[wp-hackers] Nonces, Siteurl and TinyMCE

[Andy Staines]

I'd like to ask 3 questions having not found the answers elsewhere.  
Hopefully this is still the best place to find such advice.

1: Nonces

I have been attempting to set up nonces on a plugins admin forms as  
encouraged at 'Mark on WordPress'. Whatever I try however, I always  
get a 'header already sent' (started in menu_header.php:20 in  
functions.php line 1219). Which is wp_die(). This is followed by the  
'Are you sure' message and clicking yes takes me to the "Manage  
Posts' page for some obscure reason. My own page is left as it was of  
course.

I have scoured my code and trimmed it to the minimum and there is  
absolutely no output prior to the check_admin_referer('nonce_key') call.

The question is, is the info at Marks site still current and correct  
or has something changed in 2.1 that I am unaware of? I wanted to  
secure this stuff as much as I could but so far am just failing!

2: Siteurl

If a user has set up WP as 'www.example.com/wordpress' but has  
redirected to the root so that  '/wordpress' does not form part of  
the url, the option setting 'siteurl' includes the /wordpress folder.  
If I want to get at the actual url the site uses is it 'wpurl' or  
'home'? I think its 'home' but I'm not sure. Sadly, I can't set up a  
quick test at the moment and need to know quickly!

3: TinyMCE

Something I asked a couple of weeks back but I think the post got  
lost! Does anyone know if there is a documented way of including the  
WP TinyMCE implementation in a plugin to save re-supplying it as a  
part of the plugin? Sorry - I've looked at the code but just get lost...

If this is the wrong place to ask these questions please let me know.  
They didn't seem appropriate for the support forum.

regards and thanks
Andy