check_admin_referer

Makes sure that a user was referred from another admin page.

Description

(false|int) check_admin_referer( (int) $action = -1, (string) $query_arg = '_wpnonce' ); 

To avoid security exploits.

Returns (false|int)

False if the nonce is invalid, 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.

Parameters (2)

0. $action — Optional. (int) => -1
Action nonce.
1. $query_arg — Optional. (string) => '_wpnonce'
Key to check for nonce in $_REQUEST (since 2.5). Default _wpnonce..

Usage

  1. if ( !function_exists( 'check_admin_referer' ) ) { 
  2. require_once ABSPATH . WPINC . '/pluggable.php'; 
  3.  
  4. // Action nonce. 
  5. $action = -1; 
  6.  
  7. // Optional. Key to check for nonce in `$_REQUEST` (since 2.5). 
  8. // Default '_wpnonce'. 
  9. $query_arg = '_wpnonce'; 
  10.  
  11. // NOTICE! Understand what this does before running. 
  12. $result = check_admin_referer($action, $query_arg); 
  13.  

Defined (1)

The function is defined in the following location(s).

/wp-includes/pluggable.php  
  1. function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { 
  2. if ( -1 == $action ) 
  3. _doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '3.2.0' ); 
  4.  
  5. $adminurl = strtolower(admin_url()); 
  6. $referer = strtolower(wp_get_referer()); 
  7. $result = isset($_REQUEST[$query_arg]) ? wp_verify_nonce($_REQUEST[$query_arg], $action) : false; 
  8.  
  9. /** 
  10. * Fires once the admin request has been validated or not. 
  11. * @since 1.5.1 
  12. * @param string $action The nonce action. 
  13. * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between 
  14. * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. 
  15. */ 
  16. do_action( 'check_admin_referer', $action, $result ); 
  17.  
  18. if ( ! $result && ! ( -1 == $action && strpos( $referer, $adminurl ) === 0 ) ) { 
  19. wp_nonce_ays( $action ); 
  20. die(); 
  21.  
  22. return $result;