Changeset 12602 for sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-release-confirmation.php
- Timestamp:
- 05/24/2023 06:05:43 AM (21 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-release-confirmation.php
r11814 r12602 15 15 const SHORTCODE = 'release-confirmation'; 16 16 const COOKIE = 'release_confirmation_access_token'; 17 const NONCE = 'plugins-developers-releases-page';17 const META_KEY = '_release_confirmation_access_token'; 18 18 const URL_PARAM = 'access_token'; 19 19 … … 273 273 } 274 274 275 if ( false !== wp_verify_nonce( $_COOKIE[ self::COOKIE ], self::NONCE ) ) { 275 // ...and it be valid.. 276 $token = get_user_meta( get_current_user_id(), self::META_KEY, true ); 277 if ( 278 $token && 279 $token['time'] > ( time() - DAY_IN_SECONDS ) && 280 wp_check_password( $_COOKIE[ self::COOKIE ], $token['token'] ) 281 ) { 276 282 return true; 277 283 } … … 288 294 } 289 295 290 $current_user = wp_get_current_user()->ID; 291 wp_set_current_user( $user->ID ); 292 293 $url = wp_nonce_url( 294 home_url( '/developers/releases/' ), // TODO: Hardcoded url. 295 self::NONCE, 296 self::URL_PARAM 296 $time = time(); 297 $plaintext = wp_generate_password( 24, false ); 298 $token = wp_hash_password( $plaintext ); 299 update_user_meta( $user->ID, self::META_KEY, compact( 'token', 'time' ) ); 300 301 $url = add_query_arg( 302 self::URL_PARAM, 303 urlencode( $plaintext ), 304 home_url( '/developers/releases/' ) 297 305 ); 298 299 wp_set_current_user( $current_user );300 306 301 307 return $url;
Note: See TracChangeset
for help on using the changeset viewer.