WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
06/27/2006 10:57:49 PM (20 years ago)
Author:
ryan
Message:

wp_explain_nonce() and wp_nonce_ays(). Props mdawaffe. #2734

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.0/wp-includes/pluggable-functions.php

    r3927 r3936  
    230230if ( !function_exists('check_admin_referer') ) :
    231231function check_admin_referer($action = -1) {
    232     global $pagenow;
    233232    $adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
    234233    $referer = strtolower(wp_get_referer());
    235234    if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
    236235        !(-1 == $action && strstr($referer, $adminurl)) ) {
    237        
    238         $html  = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n";
    239         $html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n";
    240         $html .= "</head>\n<body>\n";
    241         // Remove extra layer of slashes.
    242         $_POST   = stripslashes_deep($_POST  );
    243         if ( $_POST ) {
    244             $q = http_build_query($_POST);
    245             $q = explode( ini_get('arg_separator.output'), $q);
    246             $html .= "\t<form method='post' action='$pagenow'>\n";
    247             foreach ( (array) $q as $a ) {
    248                 $v = substr(strstr($a, '='), 1);
    249                 $k = substr($a, 0, -(strlen($v)+1));
    250                 $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
    251             }
    252             $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
    253             $html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n";
    254         } else {
    255             $html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n";
    256         }
    257         $html .= "</body>\n</html>";
    258 
    259         die($html);
    260     }
    261     do_action('check_admin_referer');
    262 }endif;
     236        wp_nonce_ays($action);
     237        die();
     238    }
     239    do_action('check_admin_referer', $action);
     240}
     241endif;
    263242
    264243if ( !function_exists('check_ajax_referer') ) :
Note: See TracChangeset for help on using the changeset viewer.