$_GET[”] variable with nonce verification

There are two ways of creating nonce verification for $_GET parameters:

  1. If you are coming from a form, you can use the wp_nonce_field function to create your own field. For example:
<form action="edit.php" method="get">
  <input type="text" name="example">
  .....
  <?php wp_nonce_field('my_custom_action', 'my_custom_name'); ?>
  <input type="submit" value="Submit">
</form>
  1. If you are coming from a link you created, use the wp_create_nonce function:
$url = admin_url('edit.php?post_type=weather_info&.....&my_custom_nonce=" . wp_create_nonce("my_custom_action'));

And processing the nonce verification at both cases, within your own code happens with the wp_verify_nonce function:

if ((isset($_GET['post_type']) && ..... ) && wp_verify_nonce($_GET['my_custom_nonce'], 'my_custom_action')) {
  .....
}

WordPress offers the Plugin Check (PCP) plugin, that checks for potential issues. In there they also suggest to do a sanitization and unslashing for nonce fields, so actually this would be the final form of how it should be used:

if ((isset($_GET['post_type']) && ..... ) && wp_verify_nonce(sanitize_text_field(wp_unslash($_GET['my_custom_nonce'])), 'my_custom_action')) {
  .....
}

Related Posts:

  1. Nonces can be reused multiple times? Bug / Security issue?
  2. What is nonce and how to use it with Ajax in WordPress? [duplicate]
  3. Nonce in settings API with tabbed navigation
  4. WordPress REST API call generates nonce twice on every call
  5. Confusion on WP Nonce usage in my Plugin
  6. WordPress password reset – why post rp_key?
  7. Verify Nonce returns false – Request Nonce returns correct value
  8. Maximum lifetime for nonce
  9. Passing nonce at admin menu link
  10. Is nonce in PHP form and Ajax both necessary?
  11. Custom login doesn’t work properly
  12. wp_nonce_field displaying twice
  13. The Correct Way to Use Nonce Field without Settings API
  14. How to use nonce
  15. Where to use nonce
  16. WP_List_Table Inside Metabox With Bulk Actions Not Working on Submit
  17. Saving metabox updates causing fatal error
  18. wp_verify_nonce is always false even when the nonces are identical
  19. How to debug a plugin with Xdebug?
  20. WordPress 4.5 deprecated get_currentuserinfo()
  21. Admin config screen without menu
  22. Is there widely accepted phpDoc syntax for documenting which hook calls a function?
  23. What is the added “complexity” of custom tables?
  24. How to iterate through custom posts and add the title to an array
  25. How to Structure a New Role/Capability Scheme?
  26. How to create Image gallery Metabox in wordpress [closed]
  27. Is it possible to create an action hook using do_action() within add_action()?
  28. Why does preg_replace_callback never fire in this function?
  29. WordPress 2.8 Widget API is suitable for Worpress 3.1.4 plugins development?
  30. Need specific kind of “Poll Voting” for WordPress [closed]
  31. Install widget on plugin activation
  32. Call to undefined function get_blog_option()
  33. Unable to get content from $post on first publish
  34. Plugin admin page meta_box toggle and order state not saving
  35. Best Practices for Creating and Handling Forms with Plugins?
  36. Is there a better way to implement responsive images than what WordPress uses by default?
  37. Gutenberg Block add element in the Editor inside InnerBlocks after div – editor-block-list
  38. Prevent Javascript Facebook SDK Conflicts in plugin
  39. Integrating Stripe PHP library into a custom WordPress Plugin
  40. WordPress API have Plugin Anti-piracy feature?
  41. Use WP_Theme::scandir function to scan a plugin directory. Is there a way?
  42. Plugin options not being saved or created
  43. Customizer: widget-synced triggers twice
  44. Plugin Repo: Why do some plugins get version charts while others don’t?
  45. maintaing consistent layout wordpress dashboard
  46. Change the ‘published on’ text?
  47. .mo translation strings not loading in PHP scripts that handle AJAX calls
  48. How to get boolean value from register_meta properly?
  49. Why is the WordPress taxonomy not registering?
  50. Gravity Forms Perks – Nested Forms
  51. Remove custom post type slug from URL and add taxonomy Slug
  52. How do I get the sub categories of the parent when in a sub category?
  53. custom permalink’s rewrite rule for page id
  54. How can I identify it as admin page or not?
  55. AJAX form post returns 0
  56. Adding admin menus to wordpress
  57. Update custom plugin with WP-CLI
  58. Autogenerate a Table of Contents
  59. Fatal error: Cannot redeclare admin_notice() [closed]
  60. Update wordpress Core Remotely
  61. Proper way to use useSelect
  62. Access to apache logs from plugin
  63. Two different wordpress sites – same server and IP address. Gaining Access to database 1 of 2
  64. Translating plugin settings page – dropdown list
  65. Using function from enqueued .js file in theme in plugin?
  66. how to save wp_editor html content in options table
  67. Hide one specific woocoomerce product
  68. settings api – add_settings_section not working
  69. Plugin Form Submitting to admin-ajax.php instead of admin-post.php
  70. Unable to access custom plugin backend
  71. Resize not resizing images with Capitial extension like JPG
  72. Redirect returning users to a certain page?
  73. Remove Meta-boxes (Yoast SEO plugin) [duplicate]
  74. Can I use a custom post type as a custom taxonomy for a different custom post type?
  75. wp_schedule_single_event is set correctly but sometimes not fired
  76. Attaching Image-file to userId
  77. wp.media gallery collection sometimes undefined
  78. Pass Values in URL on WooCommerce Product Page
  79. Can’t load a script in my plugin page
  80. Add New Button in Admin Panel
  81. ajax call return 406 not acceptable for non logged users only
  82. $ is not defined [duplicate]
  83. Counter not working correctly
  84. Redirect theme directory to plugin theme directory
  85. How To do Ajax In WordPress Custom Plugin?
  86. replacing jquery google cdn with a new version dynamically
  87. Dynamically getting tags in post edit screen
  88. How do WordPress plugins work with oAuth2 APIs?
  89. WordPress mails being sent from @locahost and being rejected
  90. How to implement pagination into a wpdb->result query?
  91. Custom MySQL query to pull out Advanced Custom Fields?
  92. Slug is not shown for my custom post type
  93. wp_register_sidebar_widget in loop within a plugin?
  94. Adding parent custom post type menu option
  95. Get next page in get_posts
  96. How to create wordpress plugin support page? [closed]
  97. How to create a database table in WordPress using PHP
  98. How to create A – Z List with pictures?
  99. Plugin Internationalisation and textdomain
  100. WordPress 6.6.1 – Trying to make a block but receive error, “! Cannot read property ‘then’ of undefined”
tech