check_admin_referer


check_admin_referer ( $action = -1, $query_arg = '_wpnonce' )

Parameters:
  • (int|string) $action The nonce action.
  • (string) $query_arg Optional. Key to check for nonce in `$_REQUEST`. Default '_wpnonce'.
Returns:
  • (false|int) False if the nonce is invalid, 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
Defined at:
Change Log:
  • 2: .

Description

Ensures intent by verifying that a user was referred from another admin page with the correct security nonce.

This function ensures the user intends to perform a given action, which helps protect against clickjacking style attacks. It verifies intent, not authorisation, therefore it does not verify the user's capabilities. This should be performed with current_user_can() or similar.

If the nonce value is invalid, the function will exit with an "Are You Sure?" style message.

Related Functions

check_ajax_referer, check_password_reset_key, check_upload_mimes, wp_admin_bar_render, _get_admin_bar_pref

Top Google Results

User discussions

wpseek mobile