wp_nonce_field( int|string $action = -1, string $name = '_wpnonce', bool $referer = true, bool $echo = true )
检索或显示窗体的当前隐藏字段。
Retrieve or display nonce hidden field for forms.
目录锚点:#说明#参数#源码#笔记
nonce字段用于验证表单内容是否来自当前站点上的位置,而不是其他位置。nonce不能提供绝对的保护,但应该可以防止大多数情况。在表单中使用nonce字段非常重要。$action和$name是可选的,但是如果您想要更好的安全性,强烈建议您设置这两个参数。只调用不带任何参数的函数更容易,因为验证nonce不需要任何参数,但是由于cracker知道默认值是什么,所以他们很难找到绕过nonce的方法并造成损害。输入名称将是您给出的任何$name值。输入值将是nonce创建值。
参数 | 类型 | 说明 |
$action |
(int | string) |
操作名称。 |
$name |
(string) |
当前名称。 |
$referer |
(bool) |
是否设置要验证的referer字段。 |
$echo |
(bool) |
是否显示或返回隐藏表单域。 |
/**
* Retrieve or display nonce hidden field for forms.
*
* The nonce field is used to validate that the contents of the form came from
* the location on the current site and not somewhere else. The nonce does not
* offer absolute protection, but should protect against most cases. It is very
* important to use nonce field in forms.
*
* The $action and $name are optional, but if you want to have better security,
* it is strongly suggested to set those two parameters. It is easier to just
* call the function without any parameters, because validation of the nonce
* doesn't require any parameters, but since crackers know what the default is
* it won't be difficult for them to find a way around your nonce and cause
* damage.
*
* The input name will be whatever $name value you gave. The input value will be
* the nonce creation value.
*
* @since 2.0.4
*
* @param int|string $action Optional. Action name. Default -1.
* @param string $name Optional. Nonce name. Default '_wpnonce'.
* @param bool $referer Optional. Whether to set the referer field for validation. Default true.
* @param bool $echo Optional. Whether to display or return hidden form field. Default true.
* @return string Nonce field HTML markup.
*/
function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) {
$name = esc_attr( $name );
$nonce_field = '';
if ( $referer )
$nonce_field .= wp_referer_field( false );
if ( $echo )
echo $nonce_field;
return $nonce_field;
}
更新版本 |
源码位置 |
使用 |
被使用 |
2.0.4 |
wp-includes/functions.php |
4 |
3 |
基本示例
absint( mixed $maybeint )将值转换为非负整数,也就是取绝对值。Convert a value to non-negative integer.目录锚点:#参数#返回#源码#笔记参数(Parameters)参数类型必填说明$maybeint(mixed)必需要转换为非负整数的数据。返回(Return)(int)非负整数。源码(Source)function absint( $maybeint ) { return abs( intval( $maybeint ) );}/** *...
日期:2020-06-23 10:35:32
浏览:1328
activate_plugin( string $plugin, string $redirect = '', bool $network_wide = false, bool $silent = false )尝试激活插件,并在成功时重定向。Attempts activation of plugin in a “sandbox” and redirects on success.目录锚点:#说明#参数#返回#源码#笔记说明(Description)已激活的插件将不会再次尝试激活。其工作方式是在尝试包含插件...
日期:2020-06-23 10:39:26
浏览:1072
activate_plugins( string|string[] $plugins, string $redirect = '', bool $network_wide = false, bool $silent = false )激活多个插件。Activate multiple plugins.目录锚点:#说明#参数#返回#源码说明(Description)当WP_Error返回时,并不意...
日期:2020-09-08 17:28:27
浏览:1102
activate_sitewide_plugin()不推荐用于激活仅网络插件的功能。Deprecated functionality for activating a network-only plugin.目录锚点:#说明#返回#源码说明(Description)另见激活插件()返回(Return)无返回值源码(Source)更新版本源码位置使用被使用3.0.0 wp-admin/includes/ms-deprecated.php:5701 function...
日期:2020-09-08 17:28:28
浏览:1972
addslashes_gpc( string $gpc )添加斜线以转义字符串。Adds slashes to escape strings.目录锚点:#说明#参数#返回#源码说明(Description)如果设置了magic_quotes_gpc,将首先删除斜线,请参见https://www.php.net/magic_quotes更多细节。参数(Parameters)参数类型必填说明 $gpc (string) ...
日期:2020-09-21 12:46:52
浏览:951
addslashes_strings_only( mixed $value )仅当提供的值是字符串时才添加斜杠。Adds slashes only if the provided value is a string.目录锚点:#参数#返回#源码参数(Parameters)参数类型必填说明 $value (mixed) 必需 返回(Return)(mixe...
日期:2020-09-24 15:58:41
浏览:1335
add_action( string $tag, callable $function_to_add, int $priority = 10, int $accepted_args = 1 )将函数挂接到特定操作上。Hooks a function on to a specific action.目录锚点:#说明#参数#返回#源码#笔记说明(Description)Actions是WordPress核心在执行期间...
日期:2020-09-08 17:28:28
浏览:1207
add_blog_option( int $id, string $option, mixed $value )为给定的博客id添加新选项。Add a new option for a given blog id.目录锚点:#说明#参数#返回#源码#笔记说明(Description)不需要序列化值。如果需要序列化该值,则在将其插入数据库之前将对其进行序列化。请记住,资源不能序列化或作为选项添加。可以创建不带值的选项,然后稍后更新这些值。现有选项将不会更新,并执行检...
日期:2020-08-26 10:53:23
浏览:1020
add_clean_index( string $table, string $index )向指定表添加索引。Adds an index to a specified table.目录锚点:#参数#返回#源码#笔记参数(Parameters)参数类型必填说明 $table (string) 必需 数据库表名。 ...
日期:2020-09-08 17:28:29
浏览:1019
add_comments_page( string $page_title, string $menu_title, string $capability, string $menu_slug, callable $function = '', int $position = null )将子菜单页添加到“注释”主菜单。Add submenu page to the Comments ma...
日期:2020-08-24 11:14:39
浏览:1070