check_admin_referer( 'import-upload' ); – what is this?

  • Resolved Sarief

    (@sarief)


    9 years, 10 months ago

    Hello, this is my second day of working with plugins. It may be an obvious question, but I can’t seem to find the answer to it.

    I’ve been deconstructing “wordpress-importer” plugin (tools-import-import wordpress) to learn how this all works. At the same time I tried to build my version of import that would update one meta field based on the other meta field (for example if meta_id == 56 then meta_price == 1000).
    but following steps “wordpress-import” took i can’t understand what the code means.

    so, what is check_admin_referer( ‘import-upload’ ); ? I know what admin referer does but I can’t seem to grasp what ‘import-upload’ points to.

    As of now I’m getting ‘ERROR: The wordpress importer is invalid or is not installed.’.

    I hope for answers or any pointers since I’m stuck without any pointer as to what the problem is about. Hopefully, thanks.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    ‘import_upload’ is an arbitrary string used to calculate a nonce by the code that normally initiates the importer code. The importer confirms the command to import is legitimate by checking the referring page is an admin page and that the nonce sent is legitimate. It verifies the nonce by calculating what it should be, based on the same ‘import-upload’ string.

    A bad actor gains nothing by knowing what the initial nonce string is because the nonce is calculated by not only the initial string, but the current time and the salt defined in wp-config.php.

    Thread Starter Sarief

    (@sarief)

    Thanks. I guess it’s not the issue with nonce then.
    Should have checked that first.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘check_admin_referer( 'import-upload' ); – what is this?’ is closed to new replies.