Changeset 4023
- Timestamp:
- 06/28/2012 04:13:43 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/plugin/bbp-includes/bbp-common-functions.php
r3974 r4023 1394 1394 } 1395 1395 1396 /** Nonces ********************************************************************/ 1397 1398 /** 1399 * Makes sure the user requested an action from another page on this site. 1400 * 1401 * To avoid security exploits within the theme. 1402 * 1403 * @since bbPress (r4022) 1404 * 1405 * @uses do_action() Calls 'bbp_check_referer' on $action. 1406 * @param string $action Action nonce 1407 * @param string $query_arg where to look for nonce in $_REQUEST 1408 */ 1409 function bbp_verify_nonce_request( $action = '', $query_arg = '_wpnonce' ) { 1410 1411 // Get the home URL 1412 $home_url = strtolower( home_url() ); 1413 1414 // Build the currently requested URL 1415 $scheme = is_ssl() ? 'https://' : 'http://'; 1416 $requested_url = strtolower( $scheme . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); 1417 1418 // Check the nonce 1419 $result = isset( $_REQUEST[$query_arg] ) ? wp_verify_nonce( $_REQUEST[$query_arg], $action ) : false; 1420 1421 // Nonce check failed 1422 if ( empty( $result ) || empty( $action ) || ( strpos( $requested_url, $home_url ) !== 0 ) ) 1423 $result = false; 1424 1425 // Do extra things 1426 do_action( 'bbp_verify_nonce_request', $action, $result ); 1427 1428 return $result; 1429 } 1430 1396 1431 /** Feeds *********************************************************************/ 1397 1432
Note: See TracChangeset
for help on using the changeset viewer.