CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
wp_verify_nonce example
$plugin = null;
$theme = null;
$real_file = null;
if ( ! empty( $args['plugin'] ) ) {
$plugin = $args['plugin'];
if ( ! current_user_can( 'edit_plugins' ) ) {
return new WP_Error( 'unauthorized', __( 'Sorry, you are not allowed to edit plugins for this site.' ) );
}
if ( ! wp_verify_nonce( $args['nonce'], 'edit-plugin_' . $file ) ) {
return new WP_Error( 'nonce_failure' );
}
if ( ! array_key_exists( $plugin, get_plugins() ) ) {
return new WP_Error( 'invalid_plugin' );
}
if ( 0 !== validate_file( $file, get_plugin_files( $plugin ) ) ) {
return new WP_Error( 'bad_plugin_file_path', __( 'Sorry, that file cannot be edited.' ) );
}
$theme = null;
$real_file = null;
if ( ! empty( $args['plugin'] ) ) {
$plugin = $args['plugin'];
if ( ! current_user_can( 'edit_plugins' ) ) {
return new WP_Error( 'unauthorized', __( 'Sorry, you are not allowed to edit plugins for this site.' ) );
}
if ( ! wp_verify_nonce( $args['nonce'], 'edit-plugin_' . $file ) ) {
return new WP_Error( 'nonce_failure' );
}
if ( ! array_key_exists( $plugin, get_plugins() ) ) {
return new WP_Error( 'invalid_plugin' );
}
if ( 0 !== validate_file( $file, get_plugin_files( $plugin ) ) ) {
return new WP_Error( 'bad_plugin_file_path', __( 'Sorry, that file cannot be edited.' ) );
}
/**
* Filters the latest content for preview from the post autosave.
*
* @since 2.7.0
* @access private
*/
function _show_post_preview() {
if ( isset( $_GET['preview_id'] ) && isset( $_GET['preview_nonce'] ) ) {
$id = (int) $_GET['preview_id'];
if ( false === wp_verify_nonce( $_GET['preview_nonce'], 'post_preview_' . $id ) ) {
wp_die( __( 'Sorry, you are not allowed to preview drafts.' ), 403 );
}
add_filter( 'the_preview', '_set_preview' );
}
}
/** * Filters terms lookup to set the post format. * * @since 3.6.0 * @access private * * @param array $terms * @param int $post_id * @param string $taxonomy * @return array */
function _show_post_preview() {
if ( isset( $_GET['preview_id'] ) && isset( $_GET['preview_nonce'] ) ) {
$id = (int) $_GET['preview_id'];
if ( false === wp_verify_nonce( $_GET['preview_nonce'], 'post_preview_' . $id ) ) {
wp_die( __( 'Sorry, you are not allowed to preview drafts.' ), 403 );
}
add_filter( 'the_preview', '_set_preview' );
}
}
/** * Filters terms lookup to set the post format. * * @since 3.6.0 * @access private * * @param array $terms * @param int $post_id * @param string $taxonomy * @return array */
case 'beta':
$args['browse'] = $tab;
break;
case 'recommended':
$args['browse'] = $tab;
// Include the list of installed plugins so we can get relevant results. $args['installed_plugins'] = array_keys( $installed_plugins );
break;
case 'favorites':
$action = 'save_wporg_username_' . get_current_user_id();
if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), $action ) ) {
$user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
// If the save url parameter is passed with a falsey value, don't save the favorite user. if ( ! isset( $_GET['save'] ) || $_GET['save'] ) {
update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
}
} else {
$user = get_user_option( 'wporg_favorites' );
}
if ( $user ) {
$args['user'] = $user;
}
$args['browse'] = $tab;
break;
case 'recommended':
$args['browse'] = $tab;
// Include the list of installed plugins so we can get relevant results. $args['installed_plugins'] = array_keys( $installed_plugins );
break;
case 'favorites':
$action = 'save_wporg_username_' . get_current_user_id();
if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), $action ) ) {
$user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
// If the save url parameter is passed with a falsey value, don't save the favorite user. if ( ! isset( $_GET['save'] ) || $_GET['save'] ) {
update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
}
} else {
$user = get_user_option( 'wporg_favorites' );
}
if ( $user ) {
$args['user'] = $user;
}
$comment['permalink'] = get_permalink( $comment['comment_post_ID'] );
if ( ! empty( $comment['user_ID'] ) ) {
$comment['user_role'] = Akismet::get_user_roles( $comment['user_ID'] );
}
/** See filter documentation in init_hooks(). */
$akismet_nonce_option = apply_filters( 'akismet_comment_nonce', get_option( 'akismet_comment_nonce' ) );
$comment['akismet_comment_nonce'] = 'inactive';
if ( $akismet_nonce_option == 'true' || $akismet_nonce_option == '' ) {
$comment['akismet_comment_nonce'] = 'failed';
if ( isset( $_POST['akismet_comment_nonce'] ) && wp_verify_nonce( $_POST['akismet_comment_nonce'], 'akismet_comment_nonce_' . $comment['comment_post_ID'] ) )
$comment['akismet_comment_nonce'] = 'passed';
// comment reply in wp-admin if ( isset( $_POST['_ajax_nonce-replyto-comment'] ) && check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ) )
$comment['akismet_comment_nonce'] = 'passed';
}
if ( self::is_test_mode() )
$comment['is_test'] = 'true';
if ( ! empty( $comment['user_ID'] ) ) {
$comment['user_role'] = Akismet::get_user_roles( $comment['user_ID'] );
}
/** See filter documentation in init_hooks(). */
$akismet_nonce_option = apply_filters( 'akismet_comment_nonce', get_option( 'akismet_comment_nonce' ) );
$comment['akismet_comment_nonce'] = 'inactive';
if ( $akismet_nonce_option == 'true' || $akismet_nonce_option == '' ) {
$comment['akismet_comment_nonce'] = 'failed';
if ( isset( $_POST['akismet_comment_nonce'] ) && wp_verify_nonce( $_POST['akismet_comment_nonce'], 'akismet_comment_nonce_' . $comment['comment_post_ID'] ) )
$comment['akismet_comment_nonce'] = 'passed';
// comment reply in wp-admin if ( isset( $_POST['_ajax_nonce-replyto-comment'] ) && check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ) )
$comment['akismet_comment_nonce'] = 'passed';
}
if ( self::is_test_mode() )
$comment['is_test'] = 'true';
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) {
if ( -1 === $action ) {
_doing_it_wrong( __FUNCTION__, __( 'You should specify an action to be verified by using the first parameter.' ), '3.2.0' );
}
$adminurl = strtolower( admin_url() );
$referer = strtolower( wp_get_referer() );
$result = isset( $_REQUEST[ $query_arg ] ) ? wp_verify_nonce( $_REQUEST[ $query_arg ], $action ) : false;
/** * Fires once the admin request has been validated or not. * * @since 1.5.1 * * @param string $action The nonce action. * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between * 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago. */
do_action( 'check_admin_referer', $action, $result );
function signup_nonce_check( $result ) {
if ( ! strpos( $_SERVER['PHP_SELF'], 'wp-signup.php' ) ) {
return $result;
}
if ( ! wp_verify_nonce( $_POST['_signup_form'], 'signup_form_' . $_POST['signup_form_id'] ) ) {
$result['errors']->add( 'invalid_nonce', __( 'Unable to submit this form, please try again.' ) );
}
return $result;
}
/** * Corrects 404 redirects when NOBLOGREDIRECT is defined. * * @since MU (3.0.0) */
elseif ( 'resuming' === $_GET['error'] ) {
$errmsg = __( 'Plugin could not be resumed because it triggered a <strong>fatal error</strong>.' );
} else {
$errmsg = __( 'Plugin could not be activated because it triggered a <strong>fatal error</strong>.' );
}
?> <div id="message" class="error"><p><?php echo $errmsg; ?></p> <?php
if ( ! isset( $_GET['main'] ) && ! isset( $_GET['charsout'] )
&& isset( $_GET['_error_nonce'] ) && wp_verify_nonce( $_GET['_error_nonce'], 'plugin-activation-error_' . $plugin )
) {
$iframe_url = add_query_arg(
array(
'action' => 'error_scrape',
'plugin' => urlencode( $plugin ),
'_wpnonce' => urlencode( $_GET['_error_nonce'] ),
),
admin_url( 'plugins.php' )
);
?>
$errmsg = __( 'Plugin could not be resumed because it triggered a <strong>fatal error</strong>.' );
} else {
$errmsg = __( 'Plugin could not be activated because it triggered a <strong>fatal error</strong>.' );
}
?> <div id="message" class="error"><p><?php echo $errmsg; ?></p> <?php
if ( ! isset( $_GET['main'] ) && ! isset( $_GET['charsout'] )
&& isset( $_GET['_error_nonce'] ) && wp_verify_nonce( $_GET['_error_nonce'], 'plugin-activation-error_' . $plugin )
) {
$iframe_url = add_query_arg(
array(
'action' => 'error_scrape',
'plugin' => urlencode( $plugin ),
'_wpnonce' => urlencode( $_GET['_error_nonce'] ),
),
admin_url( 'plugins.php' )
);
?>
public function step() {
if ( ! isset( $_GET['step'] ) ) {
return 1;
}
$step = (int) $_GET['step'];
if ( $step < 1 || 3 < $step ||
( 2 === $step && ! wp_verify_nonce( $_REQUEST['_wpnonce-custom-header-upload'], 'custom-header-upload' ) ) ||
( 3 === $step && ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'custom-header-crop-image' ) )
) {
return 1;
}
return $step;
}
/** * Sets up the enqueue for the JavaScript files. * * @since 2.1.0 */
$inline_js = array(
'comment_author_url_nonce' => wp_create_nonce( 'comment_author_url_nonce' ),
'strings' => array(
'Remove this URL' => __( 'Remove this URL' , 'akismet'),
'Removing...' => __( 'Removing...' , 'akismet'),
'URL removed' => __( 'URL removed' , 'akismet'),
'(undo)' => __( '(undo)' , 'akismet'),
'Re-adding...' => __( 'Re-adding...' , 'akismet'),
)
);
if ( isset( $_GET['akismet_recheck'] ) && wp_verify_nonce( $_GET['akismet_recheck'], 'akismet_recheck' ) ) {
$inline_js['start_recheck'] = true;
}
if ( apply_filters( 'akismet_enable_mshots', true ) ) {
$inline_js['enable_mshots'] = true;
}
wp_localize_script( 'akismet.js', 'WPAkismet', $inline_js );
}
}
'comment_author_url_nonce' => wp_create_nonce( 'comment_author_url_nonce' ),
'strings' => array(
'Remove this URL' => __( 'Remove this URL' , 'akismet'),
'Removing...' => __( 'Removing...' , 'akismet'),
'URL removed' => __( 'URL removed' , 'akismet'),
'(undo)' => __( '(undo)' , 'akismet'),
'Re-adding...' => __( 'Re-adding...' , 'akismet'),
)
);
if ( isset( $_GET['akismet_recheck'] ) && wp_verify_nonce( $_GET['akismet_recheck'], 'akismet_recheck' ) ) {
$inline_js['start_recheck'] = true;
}
if ( apply_filters( 'akismet_enable_mshots', true ) ) {
$inline_js['enable_mshots'] = true;
}
wp_localize_script( 'akismet.js', 'WPAkismet', $inline_js );
}
}
if ( empty( $user->display_name ) ) {
$user->display_name = $user->user_login;
}
$comment_author = $user->display_name;
$comment_author_email = $user->user_email;
$comment_author_url = $user->user_url;
$user_id = $user->ID;
if ( current_user_can( 'unfiltered_html' ) ) {
if ( ! isset( $comment_data['_wp_unfiltered_html_comment'] )
|| ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_id )
) {
kses_remove_filters(); // Start with a clean slate. kses_init_filters(); // Set up the filters. remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
add_filter( 'pre_comment_content', 'wp_filter_kses' );
}
}
} else {
if ( get_option( 'comment_registration' ) ) {
return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to comment.' ), 403 );
}
}
$user->display_name = $user->user_login;
}
$comment_author = $user->display_name;
$comment_author_email = $user->user_email;
$comment_author_url = $user->user_url;
$user_id = $user->ID;
if ( current_user_can( 'unfiltered_html' ) ) {
if ( ! isset( $comment_data['_wp_unfiltered_html_comment'] )
|| ! wp_verify_nonce( $comment_data['_wp_unfiltered_html_comment'], 'unfiltered-html-comment_' . $comment_post_id )
) {
kses_remove_filters(); // Start with a clean slate. kses_init_filters(); // Set up the filters. remove_filter( 'pre_comment_content', 'wp_filter_post_kses' );
add_filter( 'pre_comment_content', 'wp_filter_kses' );
}
}
} else {
if ( get_option( 'comment_registration' ) ) {
return new WP_Error( 'not_logged_in', __( 'Sorry, you must be logged in to comment.' ), 403 );
}
}
if ( ! $this->is_active() ) {
wp_safe_redirect( $redirect_to );
die;
}
if ( ! isset( $_GET['action'] ) || self::EXIT_ACTION !== $_GET['action'] ) {
return;
}
if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], self::EXIT_ACTION ) ) {
wp_die( __( 'Exit recovery mode link expired.' ), 403 );
}
if ( ! $this->exit_recovery_mode() ) {
wp_die( __( 'Failed to exit recovery mode. Please try again later.' ) );
}
wp_safe_redirect( $redirect_to );
die;
}
function wp_ajax_heartbeat() {
if ( empty( $_POST['_nonce'] ) ) {
wp_send_json_error();
}
$response = array();
$data = array();
$nonce_state = wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' );
// 'screen_id' is the same as $current_screen->id and the JS global 'pagenow'. if ( ! empty( $_POST['screen_id'] ) ) {
$screen_id = sanitize_key( $_POST['screen_id'] );
} else {
$screen_id = 'front';
}
if ( ! empty( $_POST['data'] ) ) {
$data = wp_unslash( (array) $_POST['data'] );
}
function wp_autosave( $post_data ) {
// Back-compat. if ( ! defined( 'DOING_AUTOSAVE' ) ) {
define( 'DOING_AUTOSAVE', true );
}
$post_id = (int) $post_data['post_id'];
$post_data['ID'] = $post_id;
$post_data['post_ID'] = $post_id;
if ( false === wp_verify_nonce( $post_data['_wpnonce'], 'update-post_' . $post_id ) ) {
return new WP_Error( 'invalid_nonce', __( 'Error while saving.' ) );
}
$post = get_post( $post_id );
if ( ! current_user_can( 'edit_post', $post->ID ) ) {
return new WP_Error( 'edit_posts', __( 'Sorry, you are not allowed to edit this item.' ) );
}
if ( 'auto-draft' === $post->post_status ) {
$post_data['post_status'] = 'draft';
}
$remind_interval = (int) apply_filters( 'admin_email_remind_interval', 3 * DAY_IN_SECONDS );
if ( ! empty( $_GET['remind_me_later'] ) ) {
if ( ! wp_verify_nonce( $_GET['remind_me_later'], 'remind_me_later_nonce' ) ) {
wp_safe_redirect( wp_login_url() );
exit;
}
if ( $remind_interval > 0 ) {
update_option( 'admin_email_lifespan', time() + $remind_interval );
}
$redirect_to = add_query_arg( 'admin_email_remind_later', 1, $redirect_to );
wp_safe_redirect( $redirect_to );
exit;
}
<?php _ex( 'Block Themes', 'themes' ); ?></a></li>
<li><a href="#" data-sort="favorites"><?php _ex( 'Favorites', 'themes' ); ?></a></li>
</ul>
<button type="button" class="button drawer-toggle" aria-expanded="false"><?php _e( 'Feature Filter' ); ?></button>
<form class="search-form"></form>
<div class="favorites-form">
<?php
$action = 'save_wporg_username_' . get_current_user_id();
if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), $action ) ) {
$user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
} else {
$user = get_user_option( 'wporg_favorites' );
}
?> <p class="install-help"><?php _e( 'If you have marked themes as favorites on WordPress.org, you can browse them here.' ); ?></p> <p> <label for="wporg-username-input"><?php _e( 'Your WordPress.org username:' ); ?></label> <input type="hidden" id="wporg-username-nonce" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( $action ) ); ?>" /> <input type="search" id="wporg-username-input" value="
if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( wp_unslash( $_GET['_wpnonce'] ), $action ) ) {
$user = isset( $_GET['user'] ) ? wp_unslash( $_GET['user'] ) : get_user_option( 'wporg_favorites' );
update_user_meta( get_current_user_id(), 'wporg_favorites', $user );
} else {
$user = get_user_option( 'wporg_favorites' );
}
?> <p class="install-help"><?php _e( 'If you have marked themes as favorites on WordPress.org, you can browse them here.' ); ?></p> <p> <label for="wporg-username-input"><?php _e( 'Your WordPress.org username:' ); ?></label> <input type="hidden" id="wporg-username-nonce" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( $action ) ); ?>" /> <input type="search" id="wporg-username-input" value="