WordPress函数文档check_admin_referer()
发布于
by
校验某个验证信息 描述 Tests either if the current request carries…
校验某个验证信息
描述
Tests either if the current request carries a valid nonce, or if the current request was referred from an administration screen; depending on whether the $action argument is given (which is prefered), or not, respectively. On failure, the function dies after calling the wp_nonce_ays() function.
Used to avoid security exploits.
The now improper name of the function is kept for backward compatibility and has origin in previous WordPress versions where the function only checked the referer. For details, see the Notes section below.
用法
Obsolete Usage
<?php check_admin_referer(); ?>
Prefered Usage
<?php check_admin_referer( $action, $query_arg ); ?>
参数
$action
(string) (可选) Action name. Should give the context to what is taking place. (Since 2.0.1).
默认值: -1
$query_arg
(string) (可选) Where to look for nonce in the $_REQUEST PHP variable. (Since 2.5).
默认值: ‘_wpnonce’
示例
Obsolete usage here (script dies if the admin referer is not validated).
|
1
2
3
4
|
/* ———————————-
* wordpress函数 kim收集
* ———————————- */
<?php check_admin_referer(); ?>
|
Here is an example of how you might use this in a plugin’s option page. You add a nonce to a form using the wp_nonce_field() function:
|
1
2
3
4
5
6
7
|
/* ———————————-
* wordpress函数 kim收集
* ———————————- */
<form method=“post”>
<!— some inputs here ... —>
<?php wp_nonce_field( ‘name_of_my_action’,‘name_of_nonce_field’ ); ?>
</form>
|
Then in the page where the form submits to, you can verify whether or not the form was submitted and update values if it was successfully submitted:
|
1
2
3
4
5
6
7
8
9
|
/* ———————————-
* wordpress函数 kim收集
* ———————————- */
<?php
// if this fails, check_admin_referer() will automatically print a “failed” page and die.
if ( ! empty( $_POST ) && check_admin_referer( ‘name_of_my_action’, ‘name_of_nonce_field’ ) ) {
// process form data, e.g. update fields
}
// Display the form
|
注意
- Using the function without the $action argument is obsolete and, as of Version 3.2, if WP_DEBUG is set to true will die with an appropriate message (“You should specify a nonce 动作 to be verified by using the first parameter.” is the default).
- As of 2.0.1, the referer is checked only if the $action argument is not specified (or set to the default -1) as a backward compatibility fallback for not using a nonce. A nonce is prefered to unreliable referers and with $action specified the function behaves the same way as wp_verify_nonce() except that it dies after calling wp_nonce_ays() if the nonce is not valid or was not sent.
历史
添加于 版本: 1.2.0
源文件
check_admin_referer() 函数的代码位于 wp-includes/pluggable.php.
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
/* ———————————-
* wordpress函数 kim收集
* ———————————- */
/**
* Makes sure that a user was referred from another admin page.
*
* To avoid security exploits.
*
* @since 1.2.0
*
* @param int|string $action Action nonce.
* @param string $query_arg Optional. Key to check for nonce in `$_REQUEST` (since 2.5).
* Default ‘_wpnonce’.
* @return false|int False if the nonce is invalid, 1 if the nonce is valid and generated between
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
function check_admin_referer( $action = –1, $query_arg = ‘_wpnonce’ ) {
if ( –1 == $action )
_doing_it_wrong( __FUNCTION__, __( ‘You should specify a nonce action to be verified by using the first parameter.’ ), ‘3.2’ );
$adminurl = strtolower(admin_url());
$referer = strtolower(wp_get_referer());
$result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
/**
* Fires once the admin request has been validated or not.
*
* @since 1.5.1
*
* @param string $action The nonce action.
* @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
* 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
*/
do_action( ‘check_admin_referer’, $action, $result );
if ( ! $result && ! ( –1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
wp_nonce_ays( $action );
die();
}
return $result;
}
endif;
if ( !function_exists(‘check_ajax_referer’) ) :
|
相关
Nonce functions: wp_explain_nonce(),
wp_nonce_ays(),
wp_nonce_field(),
wp_nonce_url(),
wp_verify_nonce(),
wp_create_nonce(),
check_admin_referer(),
check_ajax_referer(),
wp_referer_field()
Nonce hooks: nonce_life, nonce_user_logged_out, explain_nonce_(verb)-(noun), check_admin_referer
- WordPress Nonce Implementation
Resources
- PHP: die – Manual
- PHP: $_REQUEST – Manual
- Mark Jaquith – WordPress Nonces
- Vladimir Prelovac – Using Nonces in WordPress Plugins
- Cryptographic nonce – Wikipedia, the free encyclopedia
- wp_verify_nonce vs check_admin_referer – WordPress Answers
- 原文:http://codex.wordpress.org/Function_Reference/check_admin_referer
类别:WordPress函数文档、
本文收集自互联网,转载请注明来源。
如有侵权,请联系 wper_net@163.com 删除。
猜你喜欢GUESS YOU LIKE
定时任务:用ChatGPT api 以关键词和特定描述,自动写原创文章,并自动发布
朋友需要做一个用wordpress的定时任务,来做这个定时器。功能是,用ChatGPT api 以关键词和特定描述,自动写原创文章,并自动发布。他说代码的关键在于,需要定时自动发布不会写?看看下面的代码,我利用wordpress自带的定时任务函数wp_schedule_event()搞定,当然,关于GPT api 的使用,我就不赘述了。
最后更新
评论功能已经关闭!