[wp-hackers] Moved from BlogWare to WordPress - Need Help
Paul Mitchell
wp-hackers at paul-mitchell.me.uk
Sat May 20 10:43:52 GMT 2006
Sean Hickey wrote:
>> There is no referer check that I can see. Your plugin directly UPDATEs
>> the database instead of calling wp_update_post().
> I stopped doing referer checks a long time ago because they are
> pretty much pointless. :) The refering URL is so easily faked that
> it's not even worth checking. Especially with Firefox extentions like
> RefControl.
Absolutely. The referer is just one of many pieces of evidence a website
has to authorise a request, but it is a major one. It is a check I might
relax upon demand ("behind a proxy? no worries! here's another way.")
and certainly not one I would give up by default. I like to have a front
door even though I know locks can be picked.
Mark has answered your other questions. The wp_update_post() thing is
just best practice. If the function already exists, use it. If the
function doesn't already exist, find it. :)
All the best,
Paul
More information about the wp-hackers
mailing list