関数 wp_nonce_field()
定義ファイル :/blog/wp-includes/functions.php 8
wp_nonce_field()
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 | /** * Retrieve or display nonce hidden field for forms. * * The nonce field is used to validate that the contents of the form came from * the location on the current site and not somewhere else. The nonce does not * offer absolute protection, but should protect against most cases. It is very * important to use nonce field in forms. * * The $action and $name are optional, but if you want to have better security, * it is strongly suggested to set those two parameters. It is easier to just * call the function without any parameters, because validation of the nonce * doesn't require any parameters, but since crackers know what the default is * it won't be difficult for them to find a way around your nonce and cause * damage. * * The input name will be whatever $name value you gave. The input value will be * the nonce creation value. * * @since 2.0.4 * * @param string $action Optional. Action name. Default -1. * @param string $name Optional. Nonce name. Default '_wpnonce'. * @param bool $referer Optional. Whether to set the referer field for validation. Default true. * @param bool $echo Optional. Whether to display or return hidden form field. Default true. * @return string Nonce field HTML markup. */ function wp_nonce_field( $action = -1, $name = "_wpnonce", $referer = true , $echo = true ) { $name = esc_attr( $name ); $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />'; if ( $referer ) $nonce_field .= wp_referer_field( false ); if ( $echo ) echo $nonce_field; return $nonce_field; } |