Question

wp_nonce_url( string $actionurl,  int|string $action = -1,  string $name = '_wpnonce' )

Retrieve URL with nonce added to URL query.

---

description

---

参数

$actionurl

(string) (Required) URL to add nonce action.

$action

(int|string) (Optional) Nonce action name.

Default value: -1

$name

(string) (Optional) Nonce name.

Default value: '_wpnonce'

---

返回值

(string) Escaped URL with nonce action added.

---

源代码

File: wp-includes/functions.php

function wp_nonce_url( $actionurl, $action = -1, $name = '_wpnonce' ) {
	$actionurl = str_replace( '&', '&', $actionurl );
	return esc_html( add_query_arg( $name, wp_create_nonce( $action ), $actionurl ) );
}

---

更新日志

Version	description
2.0.4	Introduced.

---

相关函数

Uses

• wp-includes/formatting.php: esc_html()
• wp-includes/pluggable.php: wp_create_nonce()
• wp-includes/functions.php: add_query_arg()

---

Used By

• wp-admin/includes/ajax-actions.php: wp_ajax_delete_plugin()
• wp-admin/includes/ajax-actions.php: wp_ajax_delete_theme()
• wp-admin/includes/class-wp-posts-list-table.php: WP_Posts_List_Table::handle_row_actions()
• wp-admin/includes/class-wp-links-list-table.php: WP_Links_List_Table::handle_row_actions()
• wp-admin/includes/class-wp-ms-themes-list-table.php: WP_MS_Themes_List_Table::column_name()
• wp-admin/includes/class-wp-ms-sites-list-table.php: WP_MS_Sites_List_Table::handle_row_actions()
• wp-admin/includes/class-wp-terms-list-table.php: WP_Terms_List_Table::handle_row_actions()
• wp-admin/includes/class-wp-ms-users-list-table.php: WP_MS_Users_List_Table::handle_row_actions()
• wp-admin/includes/theme.php: wp_prepare_themes_for_js()
• wp-admin/includes/theme.php: delete_theme()
• wp-admin/includes/theme.php: get_theme_update_available()
• wp-admin/includes/class-wp-plugins-list-table.php: WP_Plugins_List_Table::single_row()
• wp-admin/includes/class-theme-upgrader-skin.php: Theme_Upgrader_Skin::after()
• wp-admin/includes/class-plugin-installer-skin.php: Plugin_Installer_Skin::after()
• wp-admin/includes/class-theme-installer-skin.php: Theme_Installer_Skin::after()
• wp-admin/includes/class-plugin-upgrader-skin.php: Plugin_Upgrader_Skin::after()
• wp-admin/includes/class-wp-upgrader-skin.php: WP_Upgrader_Skin::request_filesystem_credentials()
• wp-admin/includes/class-wp-theme-install-list-table.php: WP_Theme_Install_List_Table::install_theme_info()
• wp-admin/includes/class-wp-theme-install-list-table.php: WP_Theme_Install_List_Table::single_row()
• wp-admin/includes/update.php: wp_plugin_update_row()
• wp-admin/includes/update.php: wp_theme_update_row()
• wp-admin/includes/plugin-install.php: install_plugin_install_status()
• wp-admin/includes/deprecated.php: wp_dashboard_plugins_output()
• wp-admin/includes/plugin.php: delete_plugins()
• wp-admin/includes/template.php: wp_import_upload_form()
• wp-admin/includes/class-wp-themes-list-table.php: WP_Themes_List_Table::display_rows()
• wp-admin/includes/class-wp-users-list-table.php: WP_Users_List_Table::single_row()
• wp-admin/includes/media.php: get_media_item()
• wp-admin/includes/post.php: _admin_notice_post_locked()
• wp-admin/includes/revision.php: wp_prepare_revisions_for_js()
• wp-admin/includes/meta-boxes.php: link_submit_meta_box()
• wp-admin/includes/class-wp-media-list-table.php: WP_Media_List_Table::_get_row_actions()
• wp-admin/includes/class-walker-nav-menu-edit.php: Walker_Nav_Menu_Edit::start_el()
• wp-admin/update-core.php: do_core_upgrade()
• wp-admin/update-core.php: do_dismiss_core_update()
• wp-admin/update-core.php: do_undismiss_core_update()
• wp-includes/general-template.php: wp_logout_url()
• wp-includes/link-template.php: get_delete_post_link()
Show 33 more used by Hide more used by

---

User Contributed Notes

1. Skip to note content You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note Contributed by Codex

   Example

   Plugin authors can safely add links that perform tasks using a combination of wp_nonce_url() and admin_url().
   For instance, start by creating the link users can click to do something interesting:

   
   function my_plugin_do_something () {
   ?>
   <h2><?php esc_html_e('My Plugin Admin Screen', 'my-plugin-textdomain');?></h2>
   <p>
       <a href="<?php print wp_nonce_url(admin_url('options.php?page=my_plugin_settings'), 'doing_something', 'my_nonce');?>"
           class="button button-primary"><?php esc_html_e('Do Something!', 'my-plugin-textdomain');?></a>
       <span class="description"><?php esc_html_e('This button does something interesting.', 'my-plugin-textdomain');?></span>
   </p>
   <?php
   }
   

   Then, to detect when the user clicks the link, check the nonce validity using wp_verify_nonce() in the function you defined when you called add_menu_page() or one of its Administration Menus wrappers. If the nonce isn’t valid, the link wasn’t clicked, so display the link. Otherwise, do “something interesting.”

   
   add_action('admin_menu', 'add_my_plugin_admin_screen');
   function add_my_plugin_admin_screen () {
       add_options_page(
           __('My Plugin Settings', 'my-plugin-textdomain'),
           __('My Plugin', 'my-plugin-textdomain'),
           'manage_options',
           'my_plugin_settings',
           'my_plugin_do_something'
       );
   }
   
   function my_plugin_do_something () {
       if (!isset($_GET['my_nonce']) || !wp_verify_nonce($_GET['my_nonce'], 'doing_something')) {
   ?>
   <h2><?php esc_html_e('My Plugin Admin Screen', 'my-plugin-textdomain');?></h2>
   <p>
       <a href="<?php print wp_nonce_url(admin_url('options.php?page=my_plugin_settings'), 'doing_something', 'my_nonce');?>"
           class="button button-primary"><?php esc_html_e('Do Something!', 'my-plugin-textdomain');?></a>
       <span class="description"><?php esc_html_e('This button does something interesting.', 'my-plugin-textdomain');?></span>
   </p>
   <?php
       } else {
           // User pressed "Do Something!" button, so
           // do something interesting.
       }
   }
   

   Note that the recommended “context” parameter of the nonce is used to disambiguate which button was pressed. If you make more than one button users can press, make sure each button has a different nonce name and/or context.

Note that wp_nonce_url escapes & to & and may cause links or redirects to become incorrect.

// Sample URL, note the & in there
$url = 'http://localhost/?arg1=value1&arg2=value2';

// This will show http://localhost/?arg1=value1&arg2=value2&_wpnonce=abcdef
echo wp_nonce_url( $url, 'action' );

// This will return http://localhost/?arg1=value1&arg2=value2&_wpnonce=abcdef
echo add_query_arg( '_wpnonce', wp_create_nonce( 'action' ), $url );