check_admin_referer ( $action = -1, $query_arg = '_wpnonce' )
- (int|string) action The nonce action.
- (string) query_arg Optional. Key to check for nonce in `$_REQUEST`. Default '_wpnonce'.
Defined at:Change Log:
- (int|bool) 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. False if the nonce is invalid.
- Introduced in WordPress: 1.2.0
- Deprecated in WordPress: —
Ensures intent by verifying that a user was referred from another admin page with the correct security nonce.This function ensures the user intends to perform a given action, which helps protect against clickjacking style
attacks. It verifies intent, not authorisation, therefore it does not verify the user's capabilities. This should
be performed with `current_user_can()` or similar.
If the nonce value is invalid, the function will exit with an "Are You Sure?" style message.