Changeset 6209 for trunk/bp-core/bp-core-functions.php
- Timestamp:
- 07/27/2012 07:40:00 AM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/bp-core/bp-core-functions.php
r6179 r6209 1173 1173 } 1174 1174 1175 /** Nonces ********************************************************************/ 1176 1177 /** 1178 * Makes sure the user requested an action from another page on this site. 1179 * 1180 * To avoid security exploits within the theme. 1181 * 1182 * @since BuddyPress (1.6) 1183 * 1184 * @uses do_action() Calls 'bp_verify_nonce_request' on $action. 1185 * @param string $action Action nonce 1186 * @param string $query_arg where to look for nonce in $_REQUEST 1187 */ 1188 function bp_verify_nonce_request( $action = '', $query_arg = '_wpnonce' ) { 1189 1190 // Get the home URL 1191 $home_url = strtolower( home_url() ); 1192 1193 // Build the currently requested URL 1194 $scheme = is_ssl() ? 'https://' : 'http://'; 1195 $requested_url = strtolower( $scheme . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); 1196 1197 // Check the nonce 1198 $result = isset( $_REQUEST[$query_arg] ) ? wp_verify_nonce( $_REQUEST[$query_arg], $action ) : false; 1199 1200 // Nonce check failed 1201 if ( empty( $result ) || empty( $action ) || ( strpos( $requested_url, $home_url ) !== 0 ) ) 1202 $result = false; 1203 1204 // Do extra things 1205 do_action( 'bp_verify_nonce_request', $action, $result ); 1206 1207 return $result; 1208 } 1209 1175 1210 ?>
Note: See TracChangeset
for help on using the changeset viewer.