wp_verify_nonce vs check_admin_referer
I thought that check_admin_referer checked the nonce (it does call wp_verify_nonce, and the referring url. After digging into the core code I realised that it did not do this. Thinking it was a bug I reported it, and Ryan Boren replied with the following: Actually, if the nonce is valid the referrer should not be … Read more