In the API description for settings_fields() it reads:
Output nonce, action, and option_page fields for a settings page.
And a look in the includes/plugin.php file turns this up:
function settings_fields($option_group) {
echo "<input type="hidden" name="option_page" value="" . esc_attr($option_group) . "" />";
echo '<input type="hidden" name="action" value="update" />';
wp_nonce_field("$option_group-options");
}
I understand that when this function is called within a form it produces something like this:
<form method="post" action="options.php">
<input type="hidden" name="option_page" value="plugin_settings_group">
<input type="hidden" name="action" value="update">
<input type="hidden" id="_wpnonce" name="_wpnonce" value="84cb94ebcf">
<input type="hidden" name="_wp_http_referer" value="/wordpress/wp-admin/options-general.php?page=plugin-options">
</form>
But what is the purpose of this?
Thank you!
1 Answer
Very simply put it puts some hidden fields into the form on an option page.
Those hidden fields are then used to check if the request made to the browser are valid. For some more in dept information you could read the Codex about WP Nonces
