/** * Validates the nonce given in a request for the given action. * * @return bool */ public function validate() { if (!isset($_SERVER['REQUEST_METHOD']) || $_SERVER['REQUEST_METHOD'] !== $this->request_method) { return false; } if (!isset($this->allowed_request_methods[$this->request_method])) { return false; } if (!$this->context) { return false; } $nonce = filter_input($this->allowed_request_methods[$this->request_method], $this->context->get_name()); return (bool) wp_verify_nonce($nonce, $this->context->get_action()); }
/** * Test for the get_name() method. * * @dataProvider provide_get_name_data * * @param string $expected * @param string $action * @param string $name * * @return void */ public function test_get_name($expected, $action, $name) { Monkey\Functions::when('sanitize_title_with_dashes')->returnArg(); $testee = new Testee($action, $name); $this->assertSame($expected, $testee->get_name()); }
/** * Returns the given URL with the query argument for the given nonce context. * * @param string $url The current URL. * @param Context $context The nonce context object. * * @return string */ public function get($url, Context $context) { return wp_nonce_url((string) $url, $context->get_action(), $context->get_name()); }
/** * Returns the input element for the given nonce context. * * @param Context $context Nonce context object. * * @return string */ public function get(Context $context) { return wp_nonce_field($context->get_action(), $context->get_name(), false, false); }
/** * Returns the HTML data attribute string for the given nonce context. * * @param Context $context Nonce context object. * * @return string */ public function get(Context $context) { $nonce = wp_create_nonce($context->get_action()); return 'data-' . esc_attr($context->get_name()) . '="' . esc_attr($nonce) . '"'; }