WordPress at a glance

wp_nonce_url() WP 2.0.4

Adds a nonce token to the URL: ?_wpnonce=9d6bd884a1.

The result of the function is intended only for output, and not for internal usage in PHP (e.g. for redirect with wp_redirect()). That's because the functions escapes the value with esc_html().

Works based on: wp_create_nonce()
✈ 1 time = 0.000102s = fast | 50000 times = 2.28s = fast

No Hooks.

Return

String. Escaped URL with nonce action added.

Usage

wp_nonce_url( $actionurl, $action, $name );
$actionurl(string) (required)
URL to add nonce action.
$action(int/string)
Nonce action name.
Default: -1
$name(string)
Nonce name.
Default: '_wpnonce'

Examples

#1 Basic example

echo wp_nonce_url( 'http://example.com/url' );
// output: http://example.com/url?_wpnonce=1ef8422137

echo wp_nonce_url( 'http://example.com/url?arg=data' );
// output: http://example.com/url?arg=data&_wpnonce=9d6bd884a1

#2 Another basic example

echo wp_nonce_url( 'http://example.com/url', 'my_nonce' );
// output: http://example.com/url?_wpnonce=4a875e9c59

// then check the url
if( wp_verify_nonce( $_GET['_wpnonce'], 'my_nonce' ) )
	echo "Check passed";
else
	echo "Check failed";

#3 Add nonce to the URL for use in wp_redirect()

The result of wp_nonce_url() is intended only for output on the screen, not for internal usage in PHP. If you want to add the nonce to the URL and use it in some function (e.g. wp_redirect()), you can do something like this:

$url = '/wp-admin/admin.php?page=foo';
$nonce = wp_create_nonce( 'my_nonce_key' ); // create nonce

$nonce_url = add_query_arg( [ '_wpnonce'=>$nonce ], $url );

echo $nonce_url; //> /wp-admin/admin.php?page=foo&_wpnonce=74c42a878c

Code of wp nonce url: wp-includes/functions.php VER 5.0.3

<?php
function wp_nonce_url( $actionurl, $action = -1, $name = '_wpnonce' ) {
	$actionurl = str_replace( '&amp;', '&', $actionurl );
	return esc_html( add_query_arg( $name, wp_create_nonce( $action ), $actionurl ) );
}

Related Functions

From tag: nonce (security protection defence)

More from tag: Site security (safety)

No comments
    Hello, !     Log In . Register