how to get the correct wpnonce to approve comments from frontend ?

  • Hi,

    My question is in the title, i’d like to add on the frontend a comments approve link (visible only by admins), i’ve already managed to show to admins all pending posts on post list.

    I think i’ve got the right link to approve comments (from the admin) :

    https://localhost/mysite/wp-admin/comment.php?c=54&action=approvecomment&_wpnonce=ffaa9b1c5d

    I just dont undersand how i can generate the right wpnonce from frontend, i’ve seen in the admin files that it seems to use “approve-comment_”+comment_ID to generate it, but i dont get the same using

    wp_create_nonce(“approve-comment_”.$comment->comment_ID)

    maybe because i use this from a different url , is it possible to get the right one ?

    thanks

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter reghyz

    (@reghyz)

    ok, i think i’ve found it in class-wp-comments-list-table.php from wp-admin, here’s my code (add it in the comment callback function, twentyten_comment() in function.php for exemple): 

    <?php
$approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
$url = home_url( '/' )."wp-admin/comment.php?c=$comment->comment_ID";
$approve_url = esc_url( $url . "&action=approvecomment&$approve_nonce" );
echo '<a class="publish" href="'.$approve_url.'" >approve comment</a>';
?>

    Pay attention when using nonce on frontend: if you have a cache system, the pages can have a “old” nonce and if you verify that once while a comment is posted you can end up with a non valid nonce.

    Stefano Lissa.
    ps: I experienced that with BBPress which uses the nonce on topic and response submissions.

    Thread Starter reghyz

    (@reghyz)

    hi Stefano,
    I don’t use any cache system actualy, but i may be needed a near future, thanks for sharing your experience, it’s a precious advice.

    by the way, what cache system are you using on your BBPress, and how did you solve this problem ?

    Hi, I solved the problem setting the cache to not act on /forums staring addresses (/forums is the marker for forums managed by bbpress). The cache is Lite Cache but any cache has that configuration.

    Stefano Lissa.

    Thread Starter reghyz

    (@reghyz)

    ok, thanks

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘how to get the correct wpnonce to approve comments from frontend ?’ is closed to new replies.