wp_create_nonce( string|int $action = -1 )
Creates a cryptographic token tied to a specific action, user, user session, and window of time.
Parameters
- $action
-
(Optional) Scalar value to add context to the nonce.
Default value: -1
Return
(string) The token.
Source
File: wp-includes/pluggable.php
function wp_create_nonce($action = -1) {
$user = wp_get_current_user();
$uid = (int) $user->ID;
if ( ! $uid ) {
/** This filter is documented in wp-includes/pluggable.php */
$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
}
$token = wp_get_session_token();
$i = wp_nonce_tick();
return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
}
Related
Uses
Uses | Description |
---|---|
wp-includes/pluggable.php: wp_hash() |
Get hash of given string. |
wp-includes/pluggable.php: nonce_user_logged_out |
Filters whether the user who generated the nonce is logged out. |
wp-includes/pluggable.php: wp_nonce_tick() |
Get the time-dependent variable for nonce creation. |
wp-includes/pluggable.php: wp_get_current_user() |
Retrieve the current user object. |
wp-includes/user.php: wp_get_session_token() |
Retrieve the current session token from the logged_in cookie. |
wp-includes/plugin.php: apply_filters() |
Call the functions added to a filter hook. |
Used By
Used By | Description |
---|---|
wp-includes/customize/class-wp-customize-background-image-control.php: WP_Customize_Background_Image_Control::enqueue() |
Enqueue control related scripts/styles. |
wp-includes/customize/class-wp-customize-header-image-control.php: WP_Customize_Header_Image_Control::enqueue() | |
wp-includes/general-template.php: wp_heartbeat_settings() |
Default settings for heartbeat |
wp-includes/script-loader.php: wp_default_scripts() |
Register all ClassicPress scripts. |
wp-includes/class-wp-customize-widgets.php: WP_Customize_Widgets::refresh_nonces() |
Refreshes the nonce for widget updates. |
wp-includes/media.php: wp_prepare_attachment_for_js() |
Prepares an attachment post object for JS, where it is expected to be JSON-encoded and fit into an Attachment model. |
wp-includes/media.php: wp_enqueue_media() |
Enqueues all scripts, styles, settings, and templates necessary to use all media JS APIs. |
wp-includes/media.php: wp_plupload_default_settings() |
Prints default Plupload arguments. |
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::get_nonces() |
Get nonces for the Customizer. |
wp-includes/class-wp-customize-manager.php: WP_Customize_Manager::handle_load_themes_request() |
Load themes into the theme browsing/installation UI. |
wp-includes/rest-api.php: rest_cookie_check_errors() |
Checks for errors when using cookie-based authentication. |
wp-includes/class-wp-customize-nav-menus.php: WP_Customize_Nav_Menus::filter_nonces() |
Adds a nonce for customizing menus. |
wp-includes/ms-functions.php: signup_nonce_check() |
Process the signup nonce created in signup_nonce_fields(). |
wp-includes/functions.php: wp_nonce_url() |
Retrieve URL with nonce added to URL query. |
wp-includes/functions.php: wp_nonce_field() |
Retrieve or display nonce hidden field for forms. |
wp-admin/custom-header.php: Custom_Image_Header::step_1() |
Display first step of custom header image page. |
wp-admin/includes/class-wp-media-list-table.php: WP_Media_List_Table::column_parent() |
Handles the parent column output. |
wp-admin/includes/misc.php: wp_refresh_post_nonces() |
Check nonce expiration on the New/Edit Post screen and refresh if needed |
wp-admin/includes/media.php: edit_form_image_editor() |
Displays the image and editor in the post editor |
wp-admin/includes/media.php: media_upload_form() |
Outputs the legacy media upload form. |
wp-admin/includes/media.php: get_media_item() |
Retrieve HTML form for modifying the image attachment. |
wp-admin/includes/class-wp-comments-list-table.php: WP_Comments_List_Table::handle_row_actions() |
Generate and display row actions links. |
wp-admin/includes/template.php: compression_test() |
Test support for compressing JavaScript from PHP |
wp-admin/includes/template.php: _list_meta_row() |
Outputs a single row of public meta data in the Custom Fields meta box. |
wp-admin/includes/image-edit.php: wp_image_editor() |
Loads the WP image-editing interface. |
wp-admin/includes/plugin-install.php: install_plugins_favorites_form() |
Show a username form for the favorites page |
wp-admin/includes/ajax-actions.php: wp_ajax_install_theme() |
Ajax handler for installing a theme. |
wp-admin/includes/ajax-actions.php: wp_ajax_install_plugin() |
Ajax handler for installing a plugin. |
wp-admin/includes/ajax-actions.php: wp_ajax_query_themes() |
Ajax handler for getting themes from themes_api(). |
wp-admin/includes/ajax-actions.php: wp_ajax_replyto_comment() |
Ajax handler for replying to a comment. |
wp-admin/includes/class-wp-plugin-install-list-table.php: WP_Plugin_Install_List_Table::display_rows() | |
wp-admin/includes/user.php: WP_Privacy_Data_Export_Requests_Table::column_email() |
Actions column. |
wp-admin/includes/user.php: WP_Privacy_Data_Export_Requests_Table::column_next_steps() |
Displays the next steps column. |
wp-admin/includes/user.php: WP_Privacy_Data_Removal_Requests_Table::column_email() |
Actions column. |
wp-admin/includes/user.php: WP_Privacy_Data_Removal_Requests_Table::column_next_steps() |
Next steps column. |
wp-admin/includes/plugin.php: activate_plugin() |
Attempts activation of plugin in a “sandbox” and redirects on success. |
wp-admin/includes/post.php: _admin_notice_post_locked() |
Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post. |
wp-admin/includes/post.php: post_preview() |
Saves a draft or manually autosaves for the purpose of showing a post preview. |
wp-admin/includes/dashboard.php: _wp_dashboard_recent_comments_row() |
Outputs a row for the Recent Comments widget. |
wp-admin/includes/revision.php: wp_prepare_revisions_for_js() |
Prepare revisions for JavaScript. |
Changelog
Version | Description |
---|---|
WP-4.0.0 | Session tokens were integrated with nonce creation |
WP-2.0.3 | Introduced. |