snicco / wp-nonce-middleware
v2.0.0-beta.9
2024-09-07 14:27 UTC
Requires
- php: ^7.4|^8.0
- snicco/better-wp-api: ^2.0
- snicco/http-routing: ^2.0
- snicco/psr7-error-handler: ^2.0
Requires (Dev)
- phpunit/phpunit: ^9.5.13
- snicco/http-routing-testing: ^2.0
Conflicts
- snicco/better-wp-cache: <2.0.0-beta.9
- snicco/better-wp-cache-bundle: <2.0.0-beta.9
- snicco/better-wp-cli: <2.0.0-beta.9
- snicco/better-wp-cli-testing: <2.0.0-beta.9
- snicco/better-wp-hooks: <2.0.0-beta.9
- snicco/better-wp-hooks-bundle: <2.0.0-beta.9
- snicco/better-wp-mail: <2.0.0-beta.9
- snicco/better-wp-mail-bundle: <2.0.0-beta.9
- snicco/better-wp-mail-testing: <2.0.0-beta.9
- snicco/better-wpdb: <2.0.0-beta.9
- snicco/better-wpdb-bundle: <2.0.0-beta.9
- snicco/blade-bridge: <2.0.0-beta.9
- snicco/blade-bundle: <2.0.0-beta.9
- snicco/content-negotiation-middleware: <2.0.0-beta.9
- snicco/debug-bundle: <2.0.0-beta.9
- snicco/default-headers-middleware: <2.0.0-beta.9
- snicco/eloquent: <2.0.0-beta.9
- snicco/encryption-bundle: <2.0.0-beta.9
- snicco/event-dispatcher: <2.0.0-beta.9
- snicco/event-dispatcher-testing: <2.0.0-beta.9
- snicco/guests-only-middleware: <1.0.0
- snicco/http-routing-bundle: <2.0.0-beta.9
- snicco/http-routing-testing: <2.0.0-beta.9
- snicco/https-only-middleware: <2.0.0-beta.9
- snicco/illuminate-container-bridge: <2.0.0-beta.9
- snicco/kernel: <2.0.0-beta.9
- snicco/kernel-testing: <2.0.0-beta.9
- snicco/method-override-middleware: <2.0.0-beta.9
- snicco/minimal-logger: <2.0.0-beta.9
- snicco/must-match-route-middleware: <2.0.0-beta.9
- snicco/no-robots-middleware: <2.0.0-beta.9
- snicco/open-redirect-protection-middleware: <2.0.0-beta.9
- snicco/payload-middleware: <2.0.0-beta.9
- snicco/pimple-bridge: <2.0.0-beta.9
- snicco/psr7-error-handler: <1.0.0
- snicco/redirect-middleware: <2.0.0-beta.9
- snicco/session: <2.0.0-beta.9
- snicco/session-bundle: <2.0.0-beta.9
- snicco/session-psr16-bridge: <2.0.0-beta.9
- snicco/session-testing: <2.0.0-beta.9
- snicco/session-wp-bridge: <2.0.0-beta.9
- snicco/share-cookies-middleware: <2.0.0-beta.9
- snicco/signed-url: <2.0.0-beta.9
- snicco/signed-url-psr15-bridge: <2.0.0-beta.9
- snicco/signed-url-psr16-bridge: <2.0.0-beta.9
- snicco/signed-url-testing: <2.0.0-beta.9
- snicco/signed-url-wp-bridge: <2.0.0-beta.9
- snicco/str-arr: <2.0.0-beta.9
- snicco/templating: <2.0.0-beta.9
- snicco/templating-bundle: <2.0.0-beta.9
- snicco/testable-clock: <2.0.0-beta.9
- snicco/testing-bundle: <2.0.0-beta.9
- snicco/trailing-slash-middleware: <2.0.0-beta.9
- snicco/wp-auth-only-middleware: <2.0.0-beta.9
- snicco/wp-capability-middleware: <2.0.0-beta.9
- snicco/wp-capapility-middleware: <1.0.0
- snicco/wp-guests-only-middleware: <2.0.0-beta.9
- dev-master
- v2.0.0-beta.9
- v2.0.0-beta.8
- v2.0.0-beta.7
- v2.0.0-beta.6
- v2.0.0-beta.5
- v2.0.0-beta.4
- v2.0.0-beta.3
- v2.0.0-beta.2
- v2.0.0-beta.1
- v1.10.1
- v1.10.0
- v1.9.1
- v1.9.0
- v1.8.1
- v1.8.0
- v1.7.0
- v1.6.2
- v1.6.1
- v1.6.0
- v1.5.0
- v1.4.2
- v1.4.1
- v1.4.0
- v1.3.0
- v1.2.1
- v1.2.0
- v1.1.3
- v1.1.2
- v1.1.1
- v1.1.0
- v1.0.2
- v1.0.1
- v1.0.0
- dev-beta
This package is auto-updated.
Last update: 2024-09-07 14:27:56 UTC
README
这个中间件用于snicco/http-routing
组件,将一次性解决您的WordPress nonce问题。
停止在每个控制器中手动验证nonce。
停止忘记验证nonce。
停止通过nonce操作将控制器代码与视图耦合。
有更好的方法。
安装
composer require snicco/wp-nonce-middleware
使用方法
将VerifyWPNonce
中间件添加到全局中间件。
此中间件为每个请求执行以下操作
- 不安全的请求(
POST
、PATCH
、DELETE
等)将使用wp_verify_nonce
检查请求体中的有效WordPress nonce。如果没有找到有效的nonce,将抛出401 HTTPException
。 - 对于读取请求和
WPNonce
实例,如果返回响应是ViewResponse
,则将其添加到视图数据中。
在您的视图中,您可以像这样使用WPNonce
实例
向表单所在的同一位置提交
<?php /** * @var Snicco\Middleware\WPNonce\WPNonce $wp_nonce */ ?> <form method="POST"> <?= $wp_nonce() ?> <button type="submit">Submit</button> </form>
向路由URL或硬编码的URL提交,该URL与当前位置不同
<?php /** * @var Snicco\Middleware\WPNonce\WPNonce $wp_nonce * @var Snicco\Component\HttpRouting\Routing\UrlGenerator\UrlGenerator $url */ $route_url = $url->toRoute('route1', ['param1' => 'foo']); ?> <form method="POST" action="<?= $route_url ?>"> <?= $wp_nonce($route_url) ?> <button type="submit">Submit</button> </form>
现在永远忘记WordPress nonce。如果请求到达您的控制器,则它具有有效的nonce。
贡献
此存储库是Snicco项目开发仓库的只读分支。
报告问题和发送拉取请求
请在Snicco单仓中报告问题。
安全性
如果您发现安全漏洞,请遵循我们的披露流程。