Don’t count on check_admin_referer() without correct parameters! Because, in some cases it may not die() (as opposed to your expectations), instead it will just return the false response.
|
1 2 3 4 5 6 7 8 9 |
function check_admin_referer( $action = -1, $query_arg = '_wpnonce' ) { $result = isset( $_REQUEST[ $query_arg ] ) ? wp_verify_nonce( $_REQUEST[ $query_arg ], $action ) : false; //Now, "die() check" if ( ! $result && ( -1 !== $action || strpos( wp_get_referer(), admin_url() ) !== 0 ) ) { die(); } return $result; } |
If you like this question & answer and want to contribute, then write your question & answer and email to freewebmentor[@]gmail.com. Your question and answer will appear on FreeWebMentor.com and help other developers.