From 0c248dc0dffec93f8e8bda993150a1a3903d3c76 Mon Sep 17 00:00:00 2001
From: Jb Audras <audrasjb@git.wordpress.org>
Date: Mon, 19 Sep 2022 21:34:52 +0000
Subject: [PATCH] General: Pass `$action` to `nonce_life` filter.

This changeset contextualizes the usage of `nonce_life` filter by passing the `$action` parameter. It allows to alterate the default lifespan of nonces on a case by case basis.

Props giuseppemazzapica, dwainm, DrewAPicture, jorbin, audrasjb, SergeyBiryukov, costdev, antonvlasenko.
Fixes #35188.


git-svn-id: https://develop.svn.wordpress.org/trunk@54218 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/pluggable.php     | 16 ++++++++++------
 tests/phpunit/tests/pluggable.php |  2 +-
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
index bd338dac4a..387c3e2c7b 100644
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -2245,18 +2245,22 @@ if ( ! function_exists( 'wp_nonce_tick' ) ) :
 	 * updated, e.g. by autosave.
 	 *
 	 * @since 2.5.0
+	 * @since 6.1.0 Added `action` argument.
 	 *
+	 * @param string|int $action Optional. The current nonce action. Default -1.
 	 * @return float Float value rounded up to the next highest integer.
 	 */
-	function wp_nonce_tick() {
+	function wp_nonce_tick( $action = -1 ) {
 		/**
 		 * Filters the lifespan of nonces in seconds.
 		 *
 		 * @since 2.5.0
+		 * @since 6.1.0 Added `action` argument to allow for more targeted filters.
 		 *
-		 * @param int $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
+		 * @param int        $lifespan Lifespan of nonces in seconds. Default 86,400 seconds, or one day.
+		 * @param string|int $action   The current nonce action.
 		 */
-		$nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS );
+		$nonce_life = apply_filters( 'nonce_life', DAY_IN_SECONDS, $action );
 
 		return ceil( time() / ( $nonce_life / 2 ) );
 	}
@@ -2297,7 +2301,7 @@ if ( ! function_exists( 'wp_verify_nonce' ) ) :
 		}
 
 		$token = wp_get_session_token();
-		$i     = wp_nonce_tick();
+		$i     = wp_nonce_tick( $action );
 
 		// Nonce generated 0-12 hours ago.
 		$expected = substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
@@ -2347,8 +2351,8 @@ if ( ! function_exists( 'wp_create_nonce' ) ) :
 			$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
 		}
 
-		$token = wp_get_session_token();
-		$i     = wp_nonce_tick();
+		$token = wp_get_session_token( $action );
+		$i     = wp_nonce_tick( $action );
 
 		return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
 	}
diff --git a/tests/phpunit/tests/pluggable.php b/tests/phpunit/tests/pluggable.php
index 8cd8831f22..ef3d728779 100644
--- a/tests/phpunit/tests/pluggable.php
+++ b/tests/phpunit/tests/pluggable.php
@@ -201,7 +201,7 @@ class Tests_Pluggable extends WP_UnitTestCase {
 				'deprecated' => null,
 				'notify'     => '',
 			),
-			'wp_nonce_tick'                   => array(),
+			'wp_nonce_tick'                   => array( 'action' => -1 ),
 			'wp_verify_nonce'                 => array(
 				'nonce',
 				'action' => -1,