[wp-hackers] Nonces, Siteurl and TinyMCE
andy at yellowswordfish.com
Sat Feb 10 22:54:41 GMT 2007
I'd like to ask 3 questions having not found the answers elsewhere.
Hopefully this is still the best place to find such advice.
I have been attempting to set up nonces on a plugins admin forms as
encouraged at 'Mark on WordPress'. Whatever I try however, I always
get a 'header already sent' (started in menu_header.php:20 in
functions.php line 1219). Which is wp_die(). This is followed by the
'Are you sure' message and clicking yes takes me to the "Manage
Posts' page for some obscure reason. My own page is left as it was of
I have scoured my code and trimmed it to the minimum and there is
absolutely no output prior to the check_admin_referer('nonce_key') call.
The question is, is the info at Marks site still current and correct
or has something changed in 2.1 that I am unaware of? I wanted to
secure this stuff as much as I could but so far am just failing!
If a user has set up WP as 'www.example.com/wordpress' but has
redirected to the root so that '/wordpress' does not form part of
the url, the option setting 'siteurl' includes the /wordpress folder.
If I want to get at the actual url the site uses is it 'wpurl' or
'home'? I think its 'home' but I'm not sure. Sadly, I can't set up a
quick test at the moment and need to know quickly!
Something I asked a couple of weeks back but I think the post got
lost! Does anyone know if there is a documented way of including the
WP TinyMCE implementation in a plugin to save re-supplying it as a
part of the plugin? Sorry - I've looked at the code but just get lost...
If this is the wrong place to ask these questions please let me know.
They didn't seem appropriate for the support forum.
regards and thanks
More information about the wp-hackers