From ed83c6aae8a19169198249e9c4ad7de40fe9c806 Mon Sep 17 00:00:00 2001 From: Sergey Biryukov Date: Tue, 25 Apr 2023 14:55:28 +0000 Subject: [PATCH] General: Don't pass `$action` to `wp_get_session_token()` in `wp_create_nonce()`. The parameter appears to have been passed by accident, as the function does not accept any parameters. Follow-up to [54218]. Props malavvasita, hztyfoon, dd32. Fixes #58181. git-svn-id: https://develop.svn.wordpress.org/trunk@55685 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/pluggable.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php index 8081f9e62c..2a93f91325 100644 --- a/src/wp-includes/pluggable.php +++ b/src/wp-includes/pluggable.php @@ -2359,7 +2359,7 @@ if ( ! function_exists( 'wp_create_nonce' ) ) : $uid = apply_filters( 'nonce_user_logged_out', $uid, $action ); } - $token = wp_get_session_token( $action ); + $token = wp_get_session_token(); $i = wp_nonce_tick( $action ); return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );