wp_nonce_field (WordPress Function)

wp_nonce_field [ WordPress Function ]

wp_nonce_field ( $action = -1, $name = "_wpnonce", $referer = true, $echo = true )

Parameters:	(string) $action Optional. Action name. (string) $name Optional. Nonce name. (bool) $referer Optional, default true. Whether to set the referer field for validation. (bool) $echo Optional, default true. Whether to display or return hidden form field.
Returns:	(string) Nonce field.
Defined at:	wp-includes/functions.php, line 1187

Soorgelijke functies: signup_nonce_fields, wp_nonce_url, wp_nonce_tick, wp_nonce_ays, wp_referer_field

Retrieve or display nonce hidden field for forms.

The nonce field is used to validate that the contents of the form came from the location on the current site and not somewhere else. The nonce does not offer absolute protection, but should protect against most cases. It is very important to use nonce field in forms.

The $action and $name are optional, but if you want to have better security, it is strongly suggested to set those two parameters. It is easier to just call the function without any parameters, because validation of the nonce doesn't require any parameters, but since crackers know what the default is it won't be difficult for them to find a way around your nonce and cause damage.

The input name will be whatever $name value you gave. The input value will be the nonce creation value.

Source


<?php
function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) {
    $name = esc_attr( $name );
    $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />';

    if ( $referer )
        $nonce_field .= wp_referer_field( false );

    if ( $echo )
        echo $nonce_field;

    return $nonce_field;
}
?>

Examples [ wp-snippets.com ]

Top Google zoekresultaten

wp_nonce_field - WordPress Codex
Description. Retrieve or display nonce hidden field for forms. The nonce field is used to validate that the contents of the form came from the location on the ...
codex.wordpress.org
WordPress › Support » wp_nonce_field questions
Posted 1 year ago #. Hello i want to ask what these lines means ? I read that is for security, but from where is 'add-user' and why do i need the second line ?
wordpress.org
Improving security in Wordpress plugins using Nonces | Prelovac.com
For your forms you can use wp_nonce_field() which will output a hidden field with a nonce. Place the function somewhere inside your form.
www.prelovac.com
Why do I need to check if wp_nonce_field() exists before using it
Sep 11, 2010 ... Also notice how you are verifying that the wp_nonce_field function exists before trying to call it for backward compatibility. but wont it break ...
wordpress.stackexchange.com

Meer ...

Gebruikersdiscussies [ wordpress.org ]

Meer ... Een nieuw onderwerp schrijven ...

0 User Note(s)

Nieuw toevoegen ...

Geef a.u.b. geen commentaar als "Geweldig" of "Bedankt". Probeer behulpzame inhoud te geven aan je commentaar, zodat het anderen kan helpen bij het gebruiken van WordPress. Schrijf je commentaar bij voorkeur in het Engels. Toegestane Tags: <a> <b> <blockquote> <code> <em> <i> <strong>
Naam*:	Commentaar*:
E-Mail*:
Homepage:	Versturen

WordPress | Plugins

For WordPress

WordPress-related

WordPress | Sites & Services

wpseek.com
A WordPress-centric search engine for devs and theme authors