From 769011e8959cda6c6c31b3e5246e750cc4047758 Mon Sep 17 00:00:00 2001 From: ryan Date: Wed, 17 May 2006 00:28:26 +0000 Subject: [PATCH] Fallback to admin referer check instead of nonce if no action is given to check_admin_referer(). For plugin compatibility. git-svn-id: http://svn.automattic.com/wordpress/trunk@3774 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/pluggable-functions.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wp-includes/pluggable-functions.php b/wp-includes/pluggable-functions.php index 7728633ac4..d05ac9c977 100644 --- a/wp-includes/pluggable-functions.php +++ b/wp-includes/pluggable-functions.php @@ -232,7 +232,9 @@ function check_admin_referer($action = -1) { global $pagenow; $adminurl = strtolower(get_settings('siteurl')).'/wp-admin'; $referer = strtolower($_SERVER['HTTP_REFERER']); - if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) ) { + if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) && + !(-1 == $action && strstr($referer, $adminurl)) ) { + $html = "\n\n\n"; $html .= "\n\t" . __('WordPress Confirmation') . "\n"; $html .= "\n\n";