[wp-trac] [WordPress Trac] #54280: wp_verify_nonce should return a filter
WordPress Trac
noreply at wordpress.org
Sun Oct 17 04:38:02 UTC 2021
#54280: wp_verify_nonce should return a filter
-------------------------+-----------------------------
Reporter: shawfactor | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
Yes I am aware that wp_verify_nonce() is pluggable. However you may simply
want to change the return value from false to 1 or 2. Creating a whole new
pluggable function for this is not only overkill but also means that
solutions that want to change the way nonces are verified (e.g. using
different hashing functions) cannot coexist with people who simply want to
change the return value.
Adding the filter would mean that as long as whoever was creating the new
pluggable function kept the filter then their solution could co exists
with other users who simply want to change the return value for specific
situations.
e.g.
// Invalid nonce.
return apply_filters( 'new_filter_wp_verify_nonce_failed', false,
$nonce, $token, $uid);
BTW my use case for this was building a plugin where one user can message
another on behalf of another. In a similar way that facebook alows
messaging or commenting as a page.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54280>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list