An OOP Composer package that allows using WordPress nonces
Run composer update
command with this requirements in composer.json
file
{
"repositories": [
{
"type": "git",
"url": "https://github.com/baniplus/wp-nonces.git"
}
],
"require": {
"vitalie/wp-nonces": "dev-master"
}
}
After successful installation, you can autoload WP_Nonces class in your project
require_once './vendor/autoload.php';
Make sure that is the right path to vendor
directory.
Use this class only in the WordPress environment.
$optional_settings = array(
'action' => '_your_action_name',
'nonce_name' => '_your_nonce_name'
);
$wp_nonces = new WP_Nonces( $optional_settings );
When is created the class object you can provide, optionally, global action
and nonce
name.
The WP_Nonce object has following public methods:
Use to display a message to confirm the action being taken.
$wp_nonces->message();
It uses the WordPress function wp_nonce_ays
.
Retrieve nonce hidden field for forms.
$wp_nonces->get_field();
And display it.
$wp_nonces->field();
Optionaly, you can provide action
, name
and referer
attributes to ovrewrite default values.
Retrieve URL with nonce added to URL query.
$wp_nonces->url( 'your-url.com' );
Optionaly, you can provide action
and name
attributes to ovrewrite default values.
Verify that correct nonce was used with a time limit.
$wp_nonces->verify( 'nonce_hash' );
Optionaly, you can provide action
attribute to ovrewrite default action value.
Creates a cryptographic token tied to a specific action, user, user session, and window of time.
$wp_nonces->create();
Optionaly, you can provide action
attribute to ovrewrite default action value.
Makes sure that a user was referred from another admin page.
$wp_nonces->check_admin_referer();
Optionaly, you can provide action
and query_arg
(same as name) attributes to ovrewrite default values.
Verifies the Ajax request to prevent processing requests external to the blog.
$wp_nonces->check_ajax_referer();
Optionaly, you can provide action
, query_arg
(same as name) and die
attributes to ovrewrite default values.
Retrieve referer hidden field for forms.
$wp_nonces->get_referer_field();
And display it.
$wp_nonces->referer_field();
It uses the WordPress function wp_referer_field
.
Before run tests, you need to have set WordPress Test environment. For more information please check this guide. WordPress Test Guide
When your WordPress test envirenoment is ready, please edit WP_TEST_PATH
from phpunit.xml.dist
<env name="WP_TEST_PATH" value="__Your_WordPress_Test_Path__" />
Run PHPUnit
command to start all tests.