rest_cookie_check_errors()
最后更新于:2021-11-27 23:33:51
rest_cookie_check_errors( GC_Error|mixed$result)Checks for errors when using cookie-based authentication.
参数
- $result
-
(GC_Error|mixed) (Required) Error from another authentication handler, null if we should handle it, or another value if not.
响应
(GC_Error|mixed|bool) GC_Error if the cookie is invalid, the $result, otherwise true.
源文件
文件: gc-includes/rest-api.php
function rest_cookie_check_errors( $result ) {
if ( ! empty( $result ) ) {
return $result;
}
global $gc_rest_auth_cookie;
/*
* Is cookie authentication being used? (If we get an auth
* error, but we're still logged in, another authentication
* must have been used).
*/
if ( true !== $gc_rest_auth_cookie && is_user_logged_in() ) {
return $result;
}
// Determine if there is a nonce.
$nonce = null;
if ( isset( $_REQUEST['_gcnonce'] ) ) {
$nonce = $_REQUEST['_gcnonce'];
} elseif ( isset( $_SERVER['HTTP_X_GC_NONCE'] ) ) {
$nonce = $_SERVER['HTTP_X_GC_NONCE'];
}
if ( null === $nonce ) {
// No nonce at all, so act as if it's an unauthenticated request.
gc_set_current_user( 0 );
return true;
}
// Check the nonce.
$result = gc_verify_nonce( $nonce, 'gc_rest' );
if ( ! $result ) {
return new GC_Error( 'rest_cookie_invalid_nonce', __( 'Cookie check failed' ), array( 'status' => 403 ) );
}
// Send a refreshed nonce in header.
rest_get_server()->send_header( 'X-GC-Nonce', gc_create_nonce( 'gc_rest' ) );
return true;
}