WordPress как на ладони
Недорогой хостинг для сайтов на WordPress: wordpress.jino.ru Получай пассивный доход от сайта с помощью браузерных PUSH уведомлений
функция не описана

rest_cookie_check_errors() WP 4.4.0

Checks for errors when using cookie-based authentication.

WordPress' built-in cookie authentication is always active for logged in users. However, the API has to check nonces for each request to ensure users are not vulnerable to CSRF.

Хуков нет.

Возвращает

WP_Error/Разное/true|false. WP_Error if the cookie is invalid, the $result, otherwise true.

Использование

rest_cookie_check_errors( $result );
$result(WP_Error/разное) (обязательный)
Error from another authentication handler, null if we should handle it, or another value if not.

Заметки

  • Global. Разное. $wp_rest_auth_cookie

Список изменений

С версии 4.4.0 Введена.

Код rest_cookie_check_errors() WP 5.7.1

<?php
function rest_cookie_check_errors( $result ) {
	if ( ! empty( $result ) ) {
		return $result;
	}

	global $wp_rest_auth_cookie;

	/*
	 * Is cookie authentication being used? (If we get an auth
	 * error, but we're still logged in, another authentication
	 * must have been used).
	 */
	if ( true !== $wp_rest_auth_cookie && is_user_logged_in() ) {
		return $result;
	}

	// Determine if there is a nonce.
	$nonce = null;

	if ( isset( $_REQUEST['_wpnonce'] ) ) {
		$nonce = $_REQUEST['_wpnonce'];
	} elseif ( isset( $_SERVER['HTTP_X_WP_NONCE'] ) ) {
		$nonce = $_SERVER['HTTP_X_WP_NONCE'];
	}

	if ( null === $nonce ) {
		// No nonce at all, so act as if it's an unauthenticated request.
		wp_set_current_user( 0 );
		return true;
	}

	// Check the nonce.
	$result = wp_verify_nonce( $nonce, 'wp_rest' );

	if ( ! $result ) {
		return new WP_Error( 'rest_cookie_invalid_nonce', __( 'Cookie nonce is invalid' ), array( 'status' => 403 ) );
	}

	// Send a refreshed nonce in header.
	rest_get_server()->send_header( 'X-WP-Nonce', wp_create_nonce( 'wp_rest' ) );

	return true;
}