check_admin_referer

check_admin_referer ( $action = -1, $query_arg = '_wpnonce' )

Parameters:

(int|string) action The nonce action.
(string) query_arg Optional. Key to check for nonce in `$_REQUEST`. Default '_wpnonce'.

Returns:

(int|false) 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. False if the nonce is invalid.

Defined at:

wp-includes/pluggable.php, line 1272

Change Log:

2: .

Introduced in WordPress: 1.2.0
Deprecated in WordPress: —

Description

Ensures intent by verifying that a user was referred from another admin page with the correct security nonce.This function ensures the user intends to perform a given action, which helps protect against clickjacking style attacks. It verifies intent, not authorization, therefore it does not verify the user's capabilities. This should be performed with `current_user_can()` or similar. If the nonce value is invalid, the function will exit with an "Are You Sure?" style message.

Related Functions

check_ajax_referer, check_password_reset_key, check_upload_mimes, _get_admin_bar_pref, wp_admin_bar_header

wpseek mobile