/** * Retrieve or display nonce hidden field for forms. * * The nonce field is used to validate that the contents of the form came from * the location on the current site and not somewhere else. The nonce does not * offer absolute protection, but should protect against most cases. It is very * important to use nonce field in forms. * * If you set $echo to true and set $referer to true, then you will need to * retrieve the {@link nxt_referer_field() nxt referer field}. If you have the * $referer set to true and are echoing the nonce field, it will also echo the * referer field. * * The $action and $name are optional, but if you want to have better security, * it is strongly suggested to set those two parameters. It is easier to just * call the function without any parameters, because validation of the nonce * doesn't require any parameters, but since crackers know what the default is * it won't be difficult for them to find a way around your nonce and cause * damage. * * The input name will be whatever $name value you gave. The input value will be * the nonce creation value. * * @package bbPress * @subpackage Security * @since 1.0 * * @param string $action Optional. Action name. * @param string $name Optional. Nonce name. * @param bool $referer Optional, default true. Whether to set the referer field for validation. * @param bool $echo Optional, default true. Whether to display or return hidden form field. * @return string Nonce field. */ function bb_nonce_field($action = -1, $name = "_nxtnonce", $referer = true, $echo = true) { $name = esc_attr($name); $nonce = bb_create_nonce($action); $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . $nonce . '" />'; if ($echo) { echo $nonce_field; } if ($referer) { nxt_referer_field($echo, 'previous'); } return $nonce_field; }
/** * Retrieve or display nonce hidden field for forms. * * The nonce field is used to validate that the contents of the form came from * the location on the current site and not somewhere else. The nonce does not * offer absolute protection, but should protect against most cases. It is very * important to use nonce field in forms. * * The $action and $name are optional, but if you want to have better security, * it is strongly suggested to set those two parameters. It is easier to just * call the function without any parameters, because validation of the nonce * doesn't require any parameters, but since crackers know what the default is * it won't be difficult for them to find a way around your nonce and cause * damage. * * The input name will be whatever $name value you gave. The input value will be * the nonce creation value. * * @package NXTClass * @subpackage Security * @since 2.0.4 * * @param string $action Optional. Action name. * @param string $name Optional. Nonce name. * @param bool $referer Optional, default true. Whether to set the referer field for validation. * @param bool $echo Optional, default true. Whether to display or return hidden form field. * @return string Nonce field. */ function nxt_nonce_field($action = -1, $name = "_nxtnonce", $referer = true, $echo = true) { $name = esc_attr($name); $nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . nxt_create_nonce($action) . '" />'; if ($referer) { $nonce_field .= nxt_referer_field(false); } if ($echo) { echo $nonce_field; } return $nonce_field; }
?> " tabindex="10" /> </label> <label> <?php _e('Password'); ?> <br /> <input name="pwd" type="password" id="quick_password" size="13" maxlength="40" tabindex="11" /> </label> <input name="redirect_to" type="hidden" value="<?php echo $re; ?> " /> <?php nxt_referer_field(); ?> <input type="submit" name="Submit" class="submit" value="<?php echo esc_attr__('Log in »'); ?> " tabindex="13" /> </div> <div class="remember"> <label> <input name="rememberme" type="checkbox" id="quick_remember" value="1" tabindex="12"<?php echo $remember_checked; ?> /> <?php _e('Remember me');
/** * Returns nonce field HTML * * @param string $action * @param string $name * @param bool $referer * @param bool $echo * @return string */ function nonce_field($action = -1, $name = '_nxtnonce', $referer = true) { $name = esc_attr($name); $return = '<input type="hidden" name="' . $name . '" value="' . nxt_create_nonce($action) . '" />'; if ($referer) { $return .= nxt_referer_field(false); } return $return; }