ympervej/wp-oop-nonces-csrf

This package enables the wordpress nonce function in an object-oriented environment

WordPress Nonces in OOP Environment

A composer package, which serves the functionality working with WordPress Nonces in an object orientated environment., _(*1)

Requirement

Wordpress Version: Minimum 4.8
PHP Version: Minimum 5.6
PHP Unit Version: 5

Installation

Add this package as requirement at your composer.json file and then run 'composer update', _(*2)

"ympervej/wp-oop-nonces-csrf": "1.0.*"

Or directly run, _(*3)

composer require ympervej/wp-oop-nonces-csrf

Usage

add to your functions.php, in the active theme, _(*4)

// Autoload files using Composer autoload
require __DIR__ . '/vendor/autoload.php';

Examples

Create a nonce

This will creates a cryptographic token tied to a specific action

# Arguments string or int $action Scalar value to add context to the nonce.

# Return The token.

$Wp_Csrf_Nonce = new \wp_oop_nonce_csrf\Wp_Oop_Nonces_Csrf();
$csrf_nonce_create = $Wp_Csrf_Nonce->wp_oop_create_nonce( $action );

For example:, _(*5)

<a href='my_url.php?nonce_something=nonce_action&_wpnonce=<?php echo $csrf_nonce_create; ?>'>Your Nonce Action</a>

Verify a nonce

Verify that correct nonce was used with time limit.

# Arguments $nonce and $action.

# Return Boolean or 1.

$Wp_Csrf_Nonce = new \wp_oop_nonce_csrf\Wp_Oop_Nonces_Csrf();
$csrf_nonce_verify = $Wp_Csrf_Nonce->wp_oop_verify_nonce( $nonce, $action );

Add a nonce to a URL

Retrieve URL with nonce added to URL query.

# Arguments $action_url and $action and $name.

# Return Escaped URL with nonce action added.

$Wp_Csrf_Nonce = new \wp_oop_nonce_csrf\Wp_Oop_Nonces_Csrf();
$csrf_nonce_url = $Wp_Csrf_Nonce->wp_oop_nonce_csrf_URL($action_url, $action, $name );

Add a nonce to a form

Retrieve URL with nonce added to URL query.

# Arguments action, $name, $referer, $echo.

# Return Nonce field HTML markup.

$Wp_Csrf_Nonce = new \wp_oop_nonce_csrf\Wp_Oop_Nonces_Csrf();
$csrf_nonce_field = $Wp_Csrf_Nonce->wp_oop_nonce_csrf_field(action, $name, $referer, $echo );

Ajax Nonce Verification

Verify a nonce passed in an AJAX request

# Arguments $action, $query_arg, $die.

# Return Boolean or 1.

$Wp_Csrf_Nonce = new \wp_oop_nonce_csrf\Wp_Oop_Nonces_Csrf();
$csrf_nonce_ajax_ref = $Wp_Csrf_Nonce->wp_oop_nonce_csrf_checka_ajax_referer($action, $query_arg, $die);

Admin Nonce Verification.

Makes sure that a user was referred from another admin page.

# Arguments $action, $query_arg.

# Return Boolean or 1.

$Wp_Csrf_Nonce = new \wp_oop_nonce_csrf\Wp_Oop_Nonces_Csrf();
$csrf_nonce_admin_ref = $Wp_Csrf_Nonce->wp_oop_nonce_csrf_check_admin_referer($action, $query_arg);

Display Nonce Action Message.

This will display 'Are you sure you want to do this?' message to confirm the action being taken.

# Arguments $action.

# Return Boolean or 1.

$Wp_Csrf_Nonce = new \wp_oop_nonce_csrf\Wp_Oop_Nonces_Csrf();
$csrf_action_text = $Wp_Csrf_Nonce->wp_oop_nonce_csrf_ays($action);

Retrieve or display referer hidden field for forms.

The referer link is the current Request URI from the server super global.

# Arguments $echo Boolean.

# Return Referer field HTML markup.

$Wp_Csrf_Nonce = new \wp_oop_nonce_csrf\Wp_Oop_Nonces_Csrf();
$csrf_refer_field = $Wp_Csrf_Nonce->wp_oop_nonce_csrf_referer_field($echo);

How to run Unit Tests

1. In Terminal Run this

$ CD /wordpress/your-theme-folder/wp-oop-nonces-csrf

1. Install PHP Unit on dev

$ composer require --dev phpunit/phpunit:~5

1. Copy the Test Directory from "/vendor/ympervej/wp-oop-nonces-csrf/tests" to "your-theme-folder/wp-oop-nonces-csrf", _(*6)

2. Run Composer Update, _(*7)

$ composer update

1. Run This in Terminal to test

$ ./vendor/bin/phpunit --bootstrap vendor/autoload.php tests/WpOopCsrfTest

1. You can also test with this

$ ./vendor/bin/phpunit --bootstrap vendor/autoload.php --testdox tests

Thanks to

• Wordpress Nonces Documentation
• PHP Unit Testing Documentation

License

MIT, _(*8)