Add nonce_user_logged_out filters to wp_create_nonce() and wp_verify_nonce() for when there is no user ID. Provides plugins the ability to tie a nonce to some other characteristic of the session. props sc0ttkclark, fixes #21111.

git-svn-id: http://core.svn.wordpress.org/trunk@21837 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-27 06:42:56 +02:00 · 2012-09-13 17:17:47 +00:00 · 2012-09-13 17:17:47 +00:00 · 8886eef8d9
commit 8886eef8d9
parent a42be1dbb3
1 changed files with 4 additions and 0 deletions
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@ -1251,6 +1251,8 @@ if ( !function_exists('wp_verify_nonce') ) :
 function wp_verify_nonce($nonce, $action = -1) {
 	$user = wp_get_current_user();
 	$uid = (int) $user->ID;
+	if ( ! $uid )
+		$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );

 	$i = wp_nonce_tick();

@ -1277,6 +1279,8 @@ if ( !function_exists('wp_create_nonce') ) :
 function wp_create_nonce($action = -1) {
 	$user = wp_get_current_user();
 	$uid = (int) $user->ID;
+	if ( ! $uid )
+		$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );

 	$i = wp_nonce_tick();