wpseek.com
Eine auf WordPress spezialiserte Suchmaschine für Entwickler und Theme-Autoren
check_admin_referer › WordPress Function
Seit1.2.0
Veraltetn/v
› check_admin_referer ( $action = -1, $query_arg = '_wpnonce' )
| Parameter: (2) |
|
| Gibt zurück: |
|
| Definiert in: |
|
| Codex: | |
| Changelog: |
|
Ensures intent by verifying that a user was referred from another admin page with the correct security nonce.
This function ensures the user intends to perform a given action, which helps protect against clickjacking style
attacks. It verifies intent, not authorisation, therefore it does not verify the user's capabilities. This should
be performed with current_user_can() or similar.
If the nonce value is invalid, the function will exit with an "Are You Sure?" style message.
Ähnliche Funktionen: check_ajax_referer, check_password_reset_key, check_upload_mimes, wp_admin_bar_render, _get_admin_bar_pref
Quellcode
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
if ( -1 == $action ) {
_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' );
}
$adminurl = strtolower( admin_url() );
$referer = strtolower( wp_get_referer() );
$result = isset( $_REQUEST[ $query_arg ] ) ? wp_verify_nonce( $_REQUEST[ $query_arg ], $action ) : false;
/**
* Fires once the admin request has been validated or not.
*
* @since 1.5.1
*
* @param string $action The nonce action.
* @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
do_action( 'check_admin_referer', $action, $result );
if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
wp_nonce_ays( $action );
die();
}
return $result;
}
endif;
if ( ! function_exists( 'check_ajax_referer' ) ) :