Retrieves URL with nonce added to URL query.
Parameters
$actionurl
stringrequired- URL to add nonce action.
$action
int|stringoptional- Nonce action name.
Default:
-1
$name
stringoptional- Nonce name. Default
'_wpnonce'
.Default:
'_wpnonce'
Return
string Escaped URL with nonce action added.Source
function wp_nonce_url( $actionurl, $action = -1, $name = '_wpnonce' ) {
$actionurl = str_replace( '&', '&', $actionurl );
return esc_html( add_query_arg( $name, wp_create_nonce( $action ), $actionurl ) );
}
Related
Uses | Description |
---|---|
wp_create_nonce()wp-includes/pluggable.php | Creates a cryptographic token tied to a specific action, user, user session, and window of time. |
esc_html()wp-includes/formatting.php | Escaping for HTML blocks. |
add_query_arg()wp-includes/functions.php | Retrieves a modified URL query string. |
Used by | Description |
---|---|
core_auto_updates_settings()wp-admin/update-core.php | Display WordPress auto-updates settings. |
Plugin_Installer_Skin::do_overwrite()wp-admin/includes/class-plugin-installer-skin.php | Checks if the plugin can be overwritten and outputs the HTML for overwriting a plugin on upload. |
Theme_Installer_Skin::do_overwrite()wp-admin/includes/class-theme-installer-skin.php | Checks if the theme can be overwritten and outputs the HTML for overwriting a theme on upload. |
WP_MS_Themes_List_Table::column_autoupdates()wp-admin/includes/class-wp-ms-themes-list-table.php | Handles the auto-updates column output. |
WP_Privacy_Data_Removal_Requests_List_Table::column_email()wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php | Outputs the Actions column. |
WP_Privacy_Data_Removal_Requests_List_Table::column_next_steps()wp-admin/includes/class-wp-privacy-data-removal-requests-list-table.php | Outputs the Next steps column. |
WP_Privacy_Data_Export_Requests_List_Table::column_email()wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php | Actions column. |
WP_Privacy_Data_Export_Requests_List_Table::column_next_steps()wp-admin/includes/class-wp-privacy-data-export-requests-list-table.php | Displays the next steps column. |
wp_admin_bar_recovery_mode_menu()wp-includes/admin-bar.php | Adds a link to exit recovery mode when Recovery Mode is active. |
wp_recovery_mode_nag()wp-admin/includes/update.php | Displays a notice when the user is in recovery mode. |
WP_Site_Health::get_test_https_status()wp-admin/includes/class-wp-site-health.php | Tests if the site is serving content over HTTPS. |
do_block_editor_incompatible_meta_box()wp-admin/includes/template.php | Renders a “fake” meta box with an information message, shown on the block editor, when an incompatible meta box is found. |
wp_load_press_this()wp-admin/press-this.php | |
wp_ajax_delete_plugin()wp-admin/includes/ajax-actions.php | Handles deleting a plugin via AJAX. |
wp_ajax_delete_theme()wp-admin/includes/ajax-actions.php | Handles deleting a theme via AJAX. |
WP_Posts_List_Table::handle_row_actions()wp-admin/includes/class-wp-posts-list-table.php | Generates and displays row action links. |
WP_Links_List_Table::handle_row_actions()wp-admin/includes/class-wp-links-list-table.php | Generates and displays row action links. |
WP_MS_Themes_List_Table::column_name()wp-admin/includes/class-wp-ms-themes-list-table.php | Handles the name column output. |
WP_MS_Sites_List_Table::handle_row_actions()wp-admin/includes/class-wp-ms-sites-list-table.php | Generates and displays row action links. |
WP_Terms_List_Table::handle_row_actions()wp-admin/includes/class-wp-terms-list-table.php | Generates and displays row action links. |
WP_MS_Users_List_Table::handle_row_actions()wp-admin/includes/class-wp-ms-users-list-table.php | Generates and displays row action links. |
wp_prepare_themes_for_js()wp-admin/includes/theme.php | Prepares themes for JavaScript. |
delete_theme()wp-admin/includes/theme.php | Removes a theme. |
get_theme_update_available()wp-admin/includes/theme.php | Retrieves the update link if there is a theme update available. |
WP_Plugins_List_Table::single_row()wp-admin/includes/class-wp-plugins-list-table.php | |
Theme_Upgrader_Skin::after()wp-admin/includes/class-theme-upgrader-skin.php | Performs an action following a single theme update. |
Plugin_Installer_Skin::after()wp-admin/includes/class-plugin-installer-skin.php | Performs an action following a plugin install. |
Theme_Installer_Skin::after()wp-admin/includes/class-theme-installer-skin.php | Performs an action following a single theme install. |
Plugin_Upgrader_Skin::after()wp-admin/includes/class-plugin-upgrader-skin.php | Performs an action following a single plugin update. |
WP_Upgrader_Skin::request_filesystem_credentials()wp-admin/includes/class-wp-upgrader-skin.php | Displays a form to the user to request for their FTP/SSH details in order to connect to the filesystem. |
WP_Theme_Install_List_Table::install_theme_info()wp-admin/includes/class-wp-theme-install-list-table.php | Prints the info for a theme (to be used in the theme installer modal). |
WP_Theme_Install_List_Table::single_row()wp-admin/includes/class-wp-theme-install-list-table.php | Prints a theme from the WordPress.org API. |
wp_plugin_update_row()wp-admin/includes/update.php | Displays update information for a plugin. |
wp_theme_update_row()wp-admin/includes/update.php | Displays update information for a theme. |
install_plugin_install_status()wp-admin/includes/plugin-install.php | Determines the status we can perform on a plugin. |
wp_dashboard_plugins_output()wp-admin/includes/deprecated.php | Display plugins text for the WordPress news widget. |
delete_plugins()wp-admin/includes/plugin.php | Removes directory and files of a plugin for a list of plugins. |
wp_import_upload_form()wp-admin/includes/template.php | Outputs the form used by the importers to accept the data to be imported. |
WP_Themes_List_Table::display_rows()wp-admin/includes/class-wp-themes-list-table.php | |
WP_Users_List_Table::single_row()wp-admin/includes/class-wp-users-list-table.php | Generates HTML for a single row on the users.php admin panel. |
get_media_item()wp-admin/includes/media.php | Retrieves HTML form for modifying the image attachment. |
_admin_notice_post_locked()wp-admin/includes/post.php | Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post. |
wp_prepare_revisions_for_js()wp-admin/includes/revision.php | Prepare revisions for JavaScript. |
link_submit_meta_box()wp-admin/includes/meta-boxes.php | Displays link create form fields. |
wp_link_manager_disabled_message()wp-admin/includes/bookmark.php | Outputs the ‘disabled’ message for the WordPress Link Manager. |
WP_Media_List_Table::_get_row_actions()wp-admin/includes/class-wp-media-list-table.php | |
Walker_Nav_Menu_Edit::start_el()wp-admin/includes/class-walker-nav-menu-edit.php | Start the element output. |
do_core_upgrade()wp-admin/update-core.php | Upgrades WordPress core display. |
do_dismiss_core_update()wp-admin/update-core.php | Dismiss a core update. |
do_undismiss_core_update()wp-admin/update-core.php | Undismiss a core update. |
wp_logout_url()wp-includes/general-template.php | Retrieves the logout URL. |
get_delete_post_link()wp-includes/link-template.php | Retrieves the delete posts link for post. |
Changelog
Version | Description |
---|---|
2.0.4 | Introduced. |
Note that
wp_nonce_url
escapes&
to&
and may cause links or redirects to become incorrect.Example
Plugin authors can safely add links that perform tasks using a combination of wp_nonce_url() and admin_url() .
For instance, start by creating the link users can click to do something interesting:
Then, to detect when the user clicks the link, check the nonce validity using wp_verify_nonce() in the function you defined when you called add_menu_page() or one of its Administration Menus wrappers. If the nonce isn’t valid, the link wasn’t clicked, so display the link. Otherwise, do “something interesting.”
Note that the recommended “context” parameter of the nonce is used to disambiguate which button was pressed. If you make more than one button users can press, make sure each button has a different nonce name and/or context.