WordPress.org

Make WordPress Core

Ticket #23165: 23165.approach-c.patch

File 23165.approach-c.patch, 63.5 KB (added by bpetty, 15 months ago)
  • wp-admin/comment.php

    diff --git wp-admin/comment.php wp-admin/comment.php
    index de5483e..e88c310 100644
    if ( $comment->comment_approved != '0' ) { // if not unapproved 
    191191</tr> 
    192192</table> 
    193193 
    194 <?php wp_nonce_field( $nonce_action ); ?> 
     194<?php wp_nonce_field( array( 'action' => $nonce_action ) ); ?> 
    195195<input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' /> 
    196196<input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' /> 
    197197<input type='hidden' name='noredir' value='1' /> 
  • wp-admin/custom-background.php

    diff --git wp-admin/custom-background.php wp-admin/custom-background.php
    index a924eca..8d29874 100644
    if ( get_background_image() ) { 
    223223<th scope="row"><?php _e('Remove Image'); ?></th> 
    224224<td> 
    225225<form method="post" action=""> 
    226 <?php wp_nonce_field('custom-background-remove', '_wpnonce-custom-background-remove'); ?> 
     226<?php wp_nonce_field( array( 'action' => 'custom-background-remove', 
     227                                                         'name' => '_wpnonce-custom-background-remove' ) ); ?> 
    227228<?php submit_button( __( 'Remove Background Image' ), 'button', 'remove-background', false ); ?><br/> 
    228229<?php _e('This will remove the background image. You will not be able to restore any customizations.') ?> 
    229230</form> 
    if ( get_background_image() ) { 
    237238<th scope="row"><?php _e('Restore Original Image'); ?></th> 
    238239<td> 
    239240<form method="post" action=""> 
    240 <?php wp_nonce_field('custom-background-reset', '_wpnonce-custom-background-reset'); ?> 
     241<?php wp_nonce_field( array( 'action' => 'custom-background-reset', 
     242                                                         'name' => '_wpnonce-custom-background-reset' ) ); ?> 
    241243<?php submit_button( __( 'Restore Original Image' ), 'button', 'reset-background', false ); ?><br/> 
    242244<?php _e('This will restore the original background image. You will not be able to restore any customizations.') ?> 
    243245</form> 
    if ( get_background_image() ) { 
    252254                <label for="upload"><?php _e( 'Choose an image from your computer:' ); ?></label><br /> 
    253255                <input type="file" id="upload" name="import" /> 
    254256                <input type="hidden" name="action" value="save" /> 
    255                 <?php wp_nonce_field( 'custom-background-upload', '_wpnonce-custom-background-upload' ); ?> 
     257                <?php wp_nonce_field( array( 'action' => 'custom-background-upload', 
     258                                                                         'name' => '_wpnonce-custom-background-upload' ) ); ?> 
    256259                <?php submit_button( __( 'Upload' ), 'button', 'submit', false ); ?> 
    257260        </p> 
    258261        <p> 
    if ( current_theme_supports( 'custom-background', 'default-color' ) ) 
    328331</tbody> 
    329332</table> 
    330333 
    331 <?php wp_nonce_field('custom-background'); ?> 
     334<?php wp_nonce_field( array( 'action' => 'custom-background' ) ); ?> 
    332335<?php submit_button( null, 'primary', 'save-background-options' ); ?> 
    333336</form> 
    334337 
  • wp-admin/custom-header.php

    diff --git wp-admin/custom-header.php wp-admin/custom-header.php
    index 14f01df..966d777 100644
    class Custom_Image_Header { 
    517517                <label for="upload"><?php _e( 'Choose an image from your computer:' ); ?></label><br /> 
    518518                <input type="file" id="upload" name="import" /> 
    519519                <input type="hidden" name="action" value="save" /> 
    520                 <?php wp_nonce_field( 'custom-header-upload', '_wpnonce-custom-header-upload' ); ?> 
     520                <?php wp_nonce_field( array( 'action' => 'custom-header-upload', 
     521                                                                         'name' => '_wpnonce-custom-header-upload' ) ); ?> 
    521522                <?php submit_button( __( 'Upload' ), 'button', 'submit', false ); ?> 
    522523        </p> 
    523524        <?php 
    if ( current_theme_supports( 'custom-header', 'default-text-color' ) ) { 
    632633 
    633634do_action( 'custom_header_options' ); 
    634635 
    635 wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> 
     636wp_nonce_field( array( 'action' => 'custom-header-options', 
     637                                           'name' => '_wpnonce-custom-header-options' ) ); ?> 
    636638 
    637639<?php submit_button( null, 'primary', 'save-header-options' ); ?> 
    638640</form> 
    wp_nonce_field( 'custom-header-options', '_wpnonce-custom-header-options' ); ?> 
    726728        <?php if ( empty( $_POST ) && isset( $_GET['file'] ) ) { ?> 
    727729        <input type="hidden" name="create-new-attachment" value="true" /> 
    728730        <?php } ?> 
    729         <?php wp_nonce_field( 'custom-header-crop-image' ) ?> 
     731        <?php wp_nonce_field( array( 'action' => 'custom-header-crop-image' ) ); ?> 
    730732 
    731733        <p class="submit"> 
    732734        <?php submit_button( __( 'Crop and Publish' ), 'primary', 'submit', false ); ?> 
  • wp-admin/edit-form-advanced.php

    diff --git wp-admin/edit-form-advanced.php wp-admin/edit-form-advanced.php
    index 7d142d9..b353313 100644
    if ( isset( $post_new_file ) && current_user_can( $post_type_object->cap->create 
    297297<div id="message" class="updated"><p><?php echo $message; ?></p></div> 
    298298<?php endif; ?> 
    299299<form name="post" action="post.php" method="post" id="post"<?php do_action('post_edit_form_tag'); ?>> 
    300 <?php wp_nonce_field($nonce_action); ?> 
     300<?php wp_nonce_field( array( 'action' => $nonce_action ) ); ?> 
    301301<input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_ID ?>" /> 
    302302<input type="hidden" id="hiddenaction" name="action" value="<?php echo esc_attr( $form_action ) ?>" /> 
    303303<input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr( $form_action ) ?>" /> 
    if ( 'draft' != get_post_status( $post ) ) 
    314314 
    315315echo $form_extra; 
    316316 
    317 wp_nonce_field( 'autosave', 'autosavenonce', false ); 
    318 wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); 
    319 wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); 
     317wp_nonce_field( array( 'action'   => 'autosave', 
     318                                           'name'     => 'autosavenonce', 
     319                                           'id'       => 'autosavenonce', 
     320                                           'referrer' => false ) ); 
     321wp_nonce_field( array( 'action'   => 'meta-box-order', 
     322                                           'name'     => 'meta-box-order-nonce', 
     323                                           'referrer' => false ) ); 
     324wp_nonce_field( array( 'action'   => 'closedpostboxes', 
     325                                           'name'     => 'closedpostboxesnonce', 
     326                                           'id'       => 'closedpostboxesnonce', 
     327                                           'referrer' => false ) ); 
    320328?> 
    321329 
    322330<div id="poststuff"> 
    if ( $post_type_object->public && ! ( 'pending' == get_post_status( $post ) && ! 
    348356?> 
    349357</div> 
    350358<?php 
    351 wp_nonce_field( 'samplepermalink', 'samplepermalinknonce', false ); 
     359wp_nonce_field( array( 'action'   => 'samplepermalink', 
     360                                           'name'     => 'samplepermalinknonce', 
     361                                           'id'       => 'samplepermalinknonce', 
     362                                           'referrer' => false ) ); 
    352363?> 
    353364</div><!-- /titlediv --> 
    354365<?php 
  • wp-admin/edit-form-comment.php

    diff --git wp-admin/edit-form-comment.php wp-admin/edit-form-comment.php
    index 14a2966..94e22ea 100644
    if ( !defined('ABSPATH') ) 
    1111        die('-1'); 
    1212?> 
    1313<form name="post" action="comment.php" method="post" id="post"> 
    14 <?php wp_nonce_field('update-comment_' . $comment->comment_ID) ?> 
     14<?php wp_nonce_field( array( 'action' => 'update-comment_' . $comment->comment_ID, 'id' => '_wpnonce' ) ); ?> 
    1515<div class="wrap"> 
    1616<?php screen_icon(); ?> 
    1717<h2><?php _e('Edit Comment'); ?></h2> 
    if ( !defined('ABSPATH') ) 
    6262</div> 
    6363 
    6464<div id="postdiv" class="postarea"> 
    65 <?php 
     65        <?php 
    6666        $quicktags_settings = array( 'buttons' => 'strong,em,link,block,del,ins,img,ul,ol,li,code,spell,close' ); 
    6767        wp_editor( $comment->comment_content, 'content', array( 'media_buttons' => false, 'tinymce' => false, 'quicktags' => $quicktags_settings ) ); 
    68         wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); ?> 
     68        wp_nonce_field( array( 'action'   => 'closedpostboxes', 
     69                                                   'name'     => 'closedpostboxesnonce', 
     70                                                   'id'       => 'closedpostboxesnonce', 
     71                                                   'referrer' => false ) ); 
     72        ?> 
    6973</div> 
    7074</div><!-- /post-body-content --> 
    7175 
  • wp-admin/edit-link-form.php

    diff --git wp-admin/edit-link-form.php wp-admin/edit-link-form.php
    index 6d81ec0..0af5273 100644
    if ( !empty($form) ) 
    7171if ( !empty($link_added) ) 
    7272        echo $link_added; 
    7373 
    74 wp_nonce_field( $nonce_action ); 
    75 wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); 
    76 wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); ?> 
     74wp_nonce_field( array( 'action' => $nonce_action ) ); 
     75wp_nonce_field( array( 'action'   => 'closedpostboxes', 
     76                                           'name'     => 'closedpostboxesnonce', 
     77                                           'id'       => 'closedpostboxesnonce', 
     78                                           'referrer' => false ) ); 
     79wp_nonce_field( array( 'action'   => 'meta-box-order', 
     80                                           'name'     => 'meta-box-order-nonce', 
     81                                           'referrer' => false ) ); ?> 
    7782 
    7883<div id="poststuff"> 
    7984 
  • wp-admin/edit-tag-form.php

    diff --git wp-admin/edit-tag-form.php wp-admin/edit-tag-form.php
    index 034642a..d25c332 100644
    do_action($taxonomy . '_pre_edit_form', $tag, $taxonomy); ?> 
    3434<input type="hidden" name="action" value="editedtag" /> 
    3535<input type="hidden" name="tag_ID" value="<?php echo esc_attr($tag->term_id) ?>" /> 
    3636<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy) ?>" /> 
    37 <?php wp_original_referer_field(true, 'previous'); wp_nonce_field('update-tag_' . $tag_ID); ?> 
     37<?php wp_original_referer_field(true, 'previous'); wp_nonce_field( array( 'action' => 'update-tag_' . $tag_ID ) ); ?> 
    3838        <table class="form-table"> 
    3939                <tr class="form-field form-required"> 
    4040                        <th scope="row" valign="top"><label for="name"><?php _ex('Name', 'Taxonomy Name'); ?></label></th> 
  • wp-admin/edit-tags.php

    diff --git wp-admin/edit-tags.php wp-admin/edit-tags.php
    index 7250a66..6a615a2 100644
    if ( current_user_can($tax->cap->edit_terms) ) { 
    354354<input type="hidden" name="screen" value="<?php echo esc_attr($current_screen->id); ?>" /> 
    355355<input type="hidden" name="taxonomy" value="<?php echo esc_attr($taxonomy); ?>" /> 
    356356<input type="hidden" name="post_type" value="<?php echo esc_attr($post_type); ?>" /> 
    357 <?php wp_nonce_field('add-tag', '_wpnonce_add-tag'); ?> 
     357<?php wp_nonce_field( array( 'action' => 'add-tag', 
     358                                                         'name'   => '_wpnonce_add-tag' ) ); ?> 
    358359 
    359360<div class="form-field form-required"> 
    360361        <label for="tag-name"><?php _ex('Name', 'Taxonomy Name'); ?></label> 
  • wp-admin/includes/class-wp-comments-list-table.php

    diff --git wp-admin/includes/class-wp-comments-list-table.php wp-admin/includes/class-wp-comments-list-table.php
    index cf0ab88..6b1b571 100644
    class WP_Comments_List_Table extends WP_List_Table { 
    231231                } 
    232232 
    233233                if ( ( 'spam' == $comment_status || 'trash' == $comment_status ) && current_user_can( 'moderate_comments' ) ) { 
    234                         wp_nonce_field( 'bulk-destroy', '_destroy_nonce' ); 
    235234                        $title = ( 'spam' == $comment_status ) ? esc_attr__( 'Empty Spam' ) : esc_attr__( 'Empty Trash' ); 
    236235                        submit_button( $title, 'apply', 'delete_all', false ); 
    237236                } 
    class WP_Comments_List_Table extends WP_List_Table { 
    273272        function display() { 
    274273                extract( $this->_args ); 
    275274 
    276                 wp_nonce_field( "fetch-list-" . get_class( $this ), '_ajax_fetch_list_nonce' ); 
     275                wp_nonce_field( array( 'action' => 'fetch-list-' . get_class( $this ), 
     276                                                           'name' => '_ajax_fetch_list_nonce' ) ); 
    277277 
    278278                $this->display_tablenav( 'top' ); 
    279279 
    class WP_Post_Comments_List_Table extends WP_Comments_List_Table { 
    549549        function display( $output_empty = false ) { 
    550550                extract( $this->_args ); 
    551551 
    552                 wp_nonce_field( "fetch-list-" . get_class( $this ), '_ajax_fetch_list_nonce' ); 
     552                wp_nonce_field( array( 'action' => 'fetch-list-' . get_class( $this ), 
     553                                                           'name' => '_ajax_fetch_list_nonce' ) ); 
    553554?> 
    554555<table class="<?php echo implode( ' ', $this->get_table_classes() ); ?>" cellspacing="0" style="display:none;"> 
    555556        <tbody id="the-comment-list"<?php if ( $singular ) echo " data-wp-lists='list:$singular'"; ?>> 
  • wp-admin/includes/class-wp-list-table.php

    diff --git wp-admin/includes/class-wp-list-table.php wp-admin/includes/class-wp-list-table.php
    index 8c91c70..7100916 100644
    class WP_List_Table { 
    760760         */ 
    761761        function display_tablenav( $which ) { 
    762762                if ( 'top' == $which ) 
    763                         wp_nonce_field( 'bulk-' . $this->_args['plural'] ); 
     763                        wp_nonce_field( array( 'action' => 'bulk-' . $this->_args['plural'] ) ); 
    764764?> 
    765765        <div class="tablenav <?php echo esc_attr( $which ); ?>"> 
    766766 
  • wp-admin/includes/class-wp-posts-list-table.php

    diff --git wp-admin/includes/class-wp-posts-list-table.php wp-admin/includes/class-wp-posts-list-table.php
    index c772fa6..c41d22d 100644
    class WP_Posts_List_Table extends WP_List_Table { 
    10371037                <p class="submit inline-edit-save"> 
    10381038                        <a accesskey="c" href="#inline-edit" title="<?php esc_attr_e( 'Cancel' ); ?>" class="button-secondary cancel alignleft"><?php _e( 'Cancel' ); ?></a> 
    10391039                        <?php if ( ! $bulk ) { 
    1040                                 wp_nonce_field( 'inlineeditnonce', '_inline_edit', false ); 
     1040                                wp_nonce_field( array( 'action' => 'inlineeditnonce', 
     1041                                                                           'name' => '_inline_edit', 
     1042                                                                           'referrer' => false ) ); 
    10411043                                $update_text = __( 'Update' ); 
    10421044                                ?> 
    10431045                                <a accesskey="s" href="#inline-edit" title="<?php esc_attr_e( 'Update' ); ?>" class="button-primary save alignright"><?php echo esc_attr( $update_text ); ?></a> 
  • wp-admin/includes/class-wp-terms-list-table.php

    diff --git wp-admin/includes/class-wp-terms-list-table.php wp-admin/includes/class-wp-terms-list-table.php
    index 8501010..8c10951 100644
    class WP_Terms_List_Table extends WP_List_Table { 
    366366                        <a accesskey="s" href="#inline-edit" title="<?php echo esc_attr( $update_text ); ?>" class="save button-primary alignright"><?php echo $update_text; ?></a> 
    367367                        <span class="spinner"></span> 
    368368                        <span class="error" style="display:none;"></span> 
    369                         <?php wp_nonce_field( 'taxinlineeditnonce', '_inline_edit', false ); ?> 
     369                        <?php wp_nonce_field( array( 'action' => 'taxinlineeditnonce', 
     370                                                                                 'name' => '_inline_edit', 
     371                                                                                 'referrer' => false ) ); ?> 
    370372                        <input type="hidden" name="taxonomy" value="<?php echo esc_attr( $this->screen->taxonomy ); ?>" /> 
    371373                        <input type="hidden" name="post_type" value="<?php echo esc_attr( $this->screen->post_type ); ?>" /> 
    372374                        <br class="clear" /> 
  • wp-admin/includes/class-wp-theme-install-list-table.php

    diff --git wp-admin/includes/class-wp-theme-install-list-table.php wp-admin/includes/class-wp-theme-install-list-table.php
    index 8aa8929..0e1a588 100644
    class WP_Theme_Install_List_Table extends WP_Themes_List_Table { 
    127127        } 
    128128 
    129129        function display() { 
    130                 wp_nonce_field( "fetch-list-" . get_class( $this ), '_ajax_fetch_list_nonce' ); 
     130                wp_nonce_field( array( 'action' => 'fetch-list-' . get_class( $this ), 
     131                                                           'name' => '_ajax_fetch_list_nonce' ) ); 
    131132?> 
    132133                <div class="tablenav top themes"> 
    133134                        <div class="alignleft actions"> 
  • wp-admin/includes/class-wp-themes-list-table.php

    diff --git wp-admin/includes/class-wp-themes-list-table.php wp-admin/includes/class-wp-themes-list-table.php
    index 420495e..c43c2d8 100644
    class WP_Themes_List_Table extends WP_List_Table { 
    9898        } 
    9999 
    100100        function display() { 
    101                 wp_nonce_field( "fetch-list-" . get_class( $this ), '_ajax_fetch_list_nonce' ); 
     101                wp_nonce_field( array( 'action' => 'fetch-list-' . get_class( $this ), 
     102                                                           'name' => '_ajax_fetch_list_nonce' ) ); 
    102103?> 
    103104                <?php $this->tablenav( 'top' ); ?> 
    104105 
  • wp-admin/includes/dashboard.php

    diff --git wp-admin/includes/dashboard.php wp-admin/includes/dashboard.php
    index 0df8109..c8917b2 100644
    function wp_add_dashboard_widget( $widget_id, $widget_name, $callback, $control_ 
    183183function _wp_dashboard_control_callback( $dashboard, $meta_box ) { 
    184184        echo '<form action="" method="post" class="dashboard-widget-control-form">'; 
    185185        wp_dashboard_trigger_widget_control( $meta_box['id'] ); 
    186         wp_nonce_field( 'edit-dashboard-widget_' . $meta_box['id'], 'dashboard-widget-nonce' ); 
     186        wp_nonce_field( array( 'action' => 'edit-dashboard-widget_' . $meta_box['id'], 
     187                                                   'name' => 'dashboard-widget-nonce' ) ); 
    187188        echo '<input type="hidden" name="widget_id" value="' . esc_attr($meta_box['id']) . '" />'; 
    188189        submit_button( __('Submit') ); 
    189190        echo '</form>'; 
    function wp_dashboard() { 
    215216</div> 
    216217 
    217218<?php 
    218         wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); 
    219         wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); 
     219        wp_nonce_field( array( 'action' => 'closedpostboxes', 
     220                                                   'name' => 'closedpostboxesnonce', 
     221                                                   'id' => 'closedpostboxesnonce', 
     222                                                   'referrer' => false ) ); 
     223        wp_nonce_field( array( 'action'   => 'meta-box-order', 
     224                                                   'name'     => 'meta-box-order-nonce', 
     225                                                   'referrer' => false ) ); 
    220226 
    221227} 
    222228 
    function wp_dashboard_quick_press() { 
    557563                        <input type="hidden" name="action" id="quickpost-action" value="post-quickpress-save" /> 
    558564                        <input type="hidden" name="post_ID" value="<?php echo $post_ID; ?>" /> 
    559565                        <input type="hidden" name="post_type" value="post" /> 
    560                         <?php wp_nonce_field('add-post'); ?> 
     566                        <?php wp_nonce_field( array( 'action' => 'add-post' ) ); ?> 
    561567                        <?php submit_button( __( 'Save Draft' ), 'button', 'save', false, array( 'id' => 'save-post' ) ); ?> 
    562568                        <input type="reset" value="<?php esc_attr_e( 'Reset' ); ?>" class="button" /> 
    563569                        <br class="clear" /> 
  • wp-admin/includes/media.php

    diff --git wp-admin/includes/media.php wp-admin/includes/media.php
    index beb3dcc..f8481f8 100644
    function media_upload_type_form($type = 'file', $errors = null, $id = null) { 
    16021602<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="<?php echo $type; ?>-form"> 
    16031603<?php submit_button( '', 'hidden', 'save', false ); ?> 
    16041604<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 
    1605 <?php wp_nonce_field('media-form'); ?> 
     1605<?php wp_nonce_field( array( 'action' => 'media-form' ) ); ?> 
    16061606 
    16071607<h3 class="media-title"><?php _e('Add media files from your computer'); ?></h3> 
    16081608 
    function media_upload_type_url_form($type = null, $errors = null, $id = null) { 
    16661666 
    16671667<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="<?php echo $type; ?>-form"> 
    16681668<input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?>" /> 
    1669 <?php wp_nonce_field('media-form'); ?> 
     1669<?php wp_nonce_field( array( 'action' => 'media-form' ) ); ?> 
    16701670 
    16711671<h3 class="media-title"><?php _e('Insert media from another website'); ?></h3> 
    16721672 
    jQuery(function($){ 
    18161816<a href="#" id="clear"><?php _ex('Clear', 'verb'); ?></a> 
    18171817</div> 
    18181818<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="gallery-form"> 
    1819 <?php wp_nonce_field('media-form'); ?> 
     1819<?php wp_nonce_field( array( 'action' => 'media-form' ) ); ?> 
    18201820<?php //media_upload_form( $errors ); ?> 
    18211821<table class="widefat" cellspacing="0"> 
    18221822<thead><tr> 
    foreach ($arc_result as $arc_row) { 
    20572057 
    20582058<form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?>" class="<?php echo $form_class; ?>" id="library-form"> 
    20592059 
    2060 <?php wp_nonce_field('media-form'); ?> 
     2060<?php wp_nonce_field( array( 'action' => 'media-form' ) ); ?> 
    20612061<?php //media_upload_form( $errors ); ?> 
    20622062 
    20632063<script type="text/javascript"> 
  • wp-admin/includes/meta-boxes.php

    diff --git wp-admin/includes/meta-boxes.php wp-admin/includes/meta-boxes.php
    index 2b0b286..4af76ab 100644
    function post_categories_meta_box( $post, $box ) { 
    421421                                        </label> 
    422422                                        <?php wp_dropdown_categories( array( 'taxonomy' => $taxonomy, 'hide_empty' => 0, 'name' => 'new'.$taxonomy.'_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '&mdash; ' . $tax->labels->parent_item . ' &mdash;' ) ); ?> 
    423423                                        <input type="button" id="<?php echo $taxonomy; ?>-add-submit" data-wp-lists="add:<?php echo $taxonomy ?>checklist:<?php echo $taxonomy ?>-add" class="button category-add-submit" value="<?php echo esc_attr( $tax->labels->add_new_item ); ?>" /> 
    424                                         <?php wp_nonce_field( 'add-'.$taxonomy, '_ajax_nonce-add-'.$taxonomy, false ); ?> 
     424                                        <?php wp_nonce_field( array( 'action' => 'add-'.$taxonomy, 
     425                                                                                                 'name' => '_ajax_nonce-add-'.$taxonomy, 
     426                                                                                                 'referrer' => false ) ); ?> 
    425427                                        <span id="<?php echo $taxonomy; ?>-ajax-response"></span> 
    426428                                </p> 
    427429                        </div> 
    function post_comment_meta_box_thead($result) { 
    535537function post_comment_meta_box( $post ) { 
    536538        global $wpdb; 
    537539 
    538         wp_nonce_field( 'get-comments', 'add_comment_nonce', false ); 
     540        wp_nonce_field( array( 'action' => 'get-comments', 
     541                                                   'name' => 'add_comment_nonce', 
     542                                                   'referrer' => false ) ); 
    539543        ?> 
    540544        <p class="hide-if-no-js" id="add-new-comment"><a href="#commentstatusdiv" onclick="commentReply.addcomment(<?php echo $post->ID; ?>);return false;"><?php _e('Add comment'); ?></a></p> 
    541545        <?php 
    function link_categories_meta_box($link) { 
    753757                        <label class="screen-reader-text" for="newcat"><?php _e( '+ Add New Category' ); ?></label> 
    754758                        <input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" aria-required="true" /> 
    755759                        <input type="button" id="link-category-add-submit" data-wp-lists="add:categorychecklist:link-category-add" class="button" value="<?php esc_attr_e( 'Add' ); ?>" /> 
    756                         <?php wp_nonce_field( 'add-link-category', '_ajax_nonce', false ); ?> 
     760                        <?php wp_nonce_field( array( 'action' => 'add-link-category', 
     761                                                                                 'name' => '_ajax_nonce', 
     762                                                                                 'referrer' => false ) ); ?> 
    757763                        <span id="category-ajax-response"></span> 
    758764                </p> 
    759765        </div> 
  • wp-admin/includes/plugin-install.php

    diff --git wp-admin/includes/plugin-install.php wp-admin/includes/plugin-install.php
    index 63a5f71..ca2a77c 100644
    function install_plugins_upload( $page = 1 ) { 
    145145        <h4><?php _e('Install a plugin in .zip format'); ?></h4> 
    146146        <p class="install-help"><?php _e('If you have a plugin in a .zip format, you may install it by uploading it here.'); ?></p> 
    147147        <form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo self_admin_url('update.php?action=upload-plugin'); ?>"> 
    148                 <?php wp_nonce_field( 'plugin-upload'); ?> 
     148                <?php wp_nonce_field( array( 'action' => 'plugin-upload' ) ); ?> 
    149149                <label class="screen-reader-text" for="pluginzip"><?php _e('Plugin zip file'); ?></label> 
    150150                <input type="file" id="pluginzip" name="pluginzip" /> 
    151151                <?php submit_button( __( 'Install Now' ), 'button', 'install-plugin-submit', false ); ?> 
  • wp-admin/includes/plugin.php

    diff --git wp-admin/includes/plugin.php wp-admin/includes/plugin.php
    index 109e66d..e8c2047 100644
    function remove_option_whitelist( $del_options, $options = '' ) { 
    17591759function settings_fields($option_group) { 
    17601760        echo "<input type='hidden' name='option_page' value='" . esc_attr($option_group) . "' />"; 
    17611761        echo '<input type="hidden" name="action" value="update" />'; 
    1762         wp_nonce_field("$option_group-options"); 
     1762        wp_nonce_field( array( 'action' => "$option_group-options" ) ); 
    17631763} 
  • wp-admin/includes/screen.php

    diff --git wp-admin/includes/screen.php wp-admin/includes/screen.php
    index 4a409e8..aea6b9f 100644
    final class WP_Screen { 
    986986                echo $this->_screen_settings; 
    987987 
    988988                ?> 
    989                 <div><?php wp_nonce_field( 'screen-options-nonce', 'screenoptionnonce', false ); ?></div> 
     989                <div><?php wp_nonce_field( array( 'action' => 'screen-options-nonce', 
     990                                                                                  'name' => 'screenoptionnonce', 
     991                                                                                  'referrer' => false ) ); ?></div> 
    990992                </form> 
    991993                </div> 
    992994                <?php 
  • wp-admin/includes/template.php

    diff --git wp-admin/includes/template.php wp-admin/includes/template.php
    index 788a4bd..e46a043 100644
    function wp_comment_reply($position = '1', $checkbox = false, $mode = 'single', 
    374374        <input type="hidden" name="checkbox" id="checkbox" value="<?php echo $checkbox ? 1 : 0; ?>" /> 
    375375        <input type="hidden" name="mode" id="mode" value="<?php echo esc_attr($mode); ?>" /> 
    376376        <?php 
    377                 wp_nonce_field( 'replyto-comment', '_ajax_nonce-replyto-comment', false ); 
     377                wp_nonce_field( array( 'action' => 'replyto-comment', 
     378                                                           'name' => '_ajax_nonce-replyto-comment', 
     379                                                           'referrer' => false ) ); 
    378380                if ( current_user_can( 'unfiltered_html' ) ) 
    379                         wp_nonce_field( 'unfiltered-html-comment', '_wp_unfiltered_html_comment', false ); 
     381                        wp_nonce_field( array( 'action' => 'unfiltered-html-comment', 
     382                                                                   'name' => '_wp_unfiltered_html_comment', 
     383                                                                   'referrer' => false ) ); 
    380384        ?> 
    381385<?php if ( $table_row ) : ?> 
    382386</td></tr></tbody></table> 
    function _list_meta_row( $entry, &$count ) { 
    496500        $r .= "\n\t\t"; 
    497501        $r .= get_submit_button( __( 'Update' ), 'updatemeta small', "meta-{$entry['meta_id']}-submit", false, array( 'data-wp-lists' => "add:the-list:meta-{$entry['meta_id']}::_ajax_nonce-add-meta=$update_nonce" ) ); 
    498502        $r .= "</div>"; 
    499         $r .= wp_nonce_field( 'change-meta', '_ajax_nonce', false, false ); 
     503        $r .= wp_nonce_field( array( 'action' => 'change-meta', // Where is this nonce field actually checked? Doesn't look like it's used anywhere. 
     504                                                                 'name' => '_ajax_nonce', 'id' => '_ajax_nonce', 
     505                                                                 'referrer' => false, 'echo' => false ) ); 
    500506        $r .= "</td>"; 
    501507 
    502508        $r .= "\n\t\t<td><label class='screen-reader-text' for='meta[{$entry['meta_id']}][value]'>" . __( 'Value' ) . "</label><textarea name='meta[{$entry['meta_id']}][value]' id='meta[{$entry['meta_id']}][value]' rows='2' cols='30'>{$entry['meta_value']}</textarea></td>\n\t</tr>"; 
    function meta_form() { 
    558564<div class="submit"> 
    559565<?php submit_button( __( 'Add Custom Field' ), 'secondary', 'addmeta', false, array( 'id' => 'newmeta-submit', 'data-wp-lists' => 'add:the-list:newmeta' ) ); ?> 
    560566</div> 
    561 <?php wp_nonce_field( 'add-meta', '_ajax_nonce-add-meta', false ); ?> 
     567<?php wp_nonce_field( array( 'action' => 'add-meta', 
     568                                                         'name' => '_ajax_nonce-add-meta', 
     569                                                         'referrer' => false ) ); ?> 
    562570</td></tr> 
    563571</tbody> 
    564572</table> 
    function find_posts_div($found_action = '') { 
    12751283                                <?php } ?> 
    12761284 
    12771285                                <input type="hidden" name="affected" id="affected" value="" /> 
    1278                                 <?php wp_nonce_field( 'find-posts', '_ajax_nonce', false ); ?> 
     1286                                <?php wp_nonce_field( array( 'action' => 'find-posts', 
     1287                                                                                         'name' => '_ajax_nonce', 
     1288                                                                                         'referrer' => false ) ); ?> 
    12791289                                <label class="screen-reader-text" for="find-posts-input"><?php _e( 'Search' ); ?></label> 
    12801290                                <input type="text" id="find-posts-input" name="ps" value="" /> 
    12811291                                <span class="spinner"></span> 
  • wp-admin/includes/theme-install.php

    diff --git wp-admin/includes/theme-install.php wp-admin/includes/theme-install.php
    index d0a18a7..a191090 100644
    function install_themes_upload($page = 1) { 
    137137<h4><?php _e('Install a theme in .zip format'); ?></h4> 
    138138<p class="install-help"><?php _e('If you have a theme in a .zip format, you may install it by uploading it here.'); ?></p> 
    139139<form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo self_admin_url('update.php?action=upload-theme'); ?>"> 
    140         <?php wp_nonce_field( 'theme-upload'); ?> 
     140        <?php wp_nonce_field( array( 'action' => 'theme-upload' ) ); ?> 
    141141        <input type="file" name="themezip" /> 
    142142        <?php submit_button( __( 'Install Now' ), 'button', 'install-theme-submit', false ); ?> 
    143143</form> 
  • wp-admin/index.php

    diff --git wp-admin/index.php wp-admin/index.php
    index b476267..3a4e6b0 100644
    $today = current_time('mysql', 1); 
    118118                $classes .= ' hidden'; ?> 
    119119 
    120120        <div id="welcome-panel" class="<?php echo esc_attr( $classes ); ?>"> 
    121                 <?php wp_nonce_field( 'welcome-panel-nonce', 'welcomepanelnonce', false ); ?> 
     121                <?php wp_nonce_field( array( 'action'   => 'welcome-panel-nonce', 
     122                                                                         'name'     => 'welcomepanelnonce', 
     123                                                                         'referrer' => false ) ); ?> 
    122124                <a class="welcome-panel-close" href="<?php echo esc_url( admin_url( '?welcome=0' ) ); ?>"><?php _e( 'Dismiss' ); ?></a> 
    123125                <?php do_action( 'welcome_panel' ); ?> 
    124126        </div> 
  • wp-admin/js/common.js

    diff --git wp-admin/js/common.js wp-admin/js/common.js
    index 0f6b84d..fc98bf0 100644
    columns = { 
    3030                $.post(ajaxurl, { 
    3131                        action: 'hidden-columns', 
    3232                        hidden: hidden, 
    33                         screenoptionnonce: $('#screenoptionnonce').val(), 
     33                        screenoptionnonce: $('input[name="screenoptionnonce"]').val(), 
    3434                        page: pagenow 
    3535                }); 
    3636        }, 
  • wp-admin/js/dashboard.js

    diff --git wp-admin/js/dashboard.js wp-admin/js/dashboard.js
    index 50a17f8..d47c956 100644
    jQuery(document).ready( function($) { 
    88                        $.post( ajaxurl, { 
    99                                action: 'update-welcome-panel', 
    1010                                visible: visible, 
    11                                 welcomepanelnonce: $('#welcomepanelnonce').val() 
     11                                welcomepanelnonce: $('input[name="welcomepanelnonce"]').val() 
    1212                        }); 
    1313                }; 
    1414 
  • wp-admin/js/edit-comments.js

    diff --git wp-admin/js/edit-comments.js wp-admin/js/edit-comments.js
    index 038a1e5..531b1e8 100644
    setCommentsList = function() { 
    263263                args = $.extend(args, { 
    264264                        'action': 'fetch-list', 
    265265                        'list_args': list_args, 
    266                         '_ajax_fetch_list_nonce': $('#_ajax_fetch_list_nonce').val() 
     266                        '_ajax_fetch_list_nonce': $('input[name="_ajax_fetch_list_nonce"]').val() 
    267267                }); 
    268268 
    269269                $.ajax({ 
  • wp-admin/js/media.js

    diff --git wp-admin/js/media.js wp-admin/js/media.js
    index b4ed0fb..a3aabce 100644
    var findPosts; 
    4848                        var post = { 
    4949                                        ps: $('#find-posts-input').val(), 
    5050                                        action: 'find_posts', 
    51                                         _ajax_nonce: $('#_ajax_nonce').val() 
     51                                        _ajax_nonce: $('input[name="_ajax_nonce"]').val() 
    5252                                }, 
    5353                                spinner = $( '.find-box-search .spinner' ); 
    5454 
  • wp-admin/js/nav-menu.js

    diff --git wp-admin/js/nav-menu.js wp-admin/js/nav-menu.js
    index 20f0fc3..c6df0d6 100644
    var wpNavMenu; 
    466466                attachThemeLocationsListeners : function() { 
    467467                        var loc = $('#nav-menu-theme-locations'), params = {}; 
    468468                        params['action'] = 'menu-locations-save'; 
    469                         params['menu-settings-column-nonce'] = $('#menu-settings-column-nonce').val(); 
     469                        params['menu-settings-column-nonce'] = $('input[name="menu-settings-column-nonce"]').val(); 
    470470                        loc.find('input[type="submit"]').click(function() { 
    471471                                loc.find('select').each(function() { 
    472472                                        params[this.name] = $(this).val(); 
    var wpNavMenu; 
    510510                                'action': 'menu-quick-search', 
    511511                                'response-format': 'markup', 
    512512                                'menu': $('#menu').val(), 
    513                                 'menu-settings-column-nonce': $('#menu-settings-column-nonce').val(), 
     513                                'menu-settings-column-nonce': $('input[name="menu-settings-column-nonce"]').val(), 
    514514                                'q': q, 
    515515                                'type': input.attr('name') 
    516516                        }; 
    var wpNavMenu; 
    557557 
    558558                addItemToMenu : function(menuItem, processMethod, callback) { 
    559559                        var menu = $('#menu').val(), 
    560                                 nonce = $('#menu-settings-column-nonce').val(); 
     560                                nonce = $('input[name="menu-settings-column-nonce"]').val(); 
    561561 
    562562                        processMethod = processMethod || function(){}; 
    563563                        callback = callback || function(){}; 
  • wp-admin/js/post.js

    diff --git wp-admin/js/post.js wp-admin/js/post.js
    index d08dc4a..b947f6a 100644
    commentsBox = { 
    188188                data = { 
    189189                        'action' : 'get-comments', 
    190190                        'mode' : 'single', 
    191                         '_ajax_nonce' : $('#add_comment_nonce').val(), 
     191                        '_ajax_nonce' : $('input[name="add_comment_nonce"]').val(), 
    192192                        'p' : $('#post_ID').val(), 
    193193                        'start' : st, 
    194194                        'number' : num 
  • wp-admin/js/postbox.js

    diff --git wp-admin/js/postbox.js wp-admin/js/postbox.js
    index 838db5d..e4a9f37 100644
    var postboxes; 
    121121 
    122122                        postVars = { 
    123123                                action: 'meta-box-order', 
    124                                 _ajax_nonce: $('#meta-box-order-nonce').val(), 
     124                                _ajax_nonce: $('input[name="meta-box-order-nonce"]').val(), 
    125125                                page_columns: page_columns, 
    126126                                page: page 
    127127                        } 
  • wp-admin/js/theme.js

    diff --git wp-admin/js/theme.js wp-admin/js/theme.js
    index 079c73b..71bdb6d 100644
    jQuery( document ).ready( function($) { 
    123123 * @uses ajaxurl 
    124124 * @uses list_args 
    125125 * @uses theme_list_args 
    126  * @uses $('#_ajax_fetch_list_nonce').val() 
     126 * @uses $('input[name="_ajax_fetch_list_nonce"]').val()" 
    127127* */ 
    128128var ThemeScroller; 
    129129(function($){ 
    var ThemeScroller; 
    151151                        } 
    152152 
    153153                        // Handle inputs 
    154                         this.nonce = $('#_ajax_fetch_list_nonce').val(); 
     154                        this.nonce = $('input[name="_ajax_fetch_list_nonce"]').val(); 
    155155                        this.nextPage = ( theme_list_args.paged + 1 ); 
    156156 
    157157                        // Cache jQuery selectors 
  • wp-admin/js/widgets.js

    diff --git wp-admin/js/widgets.js wp-admin/js/widgets.js
    index 87be4dd..7b03f0e 100644
    wpWidgets = { 
    180180 
    181181                var a = { 
    182182                        action: 'widgets-order', 
    183                         savewidgets: $('#_wpnonce_widgets').val(), 
     183                        savewidgets: $('input[name="_wpnonce_widgets"]').val(), 
    184184                        sidebars: [] 
    185185                }; 
    186186 
    wpWidgets = { 
    203203 
    204204                a = { 
    205205                        action: 'save-widget', 
    206                         savewidgets: $('#_wpnonce_widgets').val(), 
     206                        savewidgets: $('input[name="_wpnonce_widgets"]').val(), 
    207207                        sidebar: sb 
    208208                }; 
    209209 
  • wp-admin/media-new.php

    diff --git wp-admin/media-new.php wp-admin/media-new.php
    index c6a7ae1..51cb5f5 100644
    if ( get_user_setting('uploader') || isset( $_GET['browser-uploader'] ) ) 
    7676        var post_id = <?php echo $post_id; ?>, shortform = 3; 
    7777        </script> 
    7878        <input type="hidden" name="post_id" id="post_id" value="<?php echo $post_id; ?>" /> 
    79         <?php wp_nonce_field('media-form'); ?> 
     79        <?php wp_nonce_field( array( 'action' => 'media-form' ) ); ?> 
    8080        <div id="media-items" class="hide-if-no-js"></div> 
    8181        </form> 
    8282</div> 
  • wp-admin/media.php

    diff --git wp-admin/media.php wp-admin/media.php
    index 15d4323..df46a56 100644
    if ( current_user_can( 'upload_files' ) ) { ?> 
    128128<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo esc_attr($att_id); ?>" /> 
    129129<input type="hidden" name="action" value="editattachment" /> 
    130130<?php wp_original_referer_field(true, 'previous'); ?> 
    131 <?php wp_nonce_field('media-form'); ?> 
     131<?php wp_nonce_field( array( 'action' => 'media-form' ) ); ?> 
    132132 
    133133</form> 
    134134 
  • wp-admin/ms-delete-site.php

    diff --git wp-admin/ms-delete-site.php wp-admin/ms-delete-site.php
    index 7d772c2..823d5d4 100644
    Webmaster 
    7272        <p><?php _e( 'Remember, once deleted your site cannot be restored.' ) ?></p> 
    7373 
    7474        <form method="post" name="deletedirect"> 
    75                 <?php wp_nonce_field( 'delete-blog' ) ?> 
     75                <?php wp_nonce_field( array( 'action' => 'delete-blog' ) ); ?> 
    7676                <input type="hidden" name="action" value="deleteblog" /> 
    7777                <p><input id="confirmdelete" type="checkbox" name="confirmdelete" value="1" /> <label for="confirmdelete"><strong><?php printf( __( "I'm sure I want to permanently disable my site, and I am aware I can never get it back or use %s again." ), is_subdomain_install() ? $blog->domain : $blog->domain . $blog->path ); ?></strong></label></p> 
    7878                <?php submit_button( __( 'Delete My Site Permanently' ) ); ?> 
  • wp-admin/my-sites.php

    diff --git wp-admin/my-sites.php wp-admin/my-sites.php
    index 2ef4ca7..6738c00 100644
    else : 
    111111        }?> 
    112112        </table> 
    113113        <input type="hidden" name="action" value="updateblogsettings" /> 
    114         <?php wp_nonce_field( 'update-my-sites' ); ?> 
     114        <?php wp_nonce_field( array( 'action' => 'update-my-sites' ) ); ?> 
    115115        <?php submit_button(); ?> 
    116116        </form> 
    117117<?php endif; ?> 
  • wp-admin/nav-menus.php

    diff --git wp-admin/nav-menus.php wp-admin/nav-menus.php
    index 361d0f6..99a978a 100644
    require_once( './admin-header.php' ); 
    472472                <form id="nav-menu-meta" action="<?php echo admin_url( 'nav-menus.php' ); ?>" class="nav-menu-meta" method="post" enctype="multipart/form-data"> 
    473473                        <input type="hidden" name="menu" id="nav-menu-meta-object-id" value="<?php echo esc_attr( $nav_menu_selected_id ); ?>" /> 
    474474                        <input type="hidden" name="action" value="add-menu-item" /> 
    475                         <?php wp_nonce_field( 'add-menu_item', 'menu-settings-column-nonce' ); ?> 
     475                        <?php wp_nonce_field( array( 'action' => 'add-menu_item', 
     476                                                                                 'name' => 'menu-settings-column-nonce' ) ); ?> 
    476477                        <?php do_meta_boxes( 'nav-menus', 'side', null ); ?> 
    477478                </form> 
    478479 
    require_once( './admin-header.php' ); 
    564565                                                        </div><!-- END .major-publishing-actions --> 
    565566                                                </div><!-- END #submitpost .submitbox --> 
    566567                                                <?php 
    567                                                 wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); 
    568                                                 wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); 
    569                                                 wp_nonce_field( 'update-nav_menu', 'update-nav-menu-nonce' ); 
     568                                                wp_nonce_field( array( 'action' => 'closedpostboxes', 
     569                                                                                           'name' => 'closedpostboxesnonce', 
     570                                                                                           'id' => 'closedpostboxesnonce', 
     571                                                                                           'referrer' => false ) ); 
     572                                                wp_nonce_field( array( 'action'   => 'meta-box-order', 
     573                                                                                           'name'     => 'meta-box-order-nonce', 
     574                                                                                           'referrer' => false ) ); 
     575                                                wp_nonce_field( array( 'action' => 'update-nav_menu', 
     576                                                                                           'name' => 'update-nav-menu-nonce' ) ); 
    570577                                                ?> 
    571578                                                <input type="hidden" name="action" value="update" /> 
    572579                                                <input type="hidden" name="menu" id="menu" value="<?php echo esc_attr( $nav_menu_selected_id ); ?>" /> 
  • wp-admin/network.php

    diff --git wp-admin/network.php wp-admin/network.php
    index f0651bc..a5113d9 100644
    function network_step1( $errors = false ) { 
    172172 
    173173        echo '<form method="post" action="">'; 
    174174 
    175         wp_nonce_field( 'install-network-1' ); 
     175        wp_nonce_field( array( 'action' => 'install-network-1' ) ); 
    176176 
    177177        $error_codes = array(); 
    178178        if ( is_wp_error( $errors ) ) { 
  • wp-admin/network/settings.php

    diff --git wp-admin/network/settings.php wp-admin/network/settings.php
    index b3a0f89..ff1310b 100644
    if ( isset( $_GET['updated'] ) ) { 
    8383        <?php screen_icon('options-general'); ?> 
    8484        <h2><?php echo esc_html( $title ); ?></h2> 
    8585        <form method="post" action="settings.php"> 
    86                 <?php wp_nonce_field( 'siteoptions' ); ?> 
     86                <?php wp_nonce_field( array( 'action' => 'siteoptions' ) ); ?> 
    8787                <h3><?php _e( 'Operational Settings' ); ?></h3> 
    8888                <table class="form-table"> 
    8989                        <tr valign="top"> 
  • wp-admin/network/site-info.php

    diff --git wp-admin/network/site-info.php wp-admin/network/site-info.php
    index bcc71f9..b0d2a58 100644
    if ( ! empty( $messages ) ) { 
    118118                echo '<div id="message" class="updated"><p>' . $msg . '</p></div>'; 
    119119} ?> 
    120120<form method="post" action="site-info.php?action=update-site"> 
    121         <?php wp_nonce_field( 'edit-site' ); ?> 
     121        <?php wp_nonce_field( array( 'action' => 'edit-site' ) ); ?> 
    122122        <input type="hidden" name="id" value="<?php echo esc_attr( $id ) ?>" /> 
    123123        <table class="form-table"> 
    124124                <tr class="form-field form-required"> 
  • wp-admin/network/site-new.php

    diff --git wp-admin/network/site-new.php wp-admin/network/site-new.php
    index db2e1f7..d71667d 100644
    if ( ! empty( $messages ) ) { 
    120120                echo '<div id="message" class="updated"><p>' . $msg . '</p></div>'; 
    121121} ?> 
    122122<form method="post" action="<?php echo network_admin_url('site-new.php?action=add-site'); ?>"> 
    123 <?php wp_nonce_field( 'add-blog', '_wpnonce_add-blog' ) ?> 
     123<?php wp_nonce_field( array( 'action' => 'add-blog', 
     124                                                         'name'   => '_wpnonce_add-blog' ) ); ?> 
    124125        <table class="form-table"> 
    125126                <tr class="form-field form-required"> 
    126127                        <th scope="row"><?php _e( 'Site Address' ) ?></th> 
  • wp-admin/network/site-settings.php

    diff --git wp-admin/network/site-settings.php wp-admin/network/site-settings.php
    index f807fcf..1146dab 100644
    if ( ! empty( $messages ) ) { 
    108108                echo '<div id="message" class="updated"><p>' . $msg . '</p></div>'; 
    109109} ?> 
    110110<form method="post" action="site-settings.php?action=update-site"> 
    111         <?php wp_nonce_field( 'edit-site' ); ?> 
     111        <?php wp_nonce_field( array( 'action' => 'edit-site' ) ); ?> 
    112112        <input type="hidden" name="id" value="<?php echo esc_attr( $id ) ?>" /> 
    113113        <table class="form-table"> 
    114114                <?php 
  • wp-admin/network/site-users.php

    diff --git wp-admin/network/site-users.php wp-admin/network/site-users.php
    index 2064a76..92be831 100644
    endif; ?> 
    269269                        </select></td> 
    270270                </tr> 
    271271        </table> 
    272         <?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?> 
     272        <?php wp_nonce_field( array( 'action' => 'add-user', 
     273                                                                 'name'   => '_wpnonce_add-user' ) ); ?> 
    273274        <?php submit_button( __( 'Add User' ), 'primary', 'add-user', true, array( 'id' => 'submit-add-existing-user' ) ); ?> 
    274275</form> 
    275276<?php endif; ?> 
    endif; ?> 
    303304                        <td colspan="2"><?php _e( 'Username and password will be mailed to the above email address.' ) ?></td> 
    304305                </tr> 
    305306        </table> 
    306         <?php wp_nonce_field( 'add-user', '_wpnonce_add-new-user' ) ?> 
     307        <?php wp_nonce_field( array( 'action' => 'add-user', 
     308                                                                 'name'   => '_wpnonce_add-new-user' ) ); ?> 
    307309        <?php submit_button( __( 'Add New User' ), 'primary', 'add-user', true, array( 'id' => 'submit-add-user' ) ); ?> 
    308310</form> 
    309311<?php endif; ?> 
  • wp-admin/network/sites.php

    diff --git wp-admin/network/sites.php wp-admin/network/sites.php
    index e9b314d..c572356 100644
    if ( isset( $_GET['action'] ) ) { 
    7878                                        <input type="hidden" name="action" value="<?php echo esc_attr( $_GET['action2'] ) ?>" /> 
    7979                                        <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" /> 
    8080                                        <input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" /> 
    81                                         <?php wp_nonce_field( $_GET['action2'], '_wpnonce', false ); ?> 
     81                                        <?php wp_nonce_field( array( 'action' => $_GET['action2'], 'referrer' => false ) ); ?> 
    8282                                        <p><?php echo esc_html( stripslashes( $_GET['msg'] ) ); ?></p> 
    8383                                        <?php submit_button( __('Confirm'), 'button' ); ?> 
    8484                                </form> 
  • wp-admin/network/themes.php

    diff --git wp-admin/network/themes.php wp-admin/network/themes.php
    index 04840ee..e4a1a9b 100644
    if ( $action ) { 
    154154                                                foreach ( (array) $themes as $theme ) 
    155155                                                        echo '<input type="hidden" name="checked[]" value="' . esc_attr($theme) . '" />'; 
    156156                                        ?> 
    157                                         <?php wp_nonce_field('bulk-themes') ?> 
     157                                        <?php wp_nonce_field( array( 'action' => 'bulk-themes' ) ); ?> 
    158158                                        <?php submit_button( _n( 'Yes, Delete this theme', 'Yes, Delete these themes', $themes_to_delete ), 'button', 'submit', false ); ?> 
    159159                                </form> 
    160160                                <form method="post" action="<?php echo esc_url(wp_get_referer()); ?>" style="display:inline;"> 
  • wp-admin/network/user-new.php

    diff --git wp-admin/network/user-new.php wp-admin/network/user-new.php
    index 2044914..050d758 100644
    if ( isset( $add_user_errors ) && is_wp_error( $add_user_errors ) ) { ?> 
    9999                        <td colspan="2"><?php _e( 'Username and password will be mailed to the above email address.' ) ?></td> 
    100100                </tr> 
    101101        </table> 
    102         <?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?> 
     102        <?php wp_nonce_field( array( 'action' => 'add-user', 
     103                                                                 'name'   => '_wpnonce_add-user' ) ); ?> 
    103104        <?php submit_button( __('Add User'), 'primary', 'add-user' ); ?> 
    104105        </form> 
    105106</div> 
  • wp-admin/network/users.php

    diff --git wp-admin/network/users.php wp-admin/network/users.php
    index 1318355..fe5aaca 100644
    function confirm_delete_users( $users ) { 
    2828        <form action="users.php?action=dodelete" method="post"> 
    2929        <input type="hidden" name="dodelete" /> 
    3030        <?php 
    31         wp_nonce_field( 'ms-users-delete' ); 
     31        wp_nonce_field( array( 'action' => 'ms-users-delete' ) ); 
    3232        $site_admins = get_super_admins(); 
    3333        $admin_out = "<option value='$current_user->ID'>$current_user->user_login</option>"; 
    3434 
  • wp-admin/options-permalink.php

    diff --git wp-admin/options-permalink.php wp-admin/options-permalink.php
    index 906361e..704f954 100644
    if ( ! is_multisite() ) { 
    169169<h2><?php echo esc_html( $title ); ?></h2> 
    170170 
    171171<form name="form" action="options-permalink.php" method="post"> 
    172 <?php wp_nonce_field('update-permalink') ?> 
     172<?php wp_nonce_field( array( 'action' => 'update-permalink' ) ); ?> 
    173173 
    174174  <p><?php _e('By default WordPress uses web <abbr title="Universal Resource Locator">URL</abbr>s which have question marks and lots of numbers in them, however WordPress offers you the ability to create a custom URL structure for your permalinks and archives. This can improve the aesthetics, usability, and forward-compatibility of your links. A <a href="http://codex.wordpress.org/Using_Permalinks">number of tags are available</a>, and here are some examples to get you started.'); ?></p> 
    175175 
    printf( __('If you like, you may enter custom structures for your category and t 
    255255                if ( file_exists($home_path . 'web.config') ) : ?> 
    256256<p><?php _e('If your <code>web.config</code> file were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn&#8217;t so this is the url rewrite rule you should have in your <code>web.config</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all. Then insert this rule inside of the <code>/&lt;configuration&gt;/&lt;system.webServer&gt;/&lt;rewrite&gt;/&lt;rules&gt;</code> element in <code>web.config</code> file.') ?></p> 
    257257<form action="options-permalink.php" method="post"> 
    258 <?php wp_nonce_field('update-permalink') ?> 
     258        <?php wp_nonce_field( array( 'action' => 'update-permalink' ) ); ?> 
    259259        <p><textarea rows="9" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_textarea( $wp_rewrite->iis7_url_rewrite_rules() ); ?></textarea></p> 
    260260</form> 
    261261<p><?php _e('If you temporarily make your <code>web.config</code> file writable for us to generate rewrite rules automatically, do not forget to revert the permissions after rule has been saved.') ?></p> 
    262262                <?php else : ?> 
    263263<p><?php _e('If the root directory of your site were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn&#8217;t so this is the url rewrite rule you should have in your <code>web.config</code> file. Create a new file, called <code>web.config</code> in the root directory of your site. Click in the field and press <kbd>CTRL + a</kbd> to select all. Then insert this code into the <code>web.config</code> file.') ?></p> 
    264264<form action="options-permalink.php" method="post"> 
    265 <?php wp_nonce_field('update-permalink') ?> 
     265        <?php wp_nonce_field( array( 'action' => 'update-permalink' ) ); ?> 
    266266        <p><textarea rows="18" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_textarea( $wp_rewrite->iis7_url_rewrite_rules(true) ); ?></textarea></p> 
    267267</form> 
    268268<p><?php _e('If you temporarily make your site&#8217;s root directory writable for us to generate the <code>web.config</code> file automatically, do not forget to revert the permissions after the file has been created.') ?></p> 
    printf( __('If you like, you may enter custom structures for your category and t 
    272272        if ( $permalink_structure && ! $usingpi && ! $writable ) : ?> 
    273273<p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Changing_File_Permissions">writable</a>, we could do this automatically, but it isn&#8217;t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p> 
    274274<form action="options-permalink.php" method="post"> 
    275 <?php wp_nonce_field('update-permalink') ?> 
     275        <?php wp_nonce_field( array( 'action' => 'update-permalink' ) ); ?> 
    276276        <p><textarea rows="6" class="large-text readonly" name="rules" id="rules" readonly="readonly"><?php echo esc_textarea( $wp_rewrite->mod_rewrite_rules() ); ?></textarea></p> 
    277277</form> 
    278278        <?php endif; ?> 
  • wp-admin/options.php

    diff --git wp-admin/options.php wp-admin/options.php
    index 92ae917..fb0a3e6 100644
    include('./admin-header.php'); ?> 
    178178<?php screen_icon(); ?> 
    179179  <h2><?php esc_html_e('All Settings'); ?></h2> 
    180180  <form name="form" action="options.php" method="post" id="all-options"> 
    181   <?php wp_nonce_field('options-options') ?> 
     181  <?php wp_nonce_field( array( 'action' => 'options-options' ) ); ?> 
    182182  <input type="hidden" name="action" value="update" /> 
    183183  <input type='hidden' name='option_page' value='options' /> 
    184184  <table class="form-table"> 
  • wp-admin/plugin-editor.php

    diff --git wp-admin/plugin-editor.php wp-admin/plugin-editor.php
    index 3ab0225..65ae4b0 100644
    foreach ( $plugin_files as $plugin_file ) : 
    226226        </ul> 
    227227</div> 
    228228<form name="template" id="template" action="plugin-editor.php" method="post"> 
    229         <?php wp_nonce_field('edit-plugin_' . $file) ?> 
     229        <?php wp_nonce_field( array( 'action' => 'edit-plugin_' . $file ) ); ?> 
    230230                <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" aria-describedby="newcontent-description"><?php echo $content; ?></textarea> 
    231231                <input type="hidden" name="action" value="update" /> 
    232232                <input type="hidden" name="file" value="<?php echo esc_attr($file) ?>" /> 
  • wp-admin/plugins.php

    diff --git wp-admin/plugins.php wp-admin/plugins.php
    index 7fc3036..a46fd92 100644
    if ( $action ) { 
    294294                                                foreach ( (array) $plugins as $plugin ) 
    295295                                                        echo '<input type="hidden" name="checked[]" value="' . esc_attr($plugin) . '" />'; 
    296296                                        ?> 
    297                                         <?php wp_nonce_field('bulk-plugins') ?> 
     297                                        <?php wp_nonce_field( array( 'action' => 'bulk-plugins' ) ); ?> 
    298298                                        <?php submit_button( $data_to_delete ? __( 'Yes, Delete these files and data' ) : __( 'Yes, Delete these files' ), 'button', 'submit', false ); ?> 
    299299                                </form> 
    300300                                <form method="post" action="<?php echo esc_url(wp_get_referer()); ?>" style="display:inline;"> 
  • wp-admin/press-this.php

    diff --git wp-admin/press-this.php wp-admin/press-this.php
    index 6542fa3..cbda889 100644
    $admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( 
    444444<div id="poststuff" class="metabox-holder"> 
    445445        <div id="side-sortables" class="press-this-sidebar"> 
    446446                <div class="sleeve"> 
    447                         <?php wp_nonce_field('press-this') ?> 
     447                        <?php wp_nonce_field( array( 'action' => 'press-this' ) ); ?> 
    448448                        <input type="hidden" name="post_type" id="post_type" value="text"/> 
    449449                        <input type="hidden" name="autosave" id="autosave" /> 
    450450                        <input type="hidden" id="original_post_status" name="original_post_status" value="draft" /> 
    $admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( 
    529529                                                                </label> 
    530530                                                                <?php wp_dropdown_categories( array( 'taxonomy' => 'category', 'hide_empty' => 0, 'name' => 'newcategory_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '&mdash; ' . $tax->labels->parent_item . ' &mdash;' ) ); ?> 
    531531                                                                <input type="button" id="category-add-submit" data-wp-lists="add:categorychecklist:category-add" class="button category-add-submit" value="<?php echo esc_attr( $tax->labels->add_new_item ); ?>" /> 
    532                                                                 <?php wp_nonce_field( 'add-category', '_ajax_nonce-add-category', false ); ?> 
     532                                                                <?php wp_nonce_field( array( 'action' => 'add-category', 
     533                                                                                                                         'name' => '_ajax_nonce-add-category', 
     534                                                                                                                         'referrer' => false ) ); ?> 
    533535                                                                <span id="category-ajax-response"></span> 
    534536                                                        </p> 
    535537                                                </div> 
  • wp-admin/theme-editor.php

    diff --git wp-admin/theme-editor.php wp-admin/theme-editor.php
    index c9adabe..6f5fa5a 100644
    if ( $allowed_files ) : 
    198198        echo '<div class="error"><p>' . __('Oops, no such file exists! Double check the name and try again, merci.') . '</p></div>'; 
    199199else : ?> 
    200200        <form name="template" id="template" action="theme-editor.php" method="post"> 
    201         <?php wp_nonce_field( 'edit-theme_' . $file . $stylesheet ); ?> 
     201        <?php wp_nonce_field( array( 'action' => 'edit-theme_' . $file . $stylesheet ) ); ?> 
    202202                <div><textarea cols="70" rows="30" name="newcontent" id="newcontent" aria-describedby="newcontent-description"><?php echo $content; ?></textarea> 
    203203                <input type="hidden" name="action" value="update" /> 
    204204                <input type="hidden" name="file" value="<?php echo esc_attr( $relative_file ); ?>" /> 
  • wp-admin/update-core.php

    diff --git wp-admin/update-core.php wp-admin/update-core.php
    index a45b9be..4842db8 100644
    function list_core_update( $update ) { 
    6868        echo $message; 
    6969        echo '</p>'; 
    7070        echo '<form method="post" action="' . $form_action . '" name="upgrade" class="upgrade">'; 
    71         wp_nonce_field('upgrade-core'); 
     71        wp_nonce_field( array( 'action' => 'upgrade-core' ) ); 
    7272        echo '<p>'; 
    7373        echo '<input name="version" value="'. esc_attr($update->current) .'" type="hidden"/>'; 
    7474        echo '<input name="locale" value="'. esc_attr($update->locale) .'" type="hidden"/>'; 
    function list_plugin_updates() { 
    189189<h3><?php _e( 'Plugins' ); ?></h3> 
    190190<p><?php _e( 'The following plugins have new versions available. Check the ones you want to update and then click &#8220;Update Plugins&#8221;.' ); ?></p> 
    191191<form method="post" action="<?php echo $form_action; ?>" name="upgrade-plugins" class="upgrade"> 
    192 <?php wp_nonce_field('upgrade-core'); ?> 
     192<?php wp_nonce_field( array( 'action' => 'upgrade-core' ) ); ?> 
    193193<p><input id="upgrade-plugins" class="button" type="submit" value="<?php esc_attr_e('Update Plugins'); ?>" name="upgrade" /></p> 
    194194<table class="widefat" cellspacing="0" id="update-plugins-table"> 
    195195        <thead> 
    function list_theme_updates() { 
    267267<p><?php _e( 'The following themes have new versions available. Check the ones you want to update and then click &#8220;Update Themes&#8221;.' ); ?></p> 
    268268<p><?php printf( __('<strong>Please Note:</strong> Any customizations you have made to theme files will be lost. Please consider using <a href="%s">child themes</a> for modifications.'), _x('http://codex.wordpress.org/Child_Themes', 'Link used in suggestion to use child themes in GUU') ); ?></p> 
    269269<form method="post" action="<?php echo $form_action; ?>" name="upgrade-themes" class="upgrade"> 
    270 <?php wp_nonce_field('upgrade-core'); ?> 
     270<?php wp_nonce_field( array( 'action' => 'upgrade-core' ) ); ?> 
    271271<p><input id="upgrade-themes" class="button" type="submit" value="<?php esc_attr_e('Update Themes'); ?>" name="upgrade" /></p> 
    272272<table class="widefat" cellspacing="0" id="update-themes-table"> 
    273273        <thead> 
  • wp-admin/user-edit.php

    diff --git wp-admin/user-edit.php wp-admin/user-edit.php
    index eadc1f0..e70de0a 100644
    if ( ! IS_PROFILE_PAGE ) { 
    190190</h2> 
    191191 
    192192<form id="your-profile" action="<?php echo esc_url( self_admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ) ); ?>" method="post"<?php do_action('user_edit_form_tag'); ?>> 
    193 <?php wp_nonce_field('update-user_' . $user_id) ?> 
     193<?php wp_nonce_field( array( 'action' => 'update-user_' . $user_id ) ); ?> 
    194194<?php if ( $wp_http_referer ) : ?> 
    195195        <input type="hidden" name="wp_http_referer" value="<?php echo esc_url($wp_http_referer); ?>" /> 
    196196<?php endif; ?> 
  • wp-admin/user-new.php

    diff --git wp-admin/user-new.php wp-admin/user-new.php
    index f9616a2..e35b2b8 100644
    if ( is_multisite() ) { 
    269269?> 
    270270<form action="" method="post" name="adduser" id="adduser" class="validate"<?php do_action('user_new_form_tag');?>> 
    271271<input name="action" type="hidden" value="adduser" /> 
    272 <?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?> 
     272<?php wp_nonce_field( array( 'action' => 'add-user', 
     273                                                         'name'   => '_wpnonce_add-user' ) ); ?> 
    273274 
    274275<table class="form-table"> 
    275276        <tr class="form-field form-required"> 
    if ( current_user_can( 'create_users') ) { 
    302303<p><?php _e('Create a brand new user and add it to this site.'); ?></p> 
    303304<form action="" method="post" name="createuser" id="createuser" class="validate"<?php do_action('user_new_form_tag');?>> 
    304305<input name="action" type="hidden" value="createuser" /> 
    305 <?php wp_nonce_field( 'create-user', '_wpnonce_create-user' ) ?> 
     306<?php wp_nonce_field( array( 'action' => 'create-user', 
     307                                                         'name' => '_wpnonce_create-user' ) ); ?> 
    306308<?php 
    307309// Load up the passed data, else set to a default. 
    308310foreach ( array( 'user_login' => 'login', 'first_name' => 'firstname', 'last_name' => 'lastname', 
  • wp-admin/users.php

    diff --git wp-admin/users.php wp-admin/users.php
    index 6ea1765..1345786 100644
    case 'delete': 
    211211        include ('admin-header.php'); 
    212212?> 
    213213<form action="" method="post" name="updateusers" id="updateusers"> 
    214 <?php wp_nonce_field('delete-users') ?> 
     214<?php wp_nonce_field( array( 'action' => 'delete-users' ) ); ?> 
    215215<?php echo $referer; ?> 
    216216 
    217217<div class="wrap"> 
    case 'remove': 
    316316        include ('admin-header.php'); 
    317317?> 
    318318<form action="" method="post" name="updateusers" id="updateusers"> 
    319 <?php wp_nonce_field('remove-users') ?> 
     319<?php wp_nonce_field( array( 'action' => 'remove-users' ) ); ?> 
    320320<?php echo $referer; ?> 
    321321 
    322322<div class="wrap"> 
  • wp-admin/widgets.php

    diff --git wp-admin/widgets.php wp-admin/widgets.php
    index 3e0b146..ecc1d37 100644
    if ( isset($_GET['editwidget']) && $_GET['editwidget'] ) { 
    281281        <input type="hidden" name="widget-id" class="widget-id" value="<?php echo esc_attr($widget_id); ?>" /> 
    282282        <input type="hidden" name="id_base" class="id_base" value="<?php echo esc_attr($id_base); ?>" /> 
    283283        <input type="hidden" name="multi_number" class="multi_number" value="<?php echo esc_attr($multi_number); ?>" /> 
    284 <?php   wp_nonce_field("save-delete-widget-$widget_id"); ?> 
     284        <?php wp_nonce_field( array( 'action' => "save-delete-widget-$widget_id" ) ); ?> 
    285285        <br class="clear" /> 
    286286        </div> 
    287287        </form> 
    foreach ( $wp_registered_sidebars as $sidebar => $registered_sidebar ) { 
    389389</div> 
    390390</div> 
    391391<form action="" method="post"> 
    392 <?php wp_nonce_field( 'save-sidebar-widgets', '_wpnonce_widgets', false ); ?> 
     392<?php wp_nonce_field( array( 'action' => 'save-sidebar-widgets', 
     393                                                         'name' => '_wpnonce_widgets', 
     394                                                         'referrer' => false ) ); ?> 
    393395</form> 
    394396<br class="clear" /> 
    395397</div> 
  • wp-includes/class-wp-editor.php

    diff --git wp-includes/class-wp-editor.php wp-includes/class-wp-editor.php
    index 38ab7c2..3dc0fec 100644
    final class _WP_Editors { 
    809809        ?> 
    810810        <div style="display:none;"> 
    811811        <form id="wp-link" tabindex="-1"> 
    812         <?php wp_nonce_field( 'internal-linking', '_ajax_linking_nonce', false ); ?> 
     812        <?php wp_nonce_field( array( 'action' => 'internal-linking', 
     813                                                                 'name' => '_ajax_linking_nonce', 
     814                                                                 'id' => '_ajax_linking_nonce', 
     815                                                                 'referrer' => false ) ); ?> 
    813816        <div id="link-selector"> 
    814817                <div id="link-options"> 
    815818                        <p class="howto"><?php _e( 'Enter the destination URL' ); ?></p> 
  • wp-includes/comment-template.php

    diff --git wp-includes/comment-template.php wp-includes/comment-template.php
    index 8be25e1..100e9ca 100644
    function wp_comment_form_unfiltered_html_nonce() { 
    814814        $post_id = $post ? $post->ID : 0; 
    815815 
    816816        if ( current_user_can( 'unfiltered_html' ) ) { 
    817                 wp_nonce_field( 'unfiltered-html-comment_' . $post_id, '_wp_unfiltered_html_comment_disabled', false ); 
     817                wp_nonce_field( array( 'action' => 'unfiltered-html-comment_' . $post_id, 
     818                                                           'name' => '_wp_unfiltered_html_comment_disabled', 
     819                                                           'id' => '_wp_unfiltered_html_comment_disabled', 
     820                                                           'referrer' => false ) ); 
    818821                echo "<script>(function(){if(window===window.parent){document.getElementById('_wp_unfiltered_html_comment_disabled').name='_wp_unfiltered_html_comment';}})();</script>\n"; 
    819822        } 
    820823} 
  • wp-includes/functions.php

    diff --git wp-includes/functions.php wp-includes/functions.php
    index 17bd70a..2784e7d 100644
    function wp_nonce_url( $actionurl, $action = -1 ) { 
    11701170 * offer absolute protection, but should protect against most cases. It is very 
    11711171 * important to use nonce field in forms. 
    11721172 * 
    1173  * The $action and $name are optional, but if you want to have better security, 
    1174  * it is strongly suggested to set those two parameters. It is easier to just 
     1173 * The following optional settings can be used with this method: 
     1174 * 
     1175 * action - A unique name included in the nonce hash (for better security). 
     1176 * name - The input field name, defaults to "_wpnonce". 
     1177 * id - Used as the input element id if desired. 
     1178 * referrer - Referrer field is used for validation, defaults to true. 
     1179 * echo - Output is displayed, defaults to true. Returns the output if false. 
     1180 * 
     1181 * While action is optional, it is strongly recommended to set this option to a 
     1182 * unique value for every form for better security. It is easier to just 
    11751183 * call the function without any parameters, because validation of the nonce 
    1176  * doesn't require any parameters, but since crackers know what the default is 
     1184 * doesn't require any parameters, but since crackers know what the default is, 
    11771185 * it won't be difficult for them to find a way around your nonce and cause 
    11781186 * damage. 
    11791187 * 
    1180  * The input name will be whatever $name value you gave. The input value will be 
    1181  * the nonce creation value. 
    1182  * 
    11831188 * @package WordPress 
    11841189 * @subpackage Security 
    11851190 * @since 2.0.4 
    11861191 * 
    1187  * @param string $action Optional. Action name. 
    1188  * @param string $name Optional. Nonce name. 
    1189  * @param bool $referer Optional, default true. Whether to set the referer field for validation. 
    1190  * @param bool $echo Optional, default true. Whether to display or return hidden form field. 
    1191  * @return string Nonce field. 
     1192 * @param array $options Optional settings for the nonce field, see description. 
     1193 * 
     1194 * @return string HTML nonce field to be used in a form. 
    11921195 */ 
    1193 function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) { 
    1194         $name = esc_attr( $name ); 
    1195         $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />'; 
     1196function wp_nonce_field( $options = array() ) { 
     1197        $defaults = array( 
     1198                'action'   => -1, 
     1199                'name'     => '_wpnonce', 
     1200                'id'       => '', 
     1201                'referrer' => true, 
     1202                'echo'     => true 
     1203        ); 
    11961204 
    1197         if ( $referer ) 
     1205        // WordPress 3.5 compatibility layer: 
     1206        // Arguments: $action = -1, $name = "_wpnonce", $referer = true, $echo = true 
     1207        // The $name parameter was also used for id. 
     1208        if ( ! is_array( $options ) || 0 == func_num_args() ) { 
     1209                _deprecated_argument( __FUNCTION__, '3.6', 'Please see the documentation on how to pass the necessary options to this function.' ); 
     1210                $old_args = func_get_args(); 
     1211                $options = array( 'name' => '_wpnonce' ); 
     1212                if ( isset( $old_args[0] ) ) $options['action']   = $old_args[0]; 
     1213                if ( isset( $old_args[1] ) ) $options['name']     = $old_args[1]; 
     1214                if ( isset( $old_args[2] ) ) $options['referrer'] = $old_args[2]; 
     1215                if ( isset( $old_args[3] ) ) $options['echo']     = $old_args[3]; 
     1216                $options['id'] = $options['name']; 
     1217        } 
     1218 
     1219        $options = wp_parse_args( $options, $defaults ); 
     1220 
     1221        $nonce_field = '<input type="hidden"'; 
     1222        if ( ! empty( $options['id'] ) ) { 
     1223                $nonce_field .= ' id="' . esc_attr( $options['id'] ) . '"'; 
     1224        } 
     1225        $nonce_field .= ' name="' . esc_attr( $options['name'] ) . '"'; 
     1226        $nonce_field .= ' value="' . esc_attr( wp_create_nonce( $options['action'] ) ) . '" />'; 
     1227 
     1228        if ( $options['referrer'] ) 
    11981229                $nonce_field .= wp_referer_field( false ); 
    11991230 
    1200         if ( $echo ) 
     1231        if ( $options['echo'] ) 
    12011232                echo $nonce_field; 
    12021233 
    12031234        return $nonce_field; 
  • wp-includes/ms-functions.php

    diff --git wp-includes/ms-functions.php wp-includes/ms-functions.php
    index 0f6794b..2df5e28 100644
    function upload_is_file_too_big( $upload ) { 
    16211621function signup_nonce_fields() { 
    16221622        $id = mt_rand(); 
    16231623        echo "<input type='hidden' name='signup_form_id' value='{$id}' />"; 
    1624         wp_nonce_field('signup_form_' . $id, '_signup_form', false); 
     1624        wp_nonce_field( array( 'action' => 'signup_form_' . $id, 
     1625                                                   'name'=> '_signup_form', 
     1626                                                   'referrer' => false ) ); 
    16251627} 
    16261628 
    16271629/**