Home

check_admin_referer

February 11, 2011 by Thorsten 0 Comments

Definition:
function check_admin_referer($action = -1, $query_arg = '_wpnonce') {}

Makes sure that a user was referred from another admin page.
To avoid security exploits.

Parameters

  • string $action: Action nonce
  • string $query_arg: where to look for nonce in $_REQUEST (since 2.5)

Defined actions

  • check_admin_referer
    do_action('check_admin_referer', $action, $result);

Source code

function check_admin_referer($action = -1, $query_arg = '_wpnonce') {

	if ( -1 == $action )

		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );



	$adminurl = strtolower(admin_url());

	$referer = strtolower(wp_get_referer());

	$result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;

	if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) {

		wp_nonce_ays($action);

		die();

	}

	do_action('check_admin_referer', $action, $result);

	return $result;

}endif;

593

/wp-includes/pluggable.php, Actions, Actions by letter c, Documentation, Files, Functions, Functions by letter c
, ,

No comments yet... Be the first to leave a reply!

Leave a comment