Make WordPress Core

Opened 17 years ago

Closed 17 years ago

Last modified 17 years ago

#2800 closed enhancement (fixed)

wp_nonce_field() could pass along HTTP_REFERER info

Reported by: markjaquith's profile markjaquith Owned by: markjaquith's profile markjaquith
Milestone: Priority: normal
Severity: normal Version: 2.1
Component: Administration Keywords: has-patch 2nd-opinion
Focuses: Cc:


Sometimes we make use of the HTTP_REFERER in WordPress in order to redirect people after an action is performed.

Since all forms that do something use wp_nonce_field() anyway, we could just have wp_nonce_field echo out another hidden form input:

echo '<input type="hidden" name="wp_http_referer" value="'. wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';

Might be nice being able to count on that! I'd make it its own function, that wp_nonce_field would call.

Attachments (3)

2800.diff (1.4 KB) - added by robmiller 17 years ago.
2800.2.diff (1.3 KB) - added by robmiller 17 years ago.
Oops. This works :)
wp_referer.diff (2.0 KB) - added by markjaquith 17 years ago.
wp_referer 4

Download all attachments as: .zip

Change History (15)

#1 @westi
17 years ago

I like this.

We need to make check_admin_referer unset the value in the _POST array if the nonce check fails as we cannot trust the information then.

17 years ago

#2 @robmiller
17 years ago

This what we're after?

17 years ago

Oops. This works :)

#3 @markjaquith
17 years ago

Good start, but we also need to be able to carry a REF along multiple requests.


  1. do something, passing along ref to #1
  2. do something else, carring along ref to #1
  3. return to #1.

This would obviously be two different fields. I'll whip something up.

#4 @markjaquith
17 years ago

Something like this.

If your post will embark on a multiple-request journey before needing to return, you just manually invoke wp_original_referer_field() in the form. Forms in the interim only need to call the nonce call, and it'll pass on the original referer value. When you're ready for it, just call wp_get_original_referer() and you can zoom back to your starting location. An example case for that would be the new user editing stuff, whereby you return to the exact user search/browse page that you were on after you've performed multiple edits on a user's profile.

#5 @markjaquith
17 years ago

  • Keywords has-patch 2nd-opinion added
  • Owner changed from anonymous to markjaquith
  • Status changed from new to assigned

17 years ago

wp_referer 4

#6 @ryan
17 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [3908]) wp_get_referer() and friends from robmiller and markjaquith. fixes #2800

#7 @ryan
17 years ago

(In [3909]) wp_get_referer() and friends from robmiller and markjaquith. fixes #2800

#8 @ryan
17 years ago

  • Milestone changed from 2.1 to 2.0.4

I included a fix for #2853 when I committed this. Let's start spreading this to all places that use HTTP_REFERER. Now that referrers are not required to access the admin, people are tripping over redirect problems due to HTTP_REFERER being empty.

#9 @ryan
17 years ago

(In [3918]) Use wp_get_referer(). fixes #2800

#10 @ryan
17 years ago

(In [3919]) Have wp_referer_field() set the referer to the current page. fixes #2800

#11 @ryan
17 years ago

(In [3923]) Use wp_get_referer(). fixes #2800 #2855

#12 @(none)
17 years ago

  • Milestone 2.0.4 deleted

Milestone 2.0.4 deleted

Note: See TracTickets for help on using tickets.