‘nonce_life’ hook
-
Hello,
I’ve been having issues with my nonce lifespans, and I discovered there was the following hook being applied from the better messages plugin in inside ‘/bp-better-messages/inc/hooks.php’
add_filter( 'nonce_life', array( $this, 'nonce_lifespan' ), 5 ); public function nonce_lifespan( $duration ){ $min_duration = 7 * DAY_IN_SECONDS; if( $min_duration > $duration ){ $duration = $min_duration; } return $duration; }Instead it would be preferable, both for me and in terms of good practice, to specify which the nonces bp-better-messages wants to increase lifespan of like so:
add_filter( 'nonce_life', array( $this, 'nonce_lifespan' ), 5 , 2); public function nonce_lifespan( $duration , $action){ if($action == 'bp-nonce'){ $min_duration = 7 * DAY_IN_SECONDS; if( $min_duration > $duration ){ $duration = $min_duration; } } return $duration; }
Thank you.
-
Hello,
I’m filtering bp-better-messages from showing to visitors as there’s no use for it to visitors in my case.
However I can’t filter the plugin in ajax requests. And since the bp-better-messages is applying the ‘nonce_life’ to all nonces, then the nonce calculated on the ajax request will be different from the nonce calculated on page load which filters the plugin.
Additionally it’s increasing the lifespan of all nonces, not just bp-better-messages.
Thank you.A workaround for the issue I guess would be :
add_filter('nonce_life', function($duration){ if( function_exists('BP_Better_Messages_Hooks') && !is_user_logged_in()) { remove_filter( 'nonce_life', array( BP_Better_Messages_Hooks(), 'nonce_lifespan' ), 5 ); } return $duration; }, 4);
- The topic ‘‘nonce_life’ hook’ is closed to new replies.
