[wp-hackers] Any other way to do it? (or,
do we really need Nonces?)
false.hopes at gmail.com
Fri Mar 2 05:53:20 GMT 2007
On 3/1/07, Jeremy Visser <jeremy.visser at gmail.com> wrote:
> Mark Jaquith wrote:
> > On Feb 27, 2007, at 11:47 AM, howard chen wrote:
> >> can WP allow detete/update action thru HTTP Get?
> > We protect HTTP GET deletes with nonces
> I've always disliked doing any dangerous action with GET, regardless of
> whether the links are protected with nonces.
> comment/post ID into a POST form and submit it automagically?
No, it doesn't peacefully degrade for user agents without JS or with
More information about the wp-hackers