General: Pass $action to nonce_life filter.

audrasjb · audrasjb · commit 0c248dc0dffe · 2022-09-19T21:34:52.000Z
This changeset contextualizes the usage of `nonce_life` filter by passing the `$action` parameter. It allows to alterate the default lifespan of nonces on a case by case basis. Props giuseppemazzapica, dwainm, DrewAPicture, jorbin, audrasjb, SergeyBiryukov, costdev, antonvlasenko. Fixes #35188. git-svn-id: https://develop.svn.wordpress.org/trunk@54218 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
@@ -2245,18 +2245,22 @@ function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' )
 	 * updated, e.g. by autosave.
 	 *
 	 * @since 2.5.0
+	 * @since 6.1.0 Added `action` argument.
 	 *
+	 * @param string|int $action Optional. The current nonce action. Default -1.
 	 * @return float Float value rounded up to the next highest integer.
 	 */
-	function wp_nonce_tick() {
+	function wp_nonce_tick( $action = -1 ) {
 		/**
 		 * Filters the lifespan of nonces in seconds.
 		 *
 		 * @since 2.5.0
+		 * @since 6.1.0 Added `action` argument to allow for more targeted filters.
 		 *
-		 * @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
+		 * @param int        $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
+		 * @param string|int $action   The current nonce action.
 		 */
-		$nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS );
+		$nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS, $action );
 
 		return ceil( time() / ( $nonce_life / 2 ) );
 	}
@@ -2297,7 +2301,7 @@ function wp_verify_nonce( $nonce, $action = -1 ) {
 		}
 
 		$token = wp_get_session_token();
-		$i     = wp_nonce_tick();
+		$i     = wp_nonce_tick( $action );
 
 		// Nonce generated 0-12 hours ago.
 		$expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
@@ -2347,8 +2351,8 @@ function wp_create_nonce( $action = -1 ) {
 			$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
 		}
 
-		$token = wp_get_session_token();
-		$i     = wp_nonce_tick();
+		$token = wp_get_session_token( $action );
+		$i     = wp_nonce_tick( $action );
 
 		return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
 	}
diff --git a/tests/phpunit/tests/pluggable.php b/tests/phpunit/tests/pluggable.php
@@ -201,7 +201,7 @@ public function get_pluggable_function_signatures() {
 				'deprecated' => null,
 				'notify'     => '',
 			),
-			'wp_nonce_tick'                   => array(),
+			'wp_nonce_tick'                   => array( 'action' => -1 ),
 			'wp_verify_nonce'                 => array(
 				'nonce',
 				'action' => -1,

Original file line number	Diff line number	Diff line change
`@@ -2245,18 +2245,22 @@ function wp_new_user_notification( $user_id, $deprecated = null, $notify = '' )`
`2245`	`2245`	`* updated, e.g. by autosave.`
`2246`	`2246`	`*`
`2247`	`2247`	`* @since 2.5.0`
	`2248`	+ * @since 6.1.0 Added `action` argument.
`2248`	`2249`	`*`
	`2250`	`+ * @param string\|int $action Optional. The current nonce action. Default -1.`
`2249`	`2251`	`* @return float Float value rounded up to the next highest integer.`
`2250`	`2252`	`*/`
`2251`		`- function wp_nonce_tick() {`
	`2253`	`+ function wp_nonce_tick( $action = -1 ) {`
`2252`	`2254`	`/**`
`2253`	`2255`	`* Filters the lifespan of nonces in seconds.`
`2254`	`2256`	`*`
`2255`	`2257`	`* @since 2.5.0`
	`2258`	+ * @since 6.1.0 Added `action` argument to allow for more targeted filters.
`2256`	`2259`	`*`
`2257`		`- * @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.`
	`2260`	`+ * @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.`
	`2261`	`+ * @param string\|int $action The current nonce action.`
`2258`	`2262`	`*/`
`2259`		`- $nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS );`
	`2263`	`+ $nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS, $action );`
`2260`	`2264`
`2261`	`2265`	`return ceil( time() / ( $nonce_life / 2 ) );`
`2262`	`2266`	`}`
`@@ -2297,7 +2301,7 @@ function wp_verify_nonce( $nonce, $action = -1 ) {`
`2297`	`2301`	`}`
`2298`	`2302`
`2299`	`2303`	`$token = wp_get_session_token();`
`2300`		`- $i = wp_nonce_tick();`
	`2304`	`+ $i = wp_nonce_tick( $action );`
`2301`	`2305`
`2302`	`2306`	`// Nonce generated 0-12 hours ago.`
`2303`	`2307`	`$expected = substr( wp_hash( $i . '\|' . $action . '\|' . $uid . '\|' . $token, 'nonce' ), -12, 10 );`
`@@ -2347,8 +2351,8 @@ function wp_create_nonce( $action = -1 ) {`
`2347`	`2351`	`$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );`
`2348`	`2352`	`}`
`2349`	`2353`
`2350`		`- $token = wp_get_session_token();`
`2351`		`- $i = wp_nonce_tick();`
	`2354`	`+ $token = wp_get_session_token( $action );`
	`2355`	`+ $i = wp_nonce_tick( $action );`
`2352`	`2356`
`2353`	`2357`	`return substr( wp_hash( $i . '\|' . $action . '\|' . $uid . '\|' . $token, 'nonce' ), -12, 10 );`
`2354`	`2358`	`}`