[wp-trac] Re: [WordPress Trac] #7283: Generic POST handler
WordPress Trac
wp-trac at lists.automattic.com
Sat Jul 12 01:39:52 GMT 2008
#7283: Generic POST handler
---------------------+------------------------------------------------------
Reporter: ryan | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.6
Component: General | Version:
Severity: normal | Resolution:
Keywords: |
---------------------+------------------------------------------------------
Comment (by DD32):
> Maybe something to make sure there's a nonce being passed.
Well.. If you want a nonce on it, Better get it in for 2.6 before plugin
authors change over to using it IMO.
A simple nonce based on "admin_post_$action" would be enough i'd have
thought.
That way In the instructions on how to mention it, It can simply be
mentioned that something like this neeeds to be included:
{{{
<input type="hidden" name="action" value="plugin-action" />
<?php wp_nonce_field('admin_post_plugin-action') ?>
}}}
It'll mean that any plugin authors not allready using nonces will get a
bump in that direction & the rest who do use them will be allright.
--
Ticket URL: <http://trac.wordpress.org/ticket/7283#comment:9>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list