WP_Recovery_Mode_Cookie_Service::validate_cookie()publicWP 5.2.0

Validates the recovery mode cookie.

Method of the class: WP_Recovery_Mode_Cookie_Service{}

Hooks from the method

Return

true|WP_Error. True on success, error object on failure.

Usage

$WP_Recovery_Mode_Cookie_Service = new WP_Recovery_Mode_Cookie_Service();
$WP_Recovery_Mode_Cookie_Service->validate_cookie( $cookie );
$cookie(string)
Optionally specify the cookie string. If omitted, it will be retrieved from the super global.
Default: ''

Changelog

Since 5.2.0 Introduced.

WP_Recovery_Mode_Cookie_Service::validate_cookie() code WP 6.4.3

public function validate_cookie( $cookie = '' ) {

	if ( ! $cookie ) {
		if ( empty( $_COOKIE[ RECOVERY_MODE_COOKIE ] ) ) {
			return new WP_Error( 'no_cookie', __( 'No cookie present.' ) );
		}

		$cookie = $_COOKIE[ RECOVERY_MODE_COOKIE ];
	}

	$parts = $this->parse_cookie( $cookie );

	if ( is_wp_error( $parts ) ) {
		return $parts;
	}

	list( , $created_at, $random, $signature ) = $parts;

	if ( ! ctype_digit( $created_at ) ) {
		return new WP_Error( 'invalid_created_at', __( 'Invalid cookie format.' ) );
	}

	/** This filter is documented in wp-includes/class-wp-recovery-mode-cookie-service.php */
	$length = apply_filters( 'recovery_mode_cookie_length', WEEK_IN_SECONDS );

	if ( time() > $created_at + $length ) {
		return new WP_Error( 'expired', __( 'Cookie expired.' ) );
	}

	$to_sign = sprintf( 'recovery_mode|%s|%s', $created_at, $random );
	$hashed  = $this->recovery_mode_hash( $to_sign );

	if ( ! hash_equals( $signature, $hashed ) ) {
		return new WP_Error( 'signature_mismatch', __( 'Invalid cookie.' ) );
	}

	return true;
}