snicco / wp-nonce-middleware

维护者

详细信息

github.com/snicco/wp-nonce-middleware

安装: 10,244

v2.0.0-beta.9 2024-09-07 14:27 UTC

Requires

Requires (Dev)

phpunit/phpunit: ^9.5.13
snicco/http-routing-testing: ^2.0

Suggests

None

Provides

None

Conflicts

snicco/better-wp-cache: <2.0.0-beta.9
snicco/better-wp-cache-bundle: <2.0.0-beta.9
snicco/better-wp-cli: <2.0.0-beta.9
snicco/better-wp-cli-testing: <2.0.0-beta.9
snicco/better-wp-hooks: <2.0.0-beta.9
snicco/better-wp-hooks-bundle: <2.0.0-beta.9
snicco/better-wp-mail: <2.0.0-beta.9
snicco/better-wp-mail-bundle: <2.0.0-beta.9
snicco/better-wp-mail-testing: <2.0.0-beta.9
snicco/better-wpdb: <2.0.0-beta.9
snicco/better-wpdb-bundle: <2.0.0-beta.9
snicco/blade-bridge: <2.0.0-beta.9
snicco/blade-bundle: <2.0.0-beta.9
snicco/content-negotiation-middleware: <2.0.0-beta.9
snicco/debug-bundle: <2.0.0-beta.9
snicco/default-headers-middleware: <2.0.0-beta.9
snicco/eloquent: <2.0.0-beta.9
snicco/encryption-bundle: <2.0.0-beta.9
snicco/event-dispatcher: <2.0.0-beta.9
snicco/event-dispatcher-testing: <2.0.0-beta.9
snicco/guests-only-middleware: <1.0.0
snicco/http-routing-bundle: <2.0.0-beta.9
snicco/http-routing-testing: <2.0.0-beta.9
snicco/https-only-middleware: <2.0.0-beta.9
snicco/illuminate-container-bridge: <2.0.0-beta.9
snicco/kernel: <2.0.0-beta.9
snicco/kernel-testing: <2.0.0-beta.9
snicco/method-override-middleware: <2.0.0-beta.9
snicco/minimal-logger: <2.0.0-beta.9
snicco/must-match-route-middleware: <2.0.0-beta.9
snicco/no-robots-middleware: <2.0.0-beta.9
snicco/open-redirect-protection-middleware: <2.0.0-beta.9
snicco/payload-middleware: <2.0.0-beta.9
snicco/pimple-bridge: <2.0.0-beta.9
snicco/psr7-error-handler: <1.0.0
snicco/redirect-middleware: <2.0.0-beta.9
snicco/session: <2.0.0-beta.9
snicco/session-bundle: <2.0.0-beta.9
snicco/session-psr16-bridge: <2.0.0-beta.9
snicco/session-testing: <2.0.0-beta.9
snicco/session-wp-bridge: <2.0.0-beta.9
snicco/share-cookies-middleware: <2.0.0-beta.9
snicco/signed-url: <2.0.0-beta.9
snicco/signed-url-psr15-bridge: <2.0.0-beta.9
snicco/signed-url-psr16-bridge: <2.0.0-beta.9
snicco/signed-url-testing: <2.0.0-beta.9
snicco/signed-url-wp-bridge: <2.0.0-beta.9
snicco/str-arr: <2.0.0-beta.9
snicco/templating: <2.0.0-beta.9
snicco/templating-bundle: <2.0.0-beta.9
snicco/testable-clock: <2.0.0-beta.9
snicco/testing-bundle: <2.0.0-beta.9
snicco/trailing-slash-middleware: <2.0.0-beta.9
snicco/wp-auth-only-middleware: <2.0.0-beta.9
snicco/wp-capability-middleware: <2.0.0-beta.9
snicco/wp-capapility-middleware: <1.0.0
snicco/wp-guests-only-middleware: <2.0.0-beta.9

Replaces

None

LGPL-3.0-only 0bdbc210bb5f5587aabc8b1315a5afd76a3a0ad5

Calvin Alkan <calvin.woop@snicco.de>

This package is auto-updated.

Last update: 2024-09-07 14:27:56 UTC

README

这个中间件用于snicco/http-routing组件，将一次性解决您的WordPress nonce问题。

停止在每个控制器中手动验证nonce。

停止忘记验证nonce。

停止通过nonce操作将控制器代码与视图耦合。

有更好的方法。

安装

composer require snicco/wp-nonce-middleware

使用方法

将VerifyWPNonce中间件添加到全局中间件。

此中间件为每个请求执行以下操作

不安全的请求（POST、PATCH、DELETE等）将使用wp_verify_nonce检查请求体中的有效WordPress nonce。如果没有找到有效的nonce，将抛出401 HTTPException。
对于读取请求和WPNonce实例，如果返回响应是ViewResponse，则将其添加到视图数据中。

在您的视图中，您可以像这样使用WPNonce实例

向表单所在的同一位置提交

<?php
/**
* @var Snicco\Middleware\WPNonce\WPNonce $wp_nonce 
*/
?>

<form method="POST">
    <?= $wp_nonce() ?>
    <button type="submit">Submit</button>
</form>

向路由URL或硬编码的URL提交，该URL与当前位置不同

<?php
/**
* @var Snicco\Middleware\WPNonce\WPNonce $wp_nonce 
* @var Snicco\Component\HttpRouting\Routing\UrlGenerator\UrlGenerator $url 
*/
$route_url = $url->toRoute('route1', ['param1' => 'foo']);

?>

<form method="POST" action="<?= $route_url ?>">
    <?= $wp_nonce($route_url) ?>
    <button type="submit">Submit</button>
</form>

现在永远忘记WordPress nonce。如果请求到达您的控制器，则它具有有效的nonce。

贡献

此存储库是Snicco项目开发仓库的只读分支。

以下是您可以如何贡献.

报告问题和发送拉取请求

请在Snicco单仓中报告问题。

安全性

如果您发现安全漏洞，请遵循我们的披露流程。