A HitchHackers guide through WordPress

wp_verify_nonce

February 12, 2011 by Thorsten 0 Comments

Definition:
function wp_verify_nonce($nonce, $action = -1) {}

Verify that correct nonce was used with time limit.

The user is given an amount of time to use the token, so therefore, since the UID and $action remain the same, the independent variable is the time.

Parameters

string $nonce: Nonce that was used in the form to verify
string|int $action: Should give context to what is taking place and be the same when nonce was created.

Return values

returns:Whether the nonce check passed or failed.

Source code

function wp_verify_nonce($nonce, $action = -1) {

	$user = wp_get_current_user();

	$uid = (int) $user->ID;



	$i = wp_nonce_tick();



	// Nonce generated 0-12 hours ago

	if ( substr(wp_hash($i . $action . $uid, 'nonce'), -12, 10) == $nonce )

		return 1;

	// Nonce generated 12-24 hours ago

	if ( substr(wp_hash(($i - 1) . $action . $uid, 'nonce'), -12, 10) == $nonce )

		return 2;

	// Invalid nonce

	return false;

}

4259

/wp-includes/pluggable.php, Documentation, Files, Functions, Functions by letter w

codex, id2eaefcc5c3eed61fa12835e8e63b965f, wp_verify_nonce

wp_validate_redirect

February 12, 2011 by Thorsten 0 Comments

Definition:
function wp_validate_redirect($location, $default = '') {}

Validates a URL for use in a redirect.

Checks whether the $location is using an allowed host, if it has an absolute path. A plugin can therefore set or remove allowed host(s) to or from the list.

Parameters

string $location: The redirect to validate
string $default: The value to return is $location is not allowed

Return values

returns:redirect-sanitized URL

Defined filters

allowed_redirect_hosts
apply_filters('allowed_redirect_hosts', array($wpp['host'])

Source code

function wp_validate_redirect($location, $default = '') {

	// browsers will assume 'http' is your protocol, and will obey a redirect to a URL starting with '//'

	if ( substr($location, 0, 2) == '//' )

		$location = 'http:' . $location;



	// In php 5 parse_url may fail if the URL query part contains http://, bug #38143

	$test = ( $cut = strpos($location, '?') ) ? substr( $location, 0, $cut ) : $location;



	$lp  = parse_url($test);



	// Give up if malformed URL

	if ( false === $lp )

		return $default;



	// Allow only http and https schemes. No data:, etc.

	if ( isset($lp['scheme']) && !('http' == $lp['scheme'] || 'https' == $lp['scheme']) )

		return $default;



	// Reject if scheme is set but host is not. This catches urls like https:host.com for which parse_url does not set the host field.

	if ( isset($lp['scheme'])  && !isset($lp['host']) )

		return $default;



	$wpp = parse_url(home_url());



	$allowed_hosts = (array) apply_filters('allowed_redirect_hosts', array($wpp['host']), isset($lp['host']) ? $lp['host'] : '');



	if ( isset($lp['host']) && ( !in_array($lp['host'], $allowed_hosts) && $lp['host'] != strtolower($wpp['host'])) )

		$location = $default;



	return $location;

}

4257

/wp-includes/pluggable.php, Documentation, Files, Filters, Filters by letter a, Functions, Functions by letter w

allowed_redirect_hosts, idd61e65fbcee3d1166be404687c9f208c, wp_validate_redirect

wp_validate_auth_cookie

February 12, 2011 by Thorsten 0 Comments

Definition:
function wp_validate_auth_cookie($cookie = '', $scheme = '') {}

Validates authentication cookie.

The checks include making sure that the authentication cookie is set and pulling in the contents (if $cookie is not used).

Parameters

string $cookie: Optional. If used, will validate contents instead of cookie’s
string $scheme: Optional. The cookie scheme to use: auth, secure_auth, or logged_in

Return values

returns:False if invalid cookie, User ID if valid.

Defined actions

auth_cookie_malformed
do_action('auth_cookie_malformed', $cookie, $scheme);
auth_cookie_expired
do_action('auth_cookie_expired', $cookie_elements);
auth_cookie_bad_username
do_action('auth_cookie_bad_username', $cookie_elements);
auth_cookie_bad_hash
do_action('auth_cookie_bad_hash', $cookie_elements);
auth_cookie_valid
do_action('auth_cookie_valid', $cookie_elements, $user);

Source code

function wp_validate_auth_cookie($cookie = '', $scheme = '') {

	if ( ! $cookie_elements = wp_parse_auth_cookie($cookie, $scheme) ) {

		do_action('auth_cookie_malformed', $cookie, $scheme);

		return false;

	}



	extract($cookie_elements, EXTR_OVERWRITE);



	$expired = $expiration;



	// Allow a grace period for POST and AJAX requests

	if ( defined('DOING_AJAX') || 'POST' == $_SERVER['REQUEST_METHOD'] )

		$expired += 3600;



	// Quick check to see if an honest cookie has expired

	if ( $expired < time() ) {

		do_action('auth_cookie_expired', $cookie_elements);

		return false;

	}



	$user = get_user_by('login', $username);

	if ( ! $user ) {

		do_action('auth_cookie_bad_username', $cookie_elements);

		return false;

	}



	$pass_frag = substr($user->user_pass, 8, 4);



	$key = wp_hash($username . $pass_frag . '|' . $expiration, $scheme);

	$hash = hash_hmac('md5', $username . '|' . $expiration, $key);



	if ( $hmac != $hash ) {

		do_action('auth_cookie_bad_hash', $cookie_elements);

		return false;

	}



	if ( $expiration < time() ) // AJAX/POST grace period set above

		$GLOBALS['login_grace_period'] = 1;



	do_action('auth_cookie_valid', $cookie_elements, $user);



	return $user->ID;

}

4255

/wp-includes/pluggable.php, Actions, Actions by letter a, Documentation, Files, Functions, Functions by letter w

auth_cookie_bad_hash, auth_cookie_bad_username, auth_cookie_expired, auth_cookie_malformed, auth_cookie_valid, idc7daf911a30ca8a0795a5b3d96c8e57e, wp_validate_auth_cookie

wp_user_settings

February 12, 2011 by Thorsten 0 Comments

Definition:
function wp_user_settings() {}

Saves and restores user interface settings stored in a cookie.

Checks if the current user-settings cookie is updated and stores it. When no cookie exists (different browser used), adds the last saved cookie restoring the settings.

Source code

function wp_user_settings() {



	if ( ! is_admin() )

		return;



	if ( defined('DOING_AJAX') )

		return;



	if ( ! $user = wp_get_current_user() )

		return;



	$settings = get_user_option( 'user-settings', $user->ID );



	if ( isset( $_COOKIE['wp-settings-' . $user->ID] ) ) {

		$cookie = preg_replace( '/[^A-Za-z0-9=&_]/', '', $_COOKIE['wp-settings-' . $user->ID] );



		if ( ! empty( $cookie ) && strpos( $cookie, '=' ) ) {

			if ( $cookie == $settings )

				return;



			$last_time = (int) get_user_option( 'user-settings-time', $user->ID );

			$saved = isset( $_COOKIE['wp-settings-time-' . $user->ID]) ? preg_replace( '/[^0-9]/', '', $_COOKIE['wp-settings-time-' . $user->ID] ) : 0;



			if ( $saved > $last_time ) {

				update_user_option( $user->ID, 'user-settings', $cookie, false );

				update_user_option( $user->ID, 'user-settings-time', time() - 5, false );

				return;

			}

		}

	}



	setcookie( 'wp-settings-' . $user->ID, $settings, time() + 31536000, SITECOOKIEPATH );

	setcookie( 'wp-settings-time-' . $user->ID, time(), time() + 31536000, SITECOOKIEPATH );

	$_COOKIE['wp-settings-' . $user->ID] = $settings;

}

4253

/wp-includes/functions.php, Documentation, Files, Functions, Functions by letter w

id2ee3679af1499080e34d15a0eeb6e46a, wp_user_settings

wp_upload_dir

February 12, 2011 by Thorsten 0 Comments

Definition:
function wp_upload_dir( $time = null ) {}

Get an array containing the current upload directory’s path and url.

Checks the ‘upload_path’ option, which should be from the web root folder, and if it isn’t empty it will be used. If it is empty, then the path will be ‘WP_CONTENT_DIR/uploads’. If the ‘UPLOADS’ constant is defined, then it will override the ‘upload_path’ option and ‘WP_CONTENT_DIR/uploads’ path.

Parameters

string $time: Optional. Time formatted in ‘yyyy/mm’.

Return values

returns:See above for description.

Defined filters

upload_dir
apply_filters( 'upload_dir', array( 'path' => $dir, 'url' => $url, 'subdir' => $subdir, 'basedir' => $bdir, 'baseurl' => $burl, 'error' => false )

Source code

function wp_upload_dir( $time = null ) {

	global $switched;

	$siteurl = get_option( 'siteurl' );

	$upload_path = get_option( 'upload_path' );

	$upload_path = trim($upload_path);

	$main_override = is_multisite() && defined( 'MULTISITE' ) && is_main_site();

	if ( empty($upload_path) ) {

		$dir = WP_CONTENT_DIR . '/uploads';

	} else {

		$dir = $upload_path;

		if ( 'wp-content/uploads' == $upload_path ) {

			$dir = WP_CONTENT_DIR . '/uploads';

		} elseif ( 0 !== strpos($dir, ABSPATH) ) {

			// $dir is absolute, $upload_path is (maybe) relative to ABSPATH

			$dir = path_join( ABSPATH, $dir );

		}

	}



	if ( !$url = get_option( 'upload_url_path' ) ) {

		if ( empty($upload_path) || ( 'wp-content/uploads' == $upload_path ) || ( $upload_path == $dir ) )

			$url = WP_CONTENT_URL . '/uploads';

		else

			$url = trailingslashit( $siteurl ) . $upload_path;

	}



	if ( defined('UPLOADS') && !$main_override && ( !isset( $switched ) || $switched === false ) ) {

		$dir = ABSPATH . UPLOADS;

		$url = trailingslashit( $siteurl ) . UPLOADS;

	}



	if ( is_multisite() && !$main_override && ( !isset( $switched ) || $switched === false ) ) {

		if ( defined( 'BLOGUPLOADDIR' ) )

			$dir = untrailingslashit(BLOGUPLOADDIR);

		$url = str_replace( UPLOADS, 'files', $url );

	}



	$bdir = $dir;

	$burl = $url;



	$subdir = '';

	if ( get_option( 'uploads_use_yearmonth_folders' ) ) {

		// Generate the yearly and monthly dirs

		if ( !$time )

			$time = current_time( 'mysql' );

		$y = substr( $time, 0, 4 );

		$m = substr( $time, 5, 2 );

		$subdir = "/$y/$m";

	}



	$dir .= $subdir;

	$url .= $subdir;



	$uploads = apply_filters( 'upload_dir', array( 'path' => $dir, 'url' => $url, 'subdir' => $subdir, 'basedir' => $bdir, 'baseurl' => $burl, 'error' => false ) );



	// Make sure we have an uploads dir

	if ( ! wp_mkdir_p( $uploads['path'] ) ) {

		$message = sprintf( __( 'Unable to create directory %s. Is its parent directory writable by the server?' ), $uploads['path'] );

		return array( 'error' => $message );

	}



	return $uploads;

}

4251

/wp-includes/functions.php, Documentation, Files, Filters, Filters by letter u, Functions, Functions by letter w

codex, id5e8cccb25e309e712afb96636d311ee0, upload_dir, wp_upload_dir

Newer Entries

Older Entries

Ouch, we don’t have this here!

It seems that we do not have anything about this topic here, but you might want to do one of the following. If you were searching for a php function head over to the php manual and use one of their entry points

If you were searching for a WordPress related topic and did not find it here try one of the following options.

Use the search form in the navigation bar above
Use the WordPress search

If nothing like this helps try using Google or an other search engine

Google
Bing

Golden Q&A rules

Search first

Be sure that you first search in Google, the WordPress forums, Codex or this site ( using the form in the menu ). Sharing your previous results helps narrowing down the problem if you also tell us what you found and why it didn’t serve your needs.

Be specific

Give as much details about your problem as possible. Make sure to include examples, links and context related to your problem.

Be WordPress related

This site focuses on WordPress and related topics. Please make sure that your question is related to WordPress code, functionality or other related topics.

Be nice

Please keep in mind that this is a voluntary service. Answers might not always be correct or what you expect. Please be nice and let us know if any inappropriate answers come to your attention.

Latest
Popular
Comments

Speed up WordPress when you have a lot of terms February 15, 2014
WordPress Importer with remote lookup for assets. February 15, 2014
It’s been a while! Sorry for neglecting you! September 4, 2013
Cache posts in category/tag/taxonomy for better performing content blocks May 10, 2012
Lost in time(zones)? http://localtime.at can help May 5, 2012

WordPress Syntax mode for Panic Coda February 18, 2011
wp_save_image February 12, 2011
wp_tiny_mce February 12, 2011
Initialize WordPress from a PHP CLI script July 22, 2011
Caching WordPress navigation menus – wp_nav_menu() wrapper October 7, 2011

A HitchHackers guide through WordPress

wp_verify_nonce

Parameters

Return values

Source code

wp_validate_redirect

Parameters

Return values

Defined filters

Source code

wp_validate_auth_cookie

Parameters

Return values

Defined actions

Source code

wp_user_settings

Source code

wp_upload_dir

Parameters

Return values

Defined filters

Source code

Ouch, we don’t have this here!

Golden Q&A rules

Search first

Be specific

Be WordPress related

Be nice

Buy us a coffee.

Categories

WP-Cron.com Links

My random code snippets

Email Subscription

Feed subscriptions

Latest tweets

Recent Posts