[wp-trac] Re: [WordPress Trac] #2678: Nonces instead of referers
WordPress Trac
wp-trac at lists.automattic.com
Fri Apr 21 22:29:06 GMT 2006
#2678: Nonces instead of referers
----------------------------+-----------------------------------------------
Id: 2678 | Status: new
Component: Administration | Modified: Fri Apr 21 22:29:06 2006
Severity: normal | Milestone:
Priority: normal | Version: 2.1
Owner: anonymous | Reporter: ringmaster
----------------------------+-----------------------------------------------
Comment (by mdawaffe):
We'd get rid of confirmdeletecomment entirely:
{{{
if ( check_admin_referer( 'deletecomment', true ) )
// del0rted
else
// custom confirmation
}}}
But yes.
It would be nice, though, if check_admin_referer() could display something
about the action it's checking even without a custom confirmation so that
the user doesn't just see "Are you sure? [No] [Yes]".
Would it be possible to standardize the actions and filenames enough so
that we could say:
"You are trying to (delete|edit|switch to|...) the
(post|comment|theme|...) (titled|by|...)
'(post_title|comment_author|theme_name|...)'. Do you want to proceed?
[Cancel] [(Delete|Edit|Switch|...) (post|comment|theme|...)]"
Writing custom dialogs for everything is annoying, but the default dialog
is a little sparse right now. Is this more pain that it's worth?
--
Ticket URL: <http://trac.wordpress.org/ticket/2678>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list