Wp-nonce to protect against csrf requests in the search form

localhost8080 · localhost8080 · commit 35bf57a98352 · 2014-09-13T16:05:18.000+01:00
diff --git a/search.php b/search.php
@@ -4,4 +4,16 @@
  * 
  * @package multiloquent\template_parts
  */
-get_template_part('archive');
+
+if (empty( $_POST['name_of_nonce_field'])  || ! wp_verify_nonce( $_POST['search'], 'search' ) ) {
+    // 404 ?
+    get_header();
+    echo '<div class="container post"> ';
+    get_template_part('error-snippet');
+    echo '</div>';
+    get_footer();
+    exit;
+} else {
+   // process form data
+    get_template_part('archive');
+}
diff --git a/searchform.php b/searchform.php
@@ -14,5 +14,6 @@
 		<span class="input-group-addon">
 			<label title="search" for="s" class="" style="margin:0"><span class="fa fa-search fafw"></span></label>
 		</span>
+        <?php wp_nonce_field('search','search'); ?>
 	</div>   
 </form>
