返回介绍

wp_nonce_field()

发布于 2017-09-11 12:31:52 字数 7623 浏览 1120 评论 0 收藏 0

wp_nonce_field( int|string $action = -1,  string $name = "_wpnonce",  bool $referer = true,  bool $echo = true )

Retrieve or display nonce hidden field for forms.


description

The nonce field is used to validate that the contents of the form came from the location on the current site and not somewhere else. The nonce does not offer absolute protection, but should protect against most cases. It is very important to use nonce field in forms.

The $action and $name are optional, but if you want to have better security, it is strongly suggested to set those two parameters. It is easier to just call the function without any parameters, because validation of the nonce doesn’t require any parameters, but since crackers know what the default is it won’t be difficult for them to find a way around your nonce and cause damage.

The input name will be whatever $name value you gave. The input value will be the nonce creation value.


参数

$action

(int|string) (Optional) Action name.

Default value: -1

$name

(string) (Optional) Nonce name. Default '_wpnonce'.

Default value: "_wpnonce"

$referer

(bool) (Optional) Whether to set the referer field for validation.

Default value: true

$echo

(bool) (Optional) Whether to display or return hidden form field.

Default value: true


返回值

(string) Nonce field HTML markup.


源代码

File: wp-includes/functions.php

function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) {
	$name = esc_attr( $name );
	$nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />';

	if ( $referer )
		$nonce_field .= wp_referer_field( false );

	if ( $echo )
		echo $nonce_field;

	return $nonce_field;
}

更新日志

Version description
2.0.4 Introduced.

相关函数

Uses

  • wp-includes/formatting.php: esc_attr()
  • wp-includes/pluggable.php: wp_create_nonce()
  • wp-includes/functions.php: wp_referer_field()

Used By

  • wp-admin/includes/class-wp-press-this.php: WP_Press_This::html()
  • wp-admin/includes/network.php: network_step1()
  • wp-admin/includes/class-wp-screen.php: WP_Screen::render_screen_options()
  • wp-admin/includes/theme-install.php: install_themes_upload()
  • wp-admin/includes/class-wp-list-table.php: WP_List_Table::display_tablenav()
  • wp-admin/includes/misc.php: admin_color_scheme_picker()
  • wp-admin/includes/class-wp-theme-install-list-table.php: WP_Theme_Install_List_Table::display()
  • wp-admin/includes/plugin-install.php: install_plugins_upload()
  • wp-admin/includes/dashboard.php: wp_dashboard_quick_press()
  • wp-admin/includes/dashboard.php: _wp_dashboard_control_callback()
  • wp-admin/includes/dashboard.php: wp_dashboard()
  • wp-admin/includes/plugin.php: settings_fields()
  • wp-admin/includes/template.php: find_posts_div()
  • wp-admin/includes/template.php: wp_comment_reply()
  • wp-admin/includes/template.php: _list_meta_row()
  • wp-admin/includes/template.php: meta_form()
  • wp-admin/includes/class-wp-themes-list-table.php: WP_Themes_List_Table::display()
  • wp-admin/includes/media.php: media_upload_type_form()
  • wp-admin/includes/media.php: media_upload_type_url_form()
  • wp-admin/includes/media.php: media_upload_gallery_form()
  • wp-admin/includes/media.php: media_upload_library_form()
  • wp-admin/includes/meta-boxes.php: post_comment_meta_box()
  • wp-admin/includes/meta-boxes.php: link_categories_meta_box()
  • wp-admin/includes/meta-boxes.php: post_categories_meta_box()
  • wp-admin/includes/class-wp-post-comments-list-table.php: WP_Post_Comments_List_Table::display()
  • wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::extra_tablenav()
  • wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::display()
  • wp-admin/includes/class-wp-terms-list-table.php: WP_Terms_List_Table::inline_edit()
  • wp-admin/includes/file.php: request_filesystem_credentials()
  • wp-admin/includes/class-wp-posts-list-table.php: WP_Posts_List_Table::inline_edit()
  • wp-admin/custom-header.php: Custom_Image_Header::step_1()
  • wp-admin/custom-header.php: Custom_Image_Header::step_2()
  • wp-admin/includes/ms.php: confirm_delete_users()
  • wp-admin/update-core.php: list_core_update()
  • wp-admin/update-core.php: list_plugin_updates()
  • wp-admin/update-core.php: list_theme_updates()
  • wp-admin/update-core.php: list_translation_updates()
  • wp-admin/custom-background.php: Custom_Background::admin_page()
  • wp-includes/ms-functions.php: signup_nonce_fields()
  • wp-includes/comment-template.php: wp_comment_form_unfiltered_html_nonce()
  • wp-includes/class-wp-editor.php: _WP_Editors::wp_link_dialog()
  • Show 36 more used by Hide more used by

User Contributed Notes

  1. Skip to note content You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note Contributed by Codex

    Basic Examples
    While less secure than the examples that follow, this is the simplest implementation which omits all arguments. In your form add the following:

    
    <?php wp_nonce_field(); ?>
    

    It’s better to name your action and nonce in your form. Enter values for the first and second arguments to print the necessary hidden field:

    
    <form method="post">
       <!-- some inputs here ... -->
       <?php wp_nonce_field( 'name_of_my_action', 'name_of_nonce_field' ); ?>
    </form>
    

    Then in the page where it is being submitted to, you may verify it using the wp_verify_nonce() function. Notice that you have to manually retrieve the nonce (from the $_POST array in this example), and the name of the action is the 2nd parameter instead of the first:

    
    if ( ! isset( $_POST['name_of_nonce_field'] ) 
        || ! wp_verify_nonce( $_POST['name_of_nonce_field'], 'name_of_my_action' ) 
    ) {
       print 'Sorry, your nonce did not verify.';
       exit;
    } else {
       // process form data
    }
    

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文