Question

check_ajax_referer( int|string $action = -1,  false|string $query_arg = false,  bool $die = true )

Verifies the Ajax request to prevent processing requests external of the blog.

---

description

---

参数

$action

(int|string) (Optional) Action nonce.

Default value: -1

$query_arg

(false|string) (Optional) Key to check for the nonce in $_REQUEST (since 2.5). If false, $_REQUEST values will be evaluated for '_ajax_nonce', and '_wpnonce' (in that order).

Default value: false

$die

(bool) (Optional) Whether to die early when the nonce cannot be verified.

Default value: true

---

返回值

(false|int) False if the nonce is invalid, 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.

---

源代码

File: wp-includes/pluggable.php

function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
	if ( -1 == $action ) {
		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '4.7' );
	}

	$nonce = '';

	if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
		$nonce = $_REQUEST[ $query_arg ];
	elseif ( isset( $_REQUEST['_ajax_nonce'] ) )
		$nonce = $_REQUEST['_ajax_nonce'];
	elseif ( isset( $_REQUEST['_wpnonce'] ) )
		$nonce = $_REQUEST['_wpnonce'];

	$result = wp_verify_nonce( $nonce, $action );

	/**
	 * Fires once the Ajax request has been validated or not.
	 *
	 * @since 2.1.0
	 *
	 * @param string    $action The Ajax nonce action.
	 * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
	 *                          0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
	 */
	do_action( 'check_ajax_referer', $action, $result );

	if ( $die && false === $result ) {
		if ( wp_doing_ajax() ) {
			wp_die( -1, 403 );
		} else {
			die( '-1' );
		}
	}

	return $result;
}

---

更新日志

Version	description
2.0.3	Introduced.

---

相关函数

Uses

• wp-includes/load.php: wp_doing_ajax()
• wp-includes/l10n.php: __()
• wp-includes/pluggable.php: wp_verify_nonce()
• wp-includes/pluggable.php: check_ajax_referer
• wp-includes/functions.php: _doing_it_wrong()
• wp-includes/functions.php: wp_die()
• wp-includes/plugin.php: do_action()
Show 2 more uses Hide more uses

---

Used By

• wp-admin/includes/ajax-actions.php: wp_ajax_get_community_events()
• wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::ajax_insert_auto_draft_post()
• wp-admin/includes/ajax-actions.php: wp_ajax_search_install_plugins()
• wp-admin/includes/ajax-actions.php: wp_ajax_delete_plugin()
• wp-admin/includes/ajax-actions.php: wp_ajax_search_plugins()
• wp-admin/includes/ajax-actions.php: wp_ajax_install_theme()
• wp-admin/includes/ajax-actions.php: wp_ajax_update_theme()
• wp-admin/includes/ajax-actions.php: wp_ajax_delete_theme()
• wp-admin/includes/ajax-actions.php: wp_ajax_install_plugin()
• wp-admin/includes/ajax-actions.php: wp_ajax_get_post_thumbnail_html()
• wp-admin/includes/ajax-actions.php: wp_ajax_save_wporg_username()
• wp-admin/includes/ajax-actions.php: wp_ajax_delete_inactive_widgets()
• wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::ajax_load_available_items()
• wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::ajax_search_available_items()
• wp-admin/includes/ajax-actions.php: wp_ajax_crop_image()
• wp-admin/includes/ajax-actions.php: wp_ajax_update_plugin()
• wp-admin/custom-background.php: Custom_Background::ajax_background_add()
• wp-admin/includes/ajax-actions.php: wp_ajax_save_attachment_order()
• wp-admin/includes/ajax-actions.php: wp_ajax_send_attachment_to_editor()
• wp-admin/includes/ajax-actions.php: wp_ajax_send_link_to_editor()
• wp-admin/includes/ajax-actions.php: wp_ajax_save_user_color_scheme()
• wp-admin/includes/ajax-actions.php: wp_ajax_save_widget()
• wp-admin/includes/ajax-actions.php: wp_ajax_upload_attachment()
• wp-admin/includes/ajax-actions.php: wp_ajax_image_editor()
• wp-admin/includes/ajax-actions.php: wp_ajax_set_post_thumbnail()
• wp-admin/includes/ajax-actions.php: wp_ajax_wp_fullscreen_save_post()
• wp-admin/includes/ajax-actions.php: wp_ajax_wp_remove_post_lock()
• wp-admin/includes/ajax-actions.php: wp_ajax_save_attachment()
• wp-admin/includes/ajax-actions.php: wp_ajax_save_attachment_compat()
• wp-admin/includes/ajax-actions.php: wp_ajax_add_menu_item()
• wp-admin/includes/ajax-actions.php: wp_ajax_add_meta()
• wp-admin/includes/ajax-actions.php: wp_ajax_add_user()
• wp-admin/includes/ajax-actions.php: wp_ajax_closed_postboxes()
• wp-admin/includes/ajax-actions.php: wp_ajax_hidden_columns()
• wp-admin/includes/ajax-actions.php: wp_ajax_update_welcome_panel()
• wp-admin/includes/ajax-actions.php: wp_ajax_wp_link_ajax()
• wp-admin/includes/ajax-actions.php: wp_ajax_menu_locations_save()
• wp-admin/includes/ajax-actions.php: wp_ajax_meta_box_order()
• wp-admin/includes/ajax-actions.php: wp_ajax_get_permalink()
• wp-admin/includes/ajax-actions.php: wp_ajax_sample_permalink()
• wp-admin/includes/ajax-actions.php: wp_ajax_inline_save()
• wp-admin/includes/ajax-actions.php: wp_ajax_inline_save_tax()
• wp-admin/includes/ajax-actions.php: wp_ajax_find_posts()
• wp-admin/includes/ajax-actions.php: wp_ajax_widgets_order()
• wp-admin/includes/ajax-actions.php: _wp_ajax_add_hierarchical_term()
• wp-admin/includes/ajax-actions.php: wp_ajax_delete_comment()
• wp-admin/includes/ajax-actions.php: wp_ajax_delete_tag()
• wp-admin/includes/ajax-actions.php: wp_ajax_delete_link()
• wp-admin/includes/ajax-actions.php: wp_ajax_delete_meta()
• wp-admin/includes/ajax-actions.php: wp_ajax_delete_post()
• wp-admin/includes/ajax-actions.php: wp_ajax_trash_post()
• wp-admin/includes/ajax-actions.php: wp_ajax_delete_page()
• wp-admin/includes/ajax-actions.php: wp_ajax_dim_comment()
• wp-admin/includes/ajax-actions.php: wp_ajax_add_link_category()
• wp-admin/includes/ajax-actions.php: wp_ajax_add_tag()
• wp-admin/includes/ajax-actions.php: wp_ajax_get_comments()
• wp-admin/includes/ajax-actions.php: wp_ajax_replyto_comment()
• wp-admin/includes/ajax-actions.php: wp_ajax_edit_comment()
• wp-admin/includes/ajax-actions.php: wp_ajax_fetch_list()
• wp-admin/includes/ajax-actions.php: wp_ajax_wp_compression_test()
• wp-admin/includes/ajax-actions.php: wp_ajax_imgedit_preview()
• wp-admin/custom-header.php: Custom_Image_Header::ajax_header_crop()
• wp-admin/custom-header.php: Custom_Image_Header::ajax_header_add()
• wp-admin/custom-header.php: Custom_Image_Header::ajax_header_remove()
• wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::save()
• wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::setup_theme()
• wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::wp_ajax_update_widget()
Show 62 more used by Hide more used by

---

User Contributed Notes

1. Skip to note content You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note Contributed by Codex

   Example
   In your main file, set the nonce like this:

   
   <?php
   //Set Your Nonce
   $ajax_nonce = wp_create_nonce( "wpdocs-special-string" );
   ?>
   
   <script type="text/javascript">
   jQuery(document).ready(function($){
   	var data = {
   		action: 'wpdocs_action',
   		security: '<?php echo $ajax_nonce; ?>',
   		wpdocs_string: 'Hello World!'
   	};
   	$.post(ajaxurl, data, function(response) {
   		alert("Response: " + response);
   	});
   });
   </script>
   

   In your AJAX file, check the referrer like this:

   
   /**
    * Check the referrer for the AJAX call.
    */
   function wpdocs_action_function() {
   	check_ajax_referer( 'wpdocs-special-string', 'security' );
   	echo sanitize_text_field( $_POST['wpdocs_string'] );
   	die;
   }
   add_action( 'wp_ajax_wpdocs_action', 'wpdocs_action_function' );