[ Index ]

PHP Cross Reference of WordPress

title

Body

[close]

/wp-includes/ -> class-wp-recovery-mode-cookie-service.php (summary)

[Source view] [Print] [Project Stats]

Error Protection API: WP_Recovery_Mode_Cookie_Service class

File Size: 234 lines (6 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 1 file
 wp-includes/pluggable.php

Defines 8 functions

  is_cookie_set()
  set_cookie()
  clear_cookie()
  validate_cookie()
  get_session_id_from_cookie()
  parse_cookie()
  generate_cookie()
  recovery_mode_hash()

Functions
Functions that are not part of a class:

is_cookie_set()   X-Ref
Checks whether the recovery mode cookie is set.

return: bool True if the cookie is set, false otherwise.
since: 5.2.0

set_cookie()   X-Ref
Sets the recovery mode cookie.

This must be immediately followed by exiting the request.

since: 5.2.0

clear_cookie()   X-Ref
Clears the recovery mode cookie.

since: 5.2.0

validate_cookie( $cookie = '' )   X-Ref
Validates the recovery mode cookie.

return: true|WP_Error True on success, error object on failure.
param: string $cookie Optionally specify the cookie string.
since: 5.2.0

get_session_id_from_cookie( $cookie = '' )   X-Ref
Gets the session identifier from the cookie.

The cookie should be validated before calling this API.

return: string|WP_Error Session ID on success, or error object on failure.
param: string $cookie Optionally specify the cookie string.
since: 5.2.0

parse_cookie( $cookie )   X-Ref
Parses the cookie into its four parts.

return: array|WP_Error Cookie parts array, or error object on failure.
param: string $cookie Cookie content.
since: 5.2.0

generate_cookie()   X-Ref
Generates the recovery mode cookie value.

The cookie is a base64 encoded string with the following format:

recovery_mode|iat|rand|signature

Where "recovery_mode" is a constant string,
iat is the time the cookie was generated at,
rand is a randomly generated password that is also used as a session identifier
and signature is an hmac of the preceding 3 parts.

return: string Generated cookie content.
since: 5.2.0

recovery_mode_hash( $data )   X-Ref
Gets a form of `wp_hash()` specific to Recovery Mode.

We cannot use `wp_hash()` because it is defined in `pluggable.php` which is not loaded until after plugins are loaded,
which is too late to verify the recovery mode cookie.

This tries to use the `AUTH` salts first, but if they aren't valid specific salts will be generated and stored.

return: string|false The hashed $data, or false on failure.
param: string $data Data to hash.
since: 5.2.0


Generated: Tue Oct 28 01:00:02 2025 Cross-referenced by PHPXref 0.7.1