Matt Fiddles

Life's so vast, there's just so much to do...

User Tools

Site Tools


Sidebar

"`Incidentally,' he said, `what does teleport mean?'
Another moment passed.
Slowly, the others turned to face him.
`Probably the wrong moment to ask,' said Arthur, `It's just I remember you use the word a short while ago and I only bring it up because...'
`Where,' said Ford quietly, `does it say teleport?'
`Well, just over here in fact,' said Arthur, pointing at a dark control box in the rear of the cabin, `Just under the word "emergency", above the word "system" and beside the
sign saying "out of order".'"

- Arthur finding an escape route from a certain death situation.



Where will you go today?

"`A curse,' said Slartibartfast, `which will engulf the Galaxy in fire and destruction, and possibly bring the Universe to a premature doom. I mean it,' he added.
`Sounds like a bad time,' said Ford, `with luck I'll be drunk enough not to notice.'"

- Ford ensuring everyone knew where his priorities lay.
Action disabled: source
computers:websites:wordpress:nonce-security

Wordpress nonce

These help to give security to WordPress.

wp_nonce_field( $action, $name, $referer, $echo )

Like this:

  <form method="post">
    <!-- some inputs here ... -->
    <?php wp_nonce_field( 'name_of_my_action', 'name_of_nonce_field' ); ?>
  </form>

Then we can verify it:

if ( 
    ! isset( $_POST['name_of_nonce_field'] ) 
    || ! wp_verify_nonce( $_POST['name_of_nonce_field'], 'name_of_my_action' ) 
) {
 
   print 'Sorry, your nonce did not verify.';
   exit;
 
} else {
 
   // process form data
}

Also, try using wp referer field() and wp_get_referer() to verify where the submission came from.

And for admin pages, use check_admin_referer();

WordPress Front End Security: CSRF and Nonces https://css-tricks.com/wordpress-front-end-security-csrf-and-nonces/

computers/websites/wordpress/nonce-security.txt · Last modified: Apr 5, 2015 (4 years ago) by Matt Bagley