check_ajax_referer( int|string $action = -1, false|string $query_arg = false, bool $die = true )

Verifies the Ajax request to prevent processing requests external of the blog.

Parameters

$action

(int|string) (Optional) Action nonce.

Default value: -1

$query_arg

(false|string) (Optional) Key to check for the nonce in $_REQUEST (since WP-2.5). If false, $_REQUEST values will be evaluated for '_ajax_nonce', and '_wpnonce' (in that order).

Default value: false

$die

(bool) (Optional) Whether to die early when the nonce cannot be verified.

Default value: true

Return

(false|int) False if the nonce is invalid, 1 if the nonce is valid and generated between 0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.

Source

File: wp-includes/pluggable.php

function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
	if ( -1 == $action ) {
		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), 'WP-4.7' );
	}

	$nonce = '';

	if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
		$nonce = $_REQUEST[ $query_arg ];
	elseif ( isset( $_REQUEST['_ajax_nonce'] ) )
		$nonce = $_REQUEST['_ajax_nonce'];
	elseif ( isset( $_REQUEST['_wpnonce'] ) )
		$nonce = $_REQUEST['_wpnonce'];

	$result = wp_verify_nonce( $nonce, $action );

	/**
	 * Fires once the Ajax request has been validated or not.
	 *
	 * @since WP-2.1.0
	 *
	 * @param string    $action The Ajax nonce action.
	 * @param false|int $result False if the nonce is invalid, 1 if the nonce is valid and generated between
	 *                          0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
	 */
	do_action( 'check_ajax_referer', $action, $result );

	if ( $die && false === $result ) {
		if ( wp_doing_ajax() ) {
			wp_die( -1, 403 );
		} else {
			die( '-1' );
		}
	}

	return $result;
}

Expand Source Code View on GitHub

Uses

Uses
Uses	Description
wp-includes/l10n.php: __()	Retrieve the translation of $text.
wp-includes/pluggable.php: wp_verify_nonce()	Verify that correct nonce was used with time limit.
wp-includes/pluggable.php: check_ajax_referer	Fires once the Ajax request has been validated or not.
wp-includes/plugin.php: do_action()	Execute functions hooked on a specific action hook.
wp-includes/load.php: wp_doing_ajax()	Determines whether the current request is a ClassicPress Ajax request.
wp-includes/functions.php: _doing_it_wrong()	Mark something as being incorrectly called.
wp-includes/functions.php: wp_die()	Kill ClassicPress execution and display HTML message with error message.

Show 2 more uses Hide more uses

Used By

Used By
Used By	Description
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::wp_ajax_update_widget()	Updates widget settings asynchronously.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::handle_override_changeset_lock_request()	Removes changeset lock when take over request is sent via Ajax.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::handle_dismiss_autosave_or_lock_request()	Delete a given auto-draft changeset or the autosave revision for a given changeset or delete changeset lock.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::handle_load_themes_request()	Load themes into the theme browsing/installation UI.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::setup_theme()	Start preview and customize theme.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::save()	Handle customize_save WP Ajax request to save/update a changeset.
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::handle_changeset_trash_request()	Handle request to trash a changeset.
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::ajax_insert_auto_draft_post()	Ajax handler for adding a new auto-draft post.
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::ajax_load_available_items()	Ajax handler for loading available menu items.
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::ajax_search_available_items()	Ajax handler for searching available menu items.
wp-admin/custom-background.php: Custom_Background::ajax_background_add()	Ajax handler for adding custom background context to an attachment.
wp-admin/custom-background.php: Custom_Background::wp_set_background_image()
wp-admin/custom-header.php: Custom_Image_Header::ajax_header_crop()	Gets attachment uploaded by Media Manager, crops it, then saves it as a new object. Returns JSON-encoded object details.
wp-admin/custom-header.php: Custom_Image_Header::ajax_header_add()	Given an attachment ID for a header image, updates its “last used” timestamp to now.
wp-admin/custom-header.php: Custom_Image_Header::ajax_header_remove()	Given an attachment ID for a header image, unsets it as a user-uploaded header image for the current theme.
wp-admin/includes/ajax-actions.php: wp_ajax_wp_privacy_erase_personal_data()	Ajax handler for erasing personal data.
wp-admin/includes/ajax-actions.php: wp_ajax_search_install_plugins()	Ajax handler for searching plugins to install.
wp-admin/includes/ajax-actions.php: wp_ajax_wp_privacy_export_personal_data()	Ajax handler for exporting a user’s personal data.
wp-admin/includes/ajax-actions.php: wp_ajax_crop_image()	Ajax handler for cropping an image.
wp-admin/includes/ajax-actions.php: wp_ajax_save_wporg_username()	Ajax handler for saving the user’s WordPress.org username.
wp-admin/includes/ajax-actions.php: wp_ajax_install_theme()	Ajax handler for installing a theme.
wp-admin/includes/ajax-actions.php: wp_ajax_update_theme()	Ajax handler for updating a theme.
wp-admin/includes/ajax-actions.php: wp_ajax_delete_theme()	Ajax handler for deleting a theme.
wp-admin/includes/ajax-actions.php: wp_ajax_install_plugin()	Ajax handler for installing a plugin.
wp-admin/includes/ajax-actions.php: wp_ajax_update_plugin()	Ajax handler for updating a plugin.
wp-admin/includes/ajax-actions.php: wp_ajax_delete_plugin()	Ajax handler for deleting a plugin.
wp-admin/includes/ajax-actions.php: wp_ajax_search_plugins()	Ajax handler for searching plugins.
wp-admin/includes/ajax-actions.php: wp_ajax_save_attachment_order()	Ajax handler for saving the attachment order.
wp-admin/includes/ajax-actions.php: wp_ajax_send_attachment_to_editor()	Ajax handler for sending an attachment to the editor.
wp-admin/includes/ajax-actions.php: wp_ajax_send_link_to_editor()	Ajax handler for sending a link to the editor.
wp-admin/includes/ajax-actions.php: wp_ajax_save_user_color_scheme()	Ajax handler for auto-saving the selected color scheme for a user’s own profile.
wp-admin/includes/ajax-actions.php: wp_ajax_wp_fullscreen_save_post()	Ajax handler for saving posts from the fullscreen editor.
wp-admin/includes/ajax-actions.php: wp_ajax_wp_remove_post_lock()	Ajax handler for removing a post lock.
wp-admin/includes/ajax-actions.php: wp_ajax_save_attachment()	Ajax handler for updating attachment attributes.
wp-admin/includes/ajax-actions.php: wp_ajax_save_attachment_compat()	Ajax handler for saving backward compatible attachment attributes.
wp-admin/includes/ajax-actions.php: wp_ajax_inline_save_tax()	Ajax handler for quick edit saving for a term.
wp-admin/includes/ajax-actions.php: wp_ajax_find_posts()	Ajax handler for querying posts for the Find Posts modal.
wp-admin/includes/ajax-actions.php: wp_ajax_widgets_order()	Ajax handler for saving the widgets order.
wp-admin/includes/ajax-actions.php: wp_ajax_save_widget()	Ajax handler for saving a widget.
wp-admin/includes/ajax-actions.php: wp_ajax_delete_inactive_widgets()	Ajax handler for removing inactive widgets.
wp-admin/includes/ajax-actions.php: wp_ajax_upload_attachment()	Ajax handler for uploading attachments
wp-admin/includes/ajax-actions.php: wp_ajax_image_editor()	Ajax handler for image editing.
wp-admin/includes/ajax-actions.php: wp_ajax_set_post_thumbnail()	Ajax handler for setting the featured image.
wp-admin/includes/ajax-actions.php: wp_ajax_get_post_thumbnail_html()	Ajax handler for retrieving HTML for the featured image.
wp-admin/includes/ajax-actions.php: wp_ajax_hidden_columns()	Ajax handler for hidden columns.
wp-admin/includes/ajax-actions.php: wp_ajax_update_welcome_panel()	Ajax handler for updating whether to display the welcome panel.
wp-admin/includes/ajax-actions.php: wp_ajax_wp_link_ajax()	Ajax handler for internal linking.
wp-admin/includes/ajax-actions.php: wp_ajax_menu_locations_save()	Ajax handler for menu locations save.
wp-admin/includes/ajax-actions.php: wp_ajax_meta_box_order()	Ajax handler for saving the meta box order.
wp-admin/includes/ajax-actions.php: wp_ajax_get_permalink()	Ajax handler to retrieve a permalink.
wp-admin/includes/ajax-actions.php: wp_ajax_sample_permalink()	Ajax handler to retrieve a sample permalink.
wp-admin/includes/ajax-actions.php: wp_ajax_inline_save()	Ajax handler for Quick Edit saving a post from a list table.
wp-admin/includes/ajax-actions.php: wp_ajax_replyto_comment()	Ajax handler for replying to a comment.
wp-admin/includes/ajax-actions.php: wp_ajax_edit_comment()	Ajax handler for editing a comment.
wp-admin/includes/ajax-actions.php: wp_ajax_add_menu_item()	Ajax handler for adding a menu item.
wp-admin/includes/ajax-actions.php: wp_ajax_add_meta()	Ajax handler for adding meta.
wp-admin/includes/ajax-actions.php: wp_ajax_add_user()	Ajax handler for adding a user.
wp-admin/includes/ajax-actions.php: wp_ajax_closed_postboxes()	Ajax handler for closed post boxes.
wp-admin/includes/ajax-actions.php: wp_ajax_add_link_category()	Ajax handler for adding a link category.
wp-admin/includes/ajax-actions.php: wp_ajax_add_tag()	Ajax handler to add a tag.
wp-admin/includes/ajax-actions.php: wp_ajax_get_comments()	Ajax handler for getting comments.
wp-admin/includes/ajax-actions.php: _wp_ajax_add_hierarchical_term()	Ajax handler for adding a hierarchical term.
wp-admin/includes/ajax-actions.php: wp_ajax_delete_comment()	Ajax handler for deleting a comment.
wp-admin/includes/ajax-actions.php: wp_ajax_delete_tag()	Ajax handler for deleting a tag.
wp-admin/includes/ajax-actions.php: wp_ajax_delete_link()	Ajax handler for deleting a link.
wp-admin/includes/ajax-actions.php: wp_ajax_delete_meta()	Ajax handler for deleting meta.
wp-admin/includes/ajax-actions.php: wp_ajax_delete_post()	Ajax handler for deleting a post.
wp-admin/includes/ajax-actions.php: wp_ajax_trash_post()	Ajax handler for sending a post to the trash.
wp-admin/includes/ajax-actions.php: wp_ajax_delete_page()
wp-admin/includes/ajax-actions.php: wp_ajax_dim_comment()	Ajax handler to dim a comment.
wp-admin/includes/ajax-actions.php: wp_ajax_fetch_list()	Ajax handler for fetching a list table.
wp-admin/includes/ajax-actions.php: wp_ajax_wp_compression_test()	Ajax handler for compression testing.
wp-admin/includes/ajax-actions.php: wp_ajax_imgedit_preview()	Ajax handler for image editor previews.

Show 68 more used by Hide more used by

Changelog

Changelog
Version	Description
WP-2.0.3	Introduced.