Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to add CSRF to manually created form in wordpress?

Tags:

csrf

wordpress

This is my first try to writing custom plugin in WordPress, Certainly there is a way to add CSRF tag to forms in WordPress and check form validity inside server. The question is how can I?

like image 413
Mohammad Ali Akbari Avatar asked Jul 25 '12 21:07

Mohammad Ali Akbari


1 Answers

If you are using Wordpress 2.0.4 or above you can use wp_nonce_field and wp_verify_nonce field to verify. The Wordpress documentation has some examples (which I posted below).

In your form:

<form method="post">
   <!-- some inputs here ... -->
   <?php wp_nonce_field('name_of_my_action','name_of_nonce_field'); ?>
</form>

In your processing action:

<?php
if ( empty($_POST) || !wp_verify_nonce($_POST['name_of_nonce_field'],'name_of_my_action') )
{
   print 'Sorry, your nonce did not verify.';
   exit;
}
else
{
   // process form data
}
like image 141
Chris McKnight Avatar answered Oct 03 '22 20:10

Chris McKnight