/** * Validates the nonce given in a request for the given action. * * @return bool */ public function validate() { if (!isset($_SERVER['REQUEST_METHOD']) || $_SERVER['REQUEST_METHOD'] !== $this->request_method) { return false; } if (!isset($this->allowed_request_methods[$this->request_method])) { return false; } if (!$this->context) { return false; } $nonce = filter_input($this->allowed_request_methods[$this->request_method], $this->context->get_name()); return (bool) wp_verify_nonce($nonce, $this->context->get_action()); }
/** * Test for the get_action() method. * * @return void */ public function test_get_action() { Monkey\Functions::when('sanitize_title_with_dashes'); $action = 'action'; $testee = new Testee($action); $this->assertSame($action, $testee->get_action()); }
/** * Returns the given URL with the query argument for the given nonce context. * * @param string $url The current URL. * @param Context $context The nonce context object. * * @return string */ public function get($url, Context $context) { return wp_nonce_url((string) $url, $context->get_action(), $context->get_name()); }
/** * Returns the input element for the given nonce context. * * @param Context $context Nonce context object. * * @return string */ public function get(Context $context) { return wp_nonce_field($context->get_action(), $context->get_name(), false, false); }
/** * Returns the HTML data attribute string for the given nonce context. * * @param Context $context Nonce context object. * * @return string */ public function get(Context $context) { $nonce = wp_create_nonce($context->get_action()); return 'data-' . esc_attr($context->get_name()) . '="' . esc_attr($nonce) . '"'; }