wordpress函数check_ajax_referer()用法示例

check_ajax_referer( int|string $action = -1,  false|string $query_arg = false,  bool $die = true )

Verifies the Ajax request to prevent processing requests external of the blog.

描述

参数

$action

(int|string)
(Optional)
Action nonce.

Default value: -1

$query_arg

(false|string)
(Optional)
Key to check for the nonce in $_REQUEST (since 2.5). If false, $_REQUEST values will be evaluated for ‘_ajax_nonce’, and ‘_wpnonce’ (in that order).

Default value: false

$die

(bool)
(Optional)
Whether to die early when the nonce cannot be verified.

Default value: true

返回值

(false|int) False if the nonce is invalid, 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.

源代码

File: wp-includes/pluggable.php

function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
	if ( -1 == $action ) {
		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '4.7' );
	}

	$nonce = '';

	if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
		$nonce = $_REQUEST[ $query_arg ];
	elseif ( isset( $_REQUEST['_ajax_nonce'] ) )
		$nonce = $_REQUEST['_ajax_nonce'];
	elseif ( isset( $_REQUEST['_wpnonce'] ) )
		$nonce = $_REQUEST['_wpnonce'];

	$result = wp_verify_nonce( $nonce, $action );

	/**
	 * Fires once the Ajax request has been validated or not.
	 *
	 * @since 2.1.0
	 *
	 * @param string    $action The Ajax nonce action.
	 * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
	 *                          0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
	 */
	do_action( 'check_ajax_referer', $action, $result );

	if ( $die && false === $result ) {
		if ( wp_doing_ajax() ) {
			wp_die( -1, 403 );
		} else {
			die( '-1' );
		}
	}

	return $result;
}

更新日志

相关函数

Uses

• wp-includes/load.php:
  wp_doing_ajax()
• wp-includes/l10n.php:
  __()
• wp-includes/pluggable.php:
  wp_verify_nonce()
• wp-includes/pluggable.php:
  check_ajax_referer
• wp-includes/functions.php:
  _doing_it_wrong()
• wp-includes/functions.php:
  wp_die()
• wp-includes/plugin.php:
  do_action()

Show 2 more uses
Hide more uses

Used By

• wp-admin/includes/ajax-actions.php:
  wp_ajax_get_community_events()
• wp-includes/class-wp-customize-nav-menus.php:
  WP_Customize_Nav_Menus::ajax_insert_auto_draft_post()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_search_install_plugins()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_delete_plugin()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_search_plugins()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_install_theme()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_update_theme()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_delete_theme()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_install_plugin()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_get_post_thumbnail_html()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_save_wporg_username()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_delete_inactive_widgets()
• wp-includes/class-wp-customize-nav-menus.php:
  WP_Customize_Nav_Menus::ajax_load_available_items()
• wp-includes/class-wp-customize-nav-menus.php:
  WP_Customize_Nav_Menus::ajax_search_available_items()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_crop_image()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_update_plugin()
• wp-admin/custom-background.php:
  Custom_Background::ajax_background_add()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_save_attachment_order()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_send_attachment_to_editor()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_send_link_to_editor()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_save_user_color_scheme()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_save_widget()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_upload_attachment()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_image_editor()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_set_post_thumbnail()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_wp_fullscreen_save_post()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_wp_remove_post_lock()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_save_attachment()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_save_attachment_compat()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_add_menu_item()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_add_meta()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_add_user()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_closed_postboxes()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_hidden_columns()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_update_welcome_panel()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_wp_link_ajax()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_menu_locations_save()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_meta_box_order()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_get_permalink()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_sample_permalink()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_inline_save()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_inline_save_tax()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_find_posts()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_widgets_order()
• wp-admin/includes/ajax-actions.php:
  _wp_ajax_add_hierarchical_term()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_delete_comment()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_delete_tag()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_delete_link()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_delete_meta()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_delete_post()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_trash_post()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_delete_page()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_dim_comment()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_add_link_category()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_add_tag()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_get_comments()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_replyto_comment()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_edit_comment()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_fetch_list()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_wp_compression_test()
• wp-admin/includes/ajax-actions.php:
  wp_ajax_imgedit_preview()
• wp-admin/custom-header.php:
  Custom_Image_Header::ajax_header_crop()
• wp-admin/custom-header.php:
  Custom_Image_Header::ajax_header_add()
• wp-admin/custom-header.php:
  Custom_Image_Header::ajax_header_remove()
• wp-includes/class-wp-customize-manager.php:
  WP_Customize_Manager::save()
• wp-includes/class-wp-customize-manager.php:
  WP_Customize_Manager::setup_theme()
• wp-includes/class-wp-customize-widgets.php:
  WP_Customize_Widgets::wp_ajax_update_widget()

Show 62 more used by
Hide more used by

User Contributed Notes

1. Skip to note content

   You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note

   Contributed by Codex

   Example
   In your main file, set the nonce like this:

   
   <?php
   //Set Your Nonce
   $ajax_nonce = wp_create_nonce( "wpdocs-special-string" );
   ?>
   
   <script type="text/javascript">
   jQuery(document).ready(function($){
   	var data = {
   		action: 'wpdocs_action',
   		security: '<?php echo $ajax_nonce; ?>',
   		wpdocs_string: 'Hello World!'
   	};
   	$.post(ajaxurl, data, function(response) {
   		alert("Response: " + response);
   	});
   });
   </script>
   

   In your AJAX file, check the referrer like this:

   
   /**
    * Check the referrer for the AJAX call.
    */
   function wpdocs_action_function() {
   	check_ajax_referer( 'wpdocs-special-string', 'security' );
   	echo sanitize_text_field( $_POST['wpdocs_string'] );
   	die;
   }
   add_action( 'wp_ajax_wpdocs_action', 'wpdocs_action_function' );