Eine auf WordPress spezialiserte Suchmaschine für Entwickler und Theme-Autoren



check_admin_referer ›

Seit1.2.0
Veraltetn/v
check_admin_referer ( $action = -1, $query_arg = '_wpnonce' )
Parameter: (2)
  • (int|string) $action Action nonce.
    Erforderlich: Nein
    Standard: -1
  • (string) $query_arg Optional. Key to check for nonce in `$_REQUEST` (since 2.5). Default '_wpnonce'.
    Erforderlich: Nein
    Standard: '_wpnonce'
Gibt zurück:
  • (false|int) False if the nonce is invalid, 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
Definiert in:
Codex:

Makes sure that a user was referred from another admin page.

To avoid security exploits.



Ähnliche Funktionen: check_ajax_referer, check_password_reset_key, check_upload_mimes, wp_admin_bar_render, _get_admin_bar_pref

Quellcode 

function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
		if ( -1 == $action ) {
			_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
		}

		$adminurl = strtolower( admin_url() );
		$referer  = strtolower( wp_get_referer() );
		$result   = isset( $_REQUEST[ $query_arg ] ) ? wp_verify_nonce( $_REQUEST[ $query_arg ], $action ) : false;

		/**
		 * Fires once the admin request has been validated or not.
		 *
		 * @since 1.5.1
		 *
		 * @param string    $action The nonce action.
		 * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
		 *                          0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
		 */
		do_action( 'check_admin_referer', $action, $result );

		if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
			wp_nonce_ays( $action );
			die();
		}

		return $result;
	}
endif;

if ( ! function_exists( 'check_ajax_referer' ) ) :