/**
  * Validates the nonce given in a request for the given action.
  *
  * @return bool
  */
 public function validate()
 {
     if (!isset($_SERVER['REQUEST_METHOD']) || $_SERVER['REQUEST_METHOD'] !== $this->request_method) {
         return false;
     }
     if (!isset($this->allowed_request_methods[$this->request_method])) {
         return false;
     }
     if (!$this->context) {
         return false;
     }
     $nonce = filter_input($this->allowed_request_methods[$this->request_method], $this->context->get_name());
     return (bool) wp_verify_nonce($nonce, $this->context->get_action());
 }
Example #2
0
 /**
  * Test for the get_name() method.
  *
  * @dataProvider provide_get_name_data
  *
  * @param string $expected
  * @param string $action
  * @param string $name
  *
  * @return void
  */
 public function test_get_name($expected, $action, $name)
 {
     Monkey\Functions::when('sanitize_title_with_dashes')->returnArg();
     $testee = new Testee($action, $name);
     $this->assertSame($expected, $testee->get_name());
 }
Example #3
0
 /**
  * Returns the given URL with the query argument for the given nonce context.
  *
  * @param string  $url     The current URL.
  * @param Context $context The nonce context object.
  *
  * @return string
  */
 public function get($url, Context $context)
 {
     return wp_nonce_url((string) $url, $context->get_action(), $context->get_name());
 }
Example #4
0
 /**
  * Returns the input element for the given nonce context.
  *
  * @param Context $context Nonce context object.
  *
  * @return string
  */
 public function get(Context $context)
 {
     return wp_nonce_field($context->get_action(), $context->get_name(), false, false);
 }
Example #5
0
 /**
  * Returns the HTML data attribute string for the given nonce context.
  *
  * @param Context $context Nonce context object.
  *
  * @return string
  */
 public function get(Context $context)
 {
     $nonce = wp_create_nonce($context->get_action());
     return 'data-' . esc_attr($context->get_name()) . '="' . esc_attr($nonce) . '"';
 }