp_verify_nonce_failed', false,
 $nonce, $token, $uid);


 BTW my use case for this was building a plugin where one user can message
 another on behalf of another. In a similar way that facebook alows
 messaging or commenting as a page.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/54280>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list