Changeset 46505 for branches/3.7/src/wp-includes/pluggable.php
- Timestamp:
- 10/14/2019 07:31:55 PM (5 years ago)
- Location:
- branches/3.7
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.7
- Property svn:mergeinfo changed
/trunk merged: 46474-46478,46483,46485
- Property svn:mergeinfo changed
-
branches/3.7/src
- Property svn:mergeinfo changed
/trunk/src merged: 46474-46478,46483
- Property svn:mergeinfo changed
-
branches/3.7/src/wp-includes/pluggable.php
r45988 r46505 809 809 * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5) 810 810 */ 811 function check_admin_referer( $action = -1, $query_arg = '_wpnonce') {812 if ( -1 == $action )813 _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2 ' );811 function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { 812 if ( -1 === $action ) 813 _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' ); 814 814 815 815 $adminurl = strtolower(admin_url()); 816 816 $referer = strtolower(wp_get_referer()); 817 817 $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false; 818 if ( !$result && !(-1 == $action && strpos($referer, $adminurl) === 0) ) { 819 wp_nonce_ays($action); 818 819 /** 820 * Fires once the admin request has been validated or not. 821 * 822 * @since 1.5.1 823 * 824 * @param string $action The nonce action. 825 * @param bool $result Whether the admin request nonce was validated. 826 */ 827 do_action( 'check_admin_referer', $action, $result ); 828 829 if ( ! $result && ! ( -1 === $action && strpos( $referer, $adminurl ) === 0 ) ) { 830 wp_nonce_ays( $action ); 820 831 die(); 821 832 } 822 do_action('check_admin_referer', $action, $result); 833 823 834 return $result; 824 835 } … … 835 846 */ 836 847 function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) { 848 if ( -1 === $action ) 849 _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' ); 850 837 851 $nonce = ''; 838 852 … … 1812 1826 } 1813 1827 endif; 1814 1815 if ( ! function_exists( 'hash_equals' ) ) :1816 /**1817 * Compare two strings in constant time.1818 *1819 * This function is NOT pluggable. It is in this file (in addition to1820 * compat.php) to prevent errors if, during an update, pluggable.php1821 * copies over but compat.php does not.1822 *1823 * This function was added in PHP 5.6.1824 * It can leak the length of a string.1825 *1826 * @since 3.9.21827 *1828 * @param string $a Expected string.1829 * @param string $b Actual string.1830 * @return bool Whether strings are equal.1831 */1832 function hash_equals( $a, $b ) {1833 $a_length = strlen( $a );1834 if ( $a_length !== strlen( $b ) ) {1835 return false;1836 }1837 $result = 0;1838 1839 // Do not attempt to "optimize" this.1840 for ( $i = 0; $i < $a_length; $i++ ) {1841 $result |= ord( $a[ $i ] ) ^ ord( $b[ $i ] );1842 }1843 1844 return $result === 0;1845 }1846 endif;
Note: See TracChangeset
for help on using the changeset viewer.