[wp-hackers] Rethinking check_admin_referer()

Brian Layman Brian at TheCodeCave.com
Wed Apr 19 15:12:00 GMT 2006


Mark Jaquith wrote:
> 3) if HTTP referer isn't from the admin, present "are you sure" dialog
This would also have the advantage of moving the AYS dialog call into the
actual deletion function.  The reason I was able to delete a post without
any notice to the admin is that they AYS prompt is totally independent of
the hyperlink that actually triggers the deletion.



More information about the wp-hackers mailing list