#5782 closed enhancement (fixed)
check_*_referer should be able to look for nonce in any query parameter
Reported by: | mdawaffe | Owned by: | |
---|---|---|---|
Milestone: | 2.5 | Priority: | normal |
Severity: | normal | Version: | |
Component: | General | Keywords: | has-patch needs-testing |
Focuses: | Cc: |
Description
Adding an optional parameter to check_admin_referer()
and check_ajax_referer()
allows more than nonce to be generated on one page, increasing the flexibility of nonce checking.
It also allows us to get rid of the problematic cookie code in check_ajax_referer()
and to rely solely on nonces.
Attached:
- Adds parameter.
- Converts autosave to use nonces for verification (the last holdout?).
- Removes cookie code from
check_ajax_referer()
. Good for core (we can make sure all of our other ajax actions use nonces). May break some plugins.
Attachments (1)
Change History (3)
Note: See
TracTickets for help on using
tickets.
s/more than nonce/more than one nonce/