i dont really understand why the check if the nonce function exists before running it …
if ( function_exists('wp_nonce_field') )
wp_nonce_field('gmp_nonce_check');
i understand its for backwards compatibility …
Also notice how you are verifying that
thewp_nonce_fieldfunction exists
before trying to call it for backward
compatibility
but wont it break anyway if on post back i check
if ( isset($_POST['submit']) ) {
check_admin_referer('gmp_nonce_check');
The answer is that you should not check if wp_nonce_field() exists before using it!
The recommendation to perform the check assumes that you want to be compatible with versions of WordPress from before the function existed. If Rarst is right that it was introduced in 2.0.4 then you should NOT be supporting earlier versions, as they are all absolutely insecure and anyone using them needs to upgrade RIGHT NOW.
Usually you should not have to check for existence of functions from inside WP, unlike functions from plugins that might not be activated.
Where did you see that comment you quoted? It should be removed.
If I understand your question right – you ask why there is no need to check if check_admin_referer() defined as well?
As far as I see from docs this function is much older (since WP 1.2.0) than wp_nonce_field() (since WP 2.0.4). So I would assume you are much less likely to encounter version that ancient that it doesn’t have check_admin_referer().
You check for the existence of a function to prevent a fatal error and subsequent application halt when your code is executed on a version of WordPress that does not include the function you are attempting to use.
Does this ensure backwards compatibility? Absolutely. More importantly, however, this check prevents your code from causing the entire application to crash when your code is executed:
Thus, in your code, you could do the following: