admin管理员组文章数量:1309947
I'm updating some code in one of my WordPress plugins by adding a nonce to improve security. The plugin that has a form that generates some output that the user can copy and paste as a shortcode. At the bottom of the settings form I have a second form that resets the first form to its defaults.
As the headline says, the nonce keeps failing.
<?php
/**
* Form reset.
*
* @package Foobar/foobar
*/
// $parent and $token construct the page slug. Settings form and these variables omitted for clarity.
$html = '<form id="my-reset" name="my-reset" method="post" action="options-general.php?page=' . $this->parent->token . '&tab=generator">';
$html .= wp_nonce_field( 'options-general.php?page=' . $this->parent->token . '&tab=generator', 'my_reset_nonce' );
$html .= '
<p class="submit"><input name="reset" class="button button-secondary" type="submit" value="' . esc_html__( 'Reset the Shortcode Generator', 'textdomain' ) . '" >
<input type="hidden" name="action" value="reset" />
</p>
</form>';
if ( isset( $_POST['reset'] ) ) {
if ( ! wp_verify_nonce( 'options-general.php?page=' . $this->parent->token . '&tab=generator', 'my_reset_nonce' ) ) {
die( esc_html__( 'Invalid nonce. Form submission blocked!', 'textdomain' ) );
} else {
// Logic to reset the settings form.
}
};
Any help appreciated.
I'm updating some code in one of my WordPress plugins by adding a nonce to improve security. The plugin that has a form that generates some output that the user can copy and paste as a shortcode. At the bottom of the settings form I have a second form that resets the first form to its defaults.
As the headline says, the nonce keeps failing.
<?php
/**
* Form reset.
*
* @package Foobar/foobar
*/
// $parent and $token construct the page slug. Settings form and these variables omitted for clarity.
$html = '<form id="my-reset" name="my-reset" method="post" action="options-general.php?page=' . $this->parent->token . '&tab=generator">';
$html .= wp_nonce_field( 'options-general.php?page=' . $this->parent->token . '&tab=generator', 'my_reset_nonce' );
$html .= '
<p class="submit"><input name="reset" class="button button-secondary" type="submit" value="' . esc_html__( 'Reset the Shortcode Generator', 'textdomain' ) . '" >
<input type="hidden" name="action" value="reset" />
</p>
</form>';
if ( isset( $_POST['reset'] ) ) {
if ( ! wp_verify_nonce( 'options-general.php?page=' . $this->parent->token . '&tab=generator', 'my_reset_nonce' ) ) {
die( esc_html__( 'Invalid nonce. Form submission blocked!', 'textdomain' ) );
} else {
// Logic to reset the settings form.
}
};
Any help appreciated.
Share Improve this question edited Jan 7, 2021 at 18:32 Chris J. Zähller asked Jan 6, 2021 at 22:57 Chris J. ZähllerChris J. Zähller 911 silver badge9 bronze badges 2 |1 Answer
Reset to default 0Okay, not sure what was wrong with my original code, but this post put me on the right path.
To generate the nonce, use:
wp_nonce_field( plugin_basename( __FILE__ ), 'my_reset_nonce',true,false);
To verify, use:
if ( ! isset( $_POST['my_reset_nonce'] ) || ! wp_verify_nonce( ( $_POST['my_reset_nonce'] ), plugin_basename( __FILE__ ) ) ) {
die;
} else {
// Reset the form.
}
Various other variables, conditionals, sanitizing, etc. omitted for clarity.
本文标签: pluginsNonce failing on form submission
版权声明:本文标题:plugins - Nonce failing on form submission 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741853357a2401197.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
$nonce = $_REQUEST['_wpnonce']; if ( ! wp_verify_nonce( $nonce, 'options-general.php?page=' . $this->parent->token . '&tab=generator', 'my_reset_nonce' ) ) { // Error. }– Chris J. Zähller Commented Jan 7, 2021 at 17:12