WordPress как на ладони
Недорогой хостинг для сайтов на WordPress: wordpress.jino.ru
функция не описана

rest_cookie_check_errors() WP 4.4.0

Checks for errors when using cookie-based authentication.

WordPress' built-in cookie authentication is always active for logged in users. However, the API has to check nonces for each request to ensure users are not vulnerable to CSRF.

Хуков нет.

Возвращает

WP_Error/Разное/true/false. WP_Error if the cookie is invalid, the $result, otherwise true.

Использование

rest_cookie_check_errors( $result );
$result(WP_Error/смешанный) (обязательный)
Error from another authentication handler, null if we should handle it, or another value if not.

Заметки

  • Global. Смешанный. $wp_rest_auth_cookie

Список изменений

С версии 4.4.0 Введена.

Код rest cookie check errors: wp-includes/rest-api.php WP 5.4.2

<?php
function rest_cookie_check_errors( $result ) {
	if ( ! empty( $result ) ) {
		return $result;
	}

	global $wp_rest_auth_cookie;

	/*
	 * Is cookie authentication being used? (If we get an auth
	 * error, but we're still logged in, another authentication
	 * must have been used).
	 */
	if ( true !== $wp_rest_auth_cookie && is_user_logged_in() ) {
		return $result;
	}

	// Determine if there is a nonce.
	$nonce = null;

	if ( isset( $_REQUEST['_wpnonce'] ) ) {
		$nonce = $_REQUEST['_wpnonce'];
	} elseif ( isset( $_SERVER['HTTP_X_WP_NONCE'] ) ) {
		$nonce = $_SERVER['HTTP_X_WP_NONCE'];
	}

	if ( null === $nonce ) {
		// No nonce at all, so act as if it's an unauthenticated request.
		wp_set_current_user( 0 );
		return true;
	}

	// Check the nonce.
	$result = wp_verify_nonce( $nonce, 'wp_rest' );

	if ( ! $result ) {
		return new WP_Error( 'rest_cookie_invalid_nonce', __( 'Cookie nonce is invalid' ), array( 'status' => 403 ) );
	}

	// Send a refreshed nonce in header.
	rest_get_server()->send_header( 'X-WP-Nonce', wp_create_nonce( 'wp_rest' ) );

	return true;
}