Skip to content
Permalink
Browse files

Allow plugins to alter nonces

  • Loading branch information...
franzwilding authored and ozh committed Apr 7, 2019
1 parent 6ae4a44 commit 7b097126f9e838c3eab1693531886fc168b1e8d9
Showing with 10 additions and 1 deletion.
  1. +10 −1 includes/functions.php
@@ -1649,6 +1649,7 @@ function yourls_tick() {
return ceil( time() / YOURLS_NONCE_LIFE );
}
/**
* Create a time limited, action limited and user limited token
*
@@ -1657,7 +1658,9 @@ function yourls_create_nonce( $action, $user = false ) {
if( false == $user )
$user = defined( 'YOURLS_USER' ) ? YOURLS_USER : '-1';
$tick = yourls_tick();
return substr( yourls_salt($tick . $action . $user), 0, 10 );
$nonce = substr( yourls_salt($tick . $action . $user), 0, 10 );
// Allow plugins to alter the nonce
return yourls_apply_filter( 'create_nonce', $nonce, $action, $user );
}
/**
@@ -1696,6 +1699,12 @@ function yourls_verify_nonce( $action, $nonce = false, $user = false, $return =
if( false == $nonce && isset( $_REQUEST['nonce'] ) )
$nonce = $_REQUEST['nonce'];
// Allow plugins to short-circuit the rest of the function
$valid = yourls_apply_filter( 'verify_nonce', false, $action, $nonce, $user, $return );
if ($valid) {
return true;
}
// what nonce should be
$valid = yourls_create_nonce( $action, $user );

0 comments on commit 7b09712

Please sign in to comment.
You can’t perform that action at this time.