admin管理员组

文章数量:1122826

I have wp_nonce_field in my code but it's creating two instances to the html code for some reason, one where I'd expect it and another at the start of the entry. Is this correct or am I doing somehthing wrong. It's creating a validator error. One thing I'm doing a bit different is that the form is being output via a shortcode, but I wouldnt have expected that to cause a problem. I have checked the rest of the code and it is the case the wp_nonce_field is "working twice" for some reason ... here is the relevant portion of the code

      (rest of form code precedes this)      
      $formDisplay .= $commentErrorDisplay;
      $formDisplay .= '<input id="submitContact" type="submit" value = "Send" />';
      $formDisplay .= wp_nonce_field('contact-form');
      $formDisplay .= '<input type="hidden" name="contact-submitted" id="contact-submitted" value="true" />';
      $formDisplay .= '<br /><span class="feedback ' . $sent .'">'.$feedback.'</span>';
      $formDisplay .= '</form>';
      $formDisplay .= '</div>';


      return $formDisplay;

Edit : I think I've discovered it, though in fact I still dont fully understand, but that's probably just a general lack of knowledge on my part. The codex says

Return Values (string) Nonce field.

so I thought that meant that as it returned a nonce field as a string that I could just append it to $formDisplay ( 3rd line of my code) but apparently not. I think it must both display the nonce field AND return it or something. I'm sure there's nothing strange about it's operation but it's probably worth leaving this question up here just in case someone else falls for the same mistake.

I have wp_nonce_field in my code but it's creating two instances to the html code for some reason, one where I'd expect it and another at the start of the entry. Is this correct or am I doing somehthing wrong. It's creating a validator error. One thing I'm doing a bit different is that the form is being output via a shortcode, but I wouldnt have expected that to cause a problem. I have checked the rest of the code and it is the case the wp_nonce_field is "working twice" for some reason ... here is the relevant portion of the code

      (rest of form code precedes this)      
      $formDisplay .= $commentErrorDisplay;
      $formDisplay .= '<input id="submitContact" type="submit" value = "Send" />';
      $formDisplay .= wp_nonce_field('contact-form');
      $formDisplay .= '<input type="hidden" name="contact-submitted" id="contact-submitted" value="true" />';
      $formDisplay .= '<br /><span class="feedback ' . $sent .'">'.$feedback.'</span>';
      $formDisplay .= '</form>';
      $formDisplay .= '</div>';


      return $formDisplay;

Edit : I think I've discovered it, though in fact I still dont fully understand, but that's probably just a general lack of knowledge on my part. The codex says

Return Values (string) Nonce field.

so I thought that meant that as it returned a nonce field as a string that I could just append it to $formDisplay ( 3rd line of my code) but apparently not. I think it must both display the nonce field AND return it or something. I'm sure there's nothing strange about it's operation but it's probably worth leaving this question up here just in case someone else falls for the same mistake.

  • plugin-development
  • theme-development
  • shortcode
  • security
  • nonce
Share Improve this question edited Mar 16, 2012 at 19:57 byronyasgur asked Mar 16, 2012 at 18:36 byronyasgurbyronyasgur 3,0424 gold badges34 silver badges54 bronze badges
Add a comment  | 

3 Answers 3

Reset to default 6

If you're going to add the nonce field to an HTML string, you have to specify that you don't want it echoed. That's the fourth parameter; see https://core.trac.wordpress.org/browser/tags/3.3.1/wp-includes/functions.php#L1952

$formDisplay .= wp_nonce_field( 'contact-form', '_wpnonce', true, false );

Shortcode and wp_nonce_field()

A shortcode is echoed. If it contains wp_nonce_field(), that is echoed again. Hence it is added twice to the DOM, which would be returned with an error (duplicate ID) by a validating service.

Setting the fourth parameter to false omits one instance.

Here are some tests, that serve as proof:

A: Here wp_nonce_field() is echoed twice in the DOM, since it is concatenated into the echo:

add_action( 'comment_form_after_fields', 'additional_fields' );
    function additional_fields () {
    echo '<p>
          <label for="xxx">Please fill in the form</label>
          <input type="text" id="xxx" name="fax_only" class="exclude" />'.
          wp_nonce_field( 'xxxcomments' , 'xxx_nonce' ).
         '</p>';
         }

B: This works better. wp_nonce_field() is not echoed. The fields are added once, no duplicate:

add_action( 'comment_form_after_fields', 'additional_fields' );
    function additional_fields () {

    echo '<p>
          <label for="xxx">Please fill in the form</label>
          <input type="text" id="xxx" name="fax_only" class="exclude" />';

          wp_nonce_field( 'xxxcomments' , 'xxx_nonce' );
    
    echo  '</p>';
    }

I hope that gives a better understanding of how wp_nonce_fields() are added to the DOM.

Noticed this in validation checking like OP. The fix is dead-on as Boone suggested, however in my instance of using a guest-post plugin, changing the 4th value to false wouldn't let me change the post status from plugin default (pending). My fix I found was to change the line directly underneath in wp-includes/function.php to "class" instead of "id".

... Wordpress and posting still seems to work correctly.

本文标签: plugin developmentwpnoncefield displaying twice

版权声明:本文标题:plugin development - wp_nonce_field displaying twice 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736295890a1929669.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。