WordPress.org

Make WordPress Core

Ticket #11953: 11953.2.diff

File 11953.2.diff, 1.3 KB (added by scribu, 3 years ago)
  • wp-includes/functions.php

     
    19541954 * offer absolute protection, but should protect against most cases. It is very 
    19551955 * important to use nonce field in forms. 
    19561956 * 
    1957  * If you set $echo to true and set $referer to true, then you will need to 
    1958  * retrieve the {@link wp_referer_field() wp referer field}. If you have the 
    1959  * $referer set to true and are echoing the nonce field, it will also echo the 
    1960  * referer field. 
    1961  * 
    19621957 * The $action and $name are optional, but if you want to have better security, 
    19631958 * it is strongly suggested to set those two parameters. It is easier to just 
    19641959 * call the function without any parameters, because validation of the nonce 
     
    19821977function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) { 
    19831978        $name = esc_attr( $name ); 
    19841979        $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />'; 
    1985         if ( $echo ) 
    1986                 echo $nonce_field; 
    19871980 
    19881981        if ( $referer ) 
    1989                 wp_referer_field( $echo ); 
     1982                $nonce_field .= wp_referer_field( false ); 
    19901983 
     1984        if ( $echo ) 
     1985                echo $nonce_field; 
     1986 
    19911987        return $nonce_field; 
    19921988} 
    19931989