You can use one save function. wp_nonce_field function creates hidden field with action. You can use wp_nonce_field for two metaboxes if you want different actions for two metaboxes. Please go throgh below link for more information http://codex.wordpress.org/Function_Reference/wp_nonce_field
The second parameter for wp_verify_nonce() is the action. That part is not in your question, but I guess it should be called like: if ( !wp_verify_nonce($_POST[‘nonce’], $_POST[‘action’]) ){
WordPress password reset – why post rp_key?
Yes, nonces should always be used when an authenticated user is triggering an action via a GET/POST request. One of the main purposes of the nonce is it ensure that the current user actually intended to trigger this request. It prevents the security vulnerability known as Cross-Site Request Forgery (CSRF), where an attacker can trick … Read more
You just need to send the nonce along with your AJAX data: $.ajax({ type: ‘POST’, url : profile_edit.ajaxurl, data: $(‘#profile_update’).serialize() + ‘&my_nonce=” + profile_edit.nonce + “&action=update_profile_post’, // don’t forget the action name! }); Alternatively, since you’re using jQuery’s serialize() function, you could just add the nonce directly in the form: <?php wp_nonce_field( ‘update_profile_validation’, ‘my_nonce’ ); … Read more
Yes Not really, but you can verify your change by login to admin and go to your profile. Wait 18 hours and try to submit. It should fail. The longer the nonce expiration time is the longer an attacker might be able to trick you into performing unintended operation (but there is actually very slim … Read more
Nonces are one time use limited life unique numbers. You can clone them but the problem you’ll see is that once sent back to the server and validated, the other clones will become invalid. You have a few ways to handle this. Generate all your boxes on the server and discard the Javascript. Use Ajax … Read more
You can localize your script and pass the nonce and ajax url to the script.Learn more about script localization. function wpse_206839() { // Register our script just like we would enqueue it – for WordPress references wp_register_script( ‘my-special-script’, ‘directory/my-special-script.js’, array( ‘jquery’ ), false, true ); // Create any data in PHP that we may need … Read more
You need to call like below. API call:- http://78.47.177.214/blog/api/get_nonce/?json=get_nonce&controller=posts&method=create_post Responce:- {“status”:”ok”,”controller”:”posts”,”method”:”create_post”,”nonce”:”92f31d49b5″}
I think the problem was that I manually deleted my cookies a few times while testing. Among them was a cookie called “wordpress_logged_in_{token}” where {token} is an unique identifier. My best guess is that lack of this cookie caused issues with nonce creation or/and verification. It was hard to notice because I was still able … Read more