验证AJAX请求以阻止执行来自博客外部的请求

描述

译文

该函数可由插件代替。若插件无法重新定义函数，则使用该函数。

该函数验证AJAX请求以阻止执行来自博客外部的请求。

原文

This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead.

Verifies the AJAX request to prevent processing requests external of the blog.

用法

<?php check_ajax_referer( $action, $query_arg, $die ) ?>

参数

$action

(string) (可选) Action nonce

默认值: -1

$query_arg

(string) (可选) where to look for nonce in $_REQUEST (since 2.5)

默认值: false

$die

(boolean) (可选) whether to die if the nonce is invalid

默认值: true

返回值

(boolean) 

If parameter $die is set to false this function will return a boolean of true if check passes or false if check fails

示例

In your main file, set the nonce like this:

In your ajax file, check the referrer like this:

注意

• This function can be replaced via plugins. If plugins do not redefine these functions, then this will be used instead.
• If $query_arg is not specified (i.e. defaults to false), then the function will look for the nonce in ‘_ajax_nonce’. If that is not set, then it will assume that the nonce is in ‘_wpnonce’, regardless of whether that query arg actually exists.
• If $die is set to true, execution of the script will be stopped if the nonce cannot be verified, and the output will be ‘-1’.

历史

• 添加于 版本: 2.0.4

源文件

check_ajax_referer() 函数的代码位于 wp-includes/pluggable.php.

相关

Nonce functions: wp_explain_nonce(),
wp_nonce_ays(),
wp_nonce_field(),
wp_nonce_url(),
wp_verify_nonce(),
wp_create_nonce(),
check_admin_referer(),
check_ajax_referer(),
wp_referer_field()

WordPress Nonce Implementation

• Mark Jaquith – WordPress Nonces
• Vladimir Prelovac – Using Nonces in WordPress Plugins
• Wikipedia: Cryptographic Nonce

• 原文：http://codex.wordpress.org/Function_Reference/check_ajax_referer