[wp-hackers] (no subject)
Brian Layman
Brian at TheCodeCave.com
Wed Apr 19 21:36:04 GMT 2006
Michael said something like:
>Of particular interest to me was Bryan Layman's reply [2] suggesting
>that GETs be met with an approval screen and POSTs be checked by
>check_admin_referer() (or whatever security system) before going on
>their merry state changing way.
>[2] http://comox.textdrive.com/pipermail/wp-hackers/2006-April/
>005753.html
Actually, that was Paul Mitchell :) but I agree that it is a interesting
idea especially if the post required a nonce to succeed where as the Get
would not need it. It provides a handy solution for book marking and
emailing destructive links. It's a lot more code and testing but it is a
very interesting idea...
More information about the wp-hackers
mailing list