[wp-trac] Re: [WordPress Trac] #2678: Nonces instead of referers
WordPress Trac
wp-trac at lists.automattic.com
Sat Apr 22 23:59:46 GMT 2006
#2678: Nonces instead of referers
----------------------------+-----------------------------------------------
Id: 2678 | Status: new
Component: Administration | Modified: Sat Apr 22 23:59:46 2006
Severity: normal | Milestone:
Priority: normal | Version: 2.1
Owner: anonymous | Reporter: ringmaster
----------------------------+-----------------------------------------------
Comment (by ringmaster):
ryan: As far as I looked, plugins never pass through
cheack_admin_referer() unless they call it themselves. (All "page="
handling is done in admin.php and then exit()s, before the core admin page
is even fully executed.) So it wouldn't make things more backwards
compatible if we added that check. I had assumed that we did that, but
apparently we don't. It's actually one reason why adding this patch will
run more smoothly than we thought.
+1 for pluggable creates and verifies from me, too. Let the vocal non-
contributors wait for someone else to write something "better".
--
Ticket URL: <http://trac.wordpress.org/ticket/2678>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list