General: Pass $action to nonce_life filter.

This changeset contextualizes the usage of `nonce_life` filter by passing the `$action` parameter. It allows to alterate the default lifespan of nonces on a case by case basis. Props giuseppemazzapica, dwainm, DrewAPicture, jorbin, audrasjb, SergeyBiryukov, costdev, antonvlasenko. Fixes #35188. git-svn-id: https://develop.svn.wordpress.org/trunk@54218 602fd350-edb4-49c9-b593-d223f7449a82
2025-02-07 16:10:43 +01:00 · 2022-09-19 21:34:52 +00:00 · 2022-09-19 21:34:52 +00:00 · 0c248dc0df
commit 0c248dc0df
parent 8127aaed05
2 changed files with 11 additions and 7 deletions
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@ -2245,18 +2245,22 @@ if ( ! function_exists( 'wp_nonce_tick' ) ) :
 	 * updated, e.g. by autosave.
 	 *
 	 * @since 2.5.0
+	 * @since 6.1.0 Added `action` argument.
 	 *
+	 * @param string|int $action Optional. The current nonce action. Default -1.
 	 * @return float Float value rounded up to the next highest integer.
 	 */
-	function wp_nonce_tick() {
+	function wp_nonce_tick( $action = -1 ) {
 		/**
 		 * Filters the lifespan of nonces in seconds.
 		 *
 		 * @since 2.5.0
+		 * @since 6.1.0 Added `action` argument to allow for more targeted filters.
 		 *
-		 * @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
+		 * @param int        $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
+		 * @param string|int $action   The current nonce action.
 		 */
-		$nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS );
+		$nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS, $action );

 		return ceil( time() / ( $nonce_life / 2 ) );
 	}
@ -2297,7 +2301,7 @@ if ( ! function_exists( 'wp_verify_nonce' ) ) :
 		}

 		$token = wp_get_session_token();
-		$i     = wp_nonce_tick();
+		$i     = wp_nonce_tick( $action );

 		// Nonce generated 0-12 hours ago.
 		$expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
@ -2347,8 +2351,8 @@ if ( ! function_exists( 'wp_create_nonce' ) ) :
 			$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
 		}

-		$token = wp_get_session_token();
-		$i     = wp_nonce_tick();
+		$token = wp_get_session_token( $action );
+		$i     = wp_nonce_tick( $action );

 		return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
 	}
--- a/tests/phpunit/tests/pluggable.php
+++ b/tests/phpunit/tests/pluggable.php
@ -201,7 +201,7 @@ class Tests_Pluggable extends WP_UnitTestCase {
 				'deprecated' => null,
 				'notify'     => '',
 			),
-			'wp_nonce_tick'                   => array(),
+			'wp_nonce_tick'                   => array( 'action' => -1 ),
 			'wp_verify_nonce'                 => array(
 				'nonce',
 				'action' => -1,