Advertisements

check_admin_referer

Definition:
function check_admin_referer($action = -1, $query_arg = '_wpnonce') {}

Makes sure that a user was referred from another admin page.
To avoid security exploits.

Parameters

  • string $action: Action nonce
  • string $query_arg: where to look for nonce in $_REQUEST (since 2.5)

Defined actions

  • check_admin_referer
    do_action('check_admin_referer', $action, $result);

Source code

function check_admin_referer($action = -1, $query_arg = '_wpnonce') {

	if ( -1 == $action )

		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2' );



	$adminurl = strtolower(admin_url());

	$referer = strtolower(wp_get_referer());

	$result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;

	if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) {

		wp_nonce_ays($action);

		die();

	}

	do_action('check_admin_referer', $action, $result);

	return $result;

}endif;

593

Advertisements

No comments yet... Be the first to leave a reply!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: