Make WordPress Core

Changeset 33017


Ignore:
Timestamp:
07/01/2015 03:36:58 AM (9 years ago)
Author:
helen
Message:

Fire the check_admin_referer action on failure as well as success.

This enables things like logging nonce failures in the admin.

props markjaquith.
fixes #32207.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/pluggable.php

    r32969 r33017  
    10921092    $referer = strtolower(wp_get_referer());
    10931093    $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false;
    1094     if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) {
    1095         wp_nonce_ays($action);
    1096         die();
    1097     }
    10981094
    10991095    /**
     
    11071103     */
    11081104    do_action( 'check_admin_referer', $action, $result );
     1105
     1106    if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) {
     1107        wp_nonce_ays( $action );
     1108        die();
     1109    }
     1110
    11091111    return $result;
    11101112}
Note: See TracChangeset for help on using the changeset viewer.