wp_verify_nonce example

$plugin    = null;
    $theme     = null;
    $real_file = null;

    if ( ! empty( $args['plugin'] ) ) {
        $plugin = $args['plugin'];

        if ( ! current_user_can( 'edit_plugins' ) ) {
            return new WP_Error( 'unauthorized', __( 'Sorry, you are not allowed to edit plugins for this site.' ) );
        }

        if ( ! wp_verify_nonce( $args['nonce'], 'edit-plugin_' . $file ) ) {
            return new WP_Error( 'nonce_failure' );
        }

        if ( ! array_key_exists( $pluginget_plugins() ) ) {
            return new WP_Error( 'invalid_plugin' );
        }

        if ( 0 !== validate_file( $fileget_plugin_files( $plugin ) ) ) {
            return new WP_Error( 'bad_plugin_file_path', __( 'Sorry, that file cannot be edited.' ) );
        }

        
/** * Filters the latest content for preview from the post autosave. * * @since 2.7.0 * @access private */
function _show_post_preview() {
    if ( isset( $_GET['preview_id'] ) && isset( $_GET['preview_nonce'] ) ) {
        $id = (int) $_GET['preview_id'];

        if ( false === wp_verify_nonce( $_GET['preview_nonce'], 'post_preview_' . $id ) ) {
            wp_die( __( 'Sorry, you are not allowed to preview drafts.' ), 403 );
        }

        add_filter( 'the_preview', '_set_preview' );
    }
}

/** * Filters terms lookup to set the post format. * * @since 3.6.0 * @access private * * @param array $terms * @param int $post_id * @param string $taxonomy * @return array */
case 'beta':
                $args['browse'] = $tab;
                break;
            case 'recommended':
                $args['browse'] = $tab;
                // Include the list of installed plugins so we can get relevant results.                 $args['installed_plugins'] = array_keys( $installed_plugins );
                break;

            case 'favorites':
                $action = 'save_wporg_username_' . get_current_user_id();
                if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] )$action ) ) {
                    $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );

                    // If the save url parameter is passed with a falsey value, don't save the favorite user.                     if ( ! isset( $_GET['save'] ) || $_GET['save'] ) {
                        update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
                    }
                } else {
                    $user = get_user_option( 'wporg_favorites' );
                }
                if ( $user ) {
                    $args['user'] = $user;
                }
$comment['permalink']    = get_permalink( $comment['comment_post_ID'] );

        if ( ! empty( $comment['user_ID'] ) ) {
            $comment['user_role'] = Akismet::get_user_roles( $comment['user_ID'] );
        }

        /** See filter documentation in init_hooks(). */
        $akismet_nonce_option = apply_filters( 'akismet_comment_nonce', get_option( 'akismet_comment_nonce' ) );
        $comment['akismet_comment_nonce'] = 'inactive';
        if ( $akismet_nonce_option == 'true' || $akismet_nonce_option == '' ) {
            $comment['akismet_comment_nonce'] = 'failed';
            if ( isset( $_POST['akismet_comment_nonce'] ) && wp_verify_nonce( $_POST['akismet_comment_nonce'], 'akismet_comment_nonce_' . $comment['comment_post_ID'] ) )
                $comment['akismet_comment_nonce'] = 'passed';

            // comment reply in wp-admin             if ( isset( $_POST['_ajax_nonce-replyto-comment'] ) && check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ) )
                $comment['akismet_comment_nonce'] = 'passed';

        }

        if ( self::is_test_mode() )
            $comment['is_test'] = 'true';

        

    function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
        if ( -1 === $action ) {
            _doing_it_wrong( __FUNCTION__, __( 'You should specify an action to be verified by using the first parameter.' ), '3.2.0' );
        }

        $adminurl = strtolower( admin_url() );
        $referer  = strtolower( wp_get_referer() );
        $result   = isset( $_REQUEST[ $query_arg ] ) ? wp_verify_nonce( $_REQUEST[ $query_arg ]$action ) : false;

        /** * Fires once the admin request has been validated or not. * * @since 1.5.1 * * @param string $action The nonce action. * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. */
        do_action( 'check_admin_referer', $action$result );

        

function signup_nonce_check( $result ) {
    if ( ! strpos( $_SERVER['PHP_SELF'], 'wp-signup.php' ) ) {
        return $result;
    }

    if ( ! wp_verify_nonce( $_POST['_signup_form'], 'signup_form_' . $_POST['signup_form_id'] ) ) {
        $result['errors']->add( 'invalid_nonce', __( 'Unable to submit this form, please try again.' ) );
    }

    return $result;
}

/** * Corrects 404 redirects when NOBLOGREDIRECT is defined. * * @since MU (3.0.0) */
 elseif ( 'resuming' === $_GET['error'] ) {
        $errmsg = __( 'Plugin could not be resumed because it triggered a <strong>fatal error</strong>.' );
    } else {
        $errmsg = __( 'Plugin could not be activated because it triggered a <strong>fatal error</strong>.' );
    }

    ?> <div id="message" class="error"><p><?php echo $errmsg; ?></p> <?php
    if ( ! isset( $_GET['main'] ) && ! isset( $_GET['charsout'] )
        && isset( $_GET['_error_nonce'] ) && wp_verify_nonce( $_GET['_error_nonce'], 'plugin-activation-error_' . $plugin )
    ) {
        $iframe_url = add_query_arg(
            array(
                'action'   => 'error_scrape',
                'plugin'   => urlencode( $plugin ),
                '_wpnonce' => urlencode( $_GET['_error_nonce'] ),
            ),
            admin_url( 'plugins.php' )
        );

        ?>

    public function step() {
        if ( ! isset( $_GET['step'] ) ) {
            return 1;
        }

        $step = (int) $_GET['step'];
        if ( $step < 1 || 3 < $step ||
            ( 2 === $step && ! wp_verify_nonce( $_REQUEST['_wpnonce-custom-header-upload'], 'custom-header-upload' ) ) ||
            ( 3 === $step && ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'custom-header-crop-image' ) )
        ) {
            return 1;
        }

        return $step;
    }

    /** * Sets up the enqueue for the JavaScript files. * * @since 2.1.0 */
$inline_js = array(
                'comment_author_url_nonce' => wp_create_nonce( 'comment_author_url_nonce' ),
                'strings' => array(
                    'Remove this URL' => __( 'Remove this URL' , 'akismet'),
                    'Removing...'     => __( 'Removing...' , 'akismet'),
                    'URL removed'     => __( 'URL removed' , 'akismet'),
                    '(undo)'          => __( '(undo)' , 'akismet'),
                    'Re-adding...'    => __( 'Re-adding...' , 'akismet'),
                )
            );

            if ( isset( $_GET['akismet_recheck'] ) && wp_verify_nonce( $_GET['akismet_recheck'], 'akismet_recheck' ) ) {
                $inline_js['start_recheck'] = true;
            }

            if ( apply_filters( 'akismet_enable_mshots', true ) ) {
                $inline_js['enable_mshots'] = true;
            }

            wp_localize_script( 'akismet.js', 'WPAkismet', $inline_js );
        }
    }

    
if ( empty( $user->display_name ) ) {
            $user->display_name = $user->user_login;
        }

        $comment_author       = $user->display_name;
        $comment_author_email = $user->user_email;
        $comment_author_url   = $user->user_url;
        $user_id              = $user->ID;

        if ( current_user_can( 'unfiltered_html' ) ) {
            if ( ! isset( $comment_data['_wp_unfiltered_html_comment'] )
                || ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_id )
            ) {
                kses_remove_filters(); // Start with a clean slate.                 kses_init_filters();   // Set up the filters.                 remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
                add_filter( 'pre_comment_content', 'wp_filter_kses' );
            }
        }
    } else {
        if ( get_option( 'comment_registration' ) ) {
            return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to comment.' ), 403 );
        }
    }


        if ( ! $this->is_active() ) {
            wp_safe_redirect( $redirect_to );
            die;
        }

        if ( ! isset( $_GET['action'] ) || self::EXIT_ACTION !== $_GET['action'] ) {
            return;
        }

        if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], self::EXIT_ACTION ) ) {
            wp_die( __( 'Exit recovery mode link expired.' ), 403 );
        }

        if ( ! $this->exit_recovery_mode() ) {
            wp_die( __( 'Failed to exit recovery mode. Please try again later.' ) );
        }

        wp_safe_redirect( $redirect_to );
        die;
    }

    

function wp_ajax_heartbeat() {
    if ( empty( $_POST['_nonce'] ) ) {
        wp_send_json_error();
    }

    $response    = array();
    $data        = array();
    $nonce_state = wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' );

    // 'screen_id' is the same as $current_screen->id and the JS global 'pagenow'.     if ( ! empty( $_POST['screen_id'] ) ) {
        $screen_id = sanitize_key( $_POST['screen_id'] );
    } else {
        $screen_id = 'front';
    }

    if ( ! empty( $_POST['data'] ) ) {
        $data = wp_unslash( (array) $_POST['data'] );
    }

    

function wp_autosave( $post_data ) {
    // Back-compat.     if ( ! defined( 'DOING_AUTOSAVE' ) ) {
        define( 'DOING_AUTOSAVE', true );
    }

    $post_id              = (int) $post_data['post_id'];
    $post_data['ID']      = $post_id;
    $post_data['post_ID'] = $post_id;

    if ( false === wp_verify_nonce( $post_data['_wpnonce'], 'update-post_' . $post_id ) ) {
        return new WP_Error( 'invalid_nonce', __( 'Error while saving.' ) );
    }

    $post = get_post( $post_id );

    if ( ! current_user_can( 'edit_post', $post->ID ) ) {
        return new WP_Error( 'edit_posts', __( 'Sorry, you are not allowed to edit this item.' ) );
    }

    if ( 'auto-draft' === $post->post_status ) {
        $post_data['post_status'] = 'draft';
    }

        $remind_interval = (int) apply_filters( 'admin_email_remind_interval', 3 * DAY_IN_SECONDS );

        if ( ! empty( $_GET['remind_me_later'] ) ) {
            if ( ! wp_verify_nonce( $_GET['remind_me_later'], 'remind_me_later_nonce' ) ) {
                wp_safe_redirect( wp_login_url() );
                exit;
            }

            if ( $remind_interval > 0 ) {
                update_option( 'admin_email_lifespan', time() + $remind_interval );
            }

            $redirect_to = add_query_arg( 'admin_email_remind_later', 1, $redirect_to );
            wp_safe_redirect( $redirect_to );
            exit;
        }
<?php _ex( 'Block Themes', 'themes' ); ?></a></li> <li><a href="#" data-sort="favorites"><?php _ex( 'Favorites', 'themes' ); ?></a></li> </ul> <button type="button" class="button drawer-toggle" aria-expanded="false"><?php _e( 'Feature Filter' ); ?></button> <form class="search-form"></form> <div class="favorites-form"> <?php             $action = 'save_wporg_username_' . get_current_user_id();
            if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] )$action ) ) {
                $user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
                update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
            } else {
                $user = get_user_option( 'wporg_favorites' );
            }
            ?> <p class="install-help"><?php _e( 'If you have marked themes as favorites on WordPress.org, you can browse them here.' ); ?></p> <p> <label for="wporg-username-input"><?php _e( 'Your WordPress.org username:' ); ?></label> <input type="hidden" id="wporg-username-nonce" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( $action ) ); ?>" /> <input type="search" id="wporg-username-input" value="
Home | Imprint | This part of the site doesn't use cookies.