[wp-trac] Re: [WordPress Trac] #5152: Allow user deletions to occur
via URL paramters
WordPress Trac
wp-trac at lists.automattic.com
Fri Oct 12 01:05:23 GMT 2007
#5152: Allow user deletions to occur via URL paramters
----------------------------+-----------------------------------------------
Reporter: Viper007Bond | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone: 2.4
Component: Administration | Version: 2.3
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+-----------------------------------------------
Comment (by Otto42):
-1.
Using GET links to delete things might not be the greatest idea. What if
you're running a pre-caching type of thing (such as, say, google's web
accelerator, or half a dozen others) and it prefetches your deletion link?
HTTP GET is generally considered safe. Deleting something based on a GET,
even with nonces, is not safe.
Let the plugin build a form instead. It's a minor thing for safety.
--
Ticket URL: <http://trac.wordpress.org/ticket/5152#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list