[wp-hackers] How to prevent "You do not have sufficient permissions to access this page."
Mike Walsh
mpwalsh8 at gmail.com
Tue May 29 00:41:33 UTC 2012
Can you point me to an example that uses admin-post.php? I have been
unable to find one nor can I find a reference to it within WordPress itself.
I played around with it a bit this afternoon and while it appears to work,
I am missing something fundamental because I am missing everything but the
"wrap" DIV on my rendered pages.
Mike
On Tue, May 29, 2012 at 12:47 AM, Dion Hulse (dd32) <wordpress at dd32.id.au>wrote:
> It would be best to send a nonce no matter where you're posting the data
> to.
> you shouldn't ever simply rely on a cap check, you should use a cap
> check to make sure the user is allowed to do it, and a nonce check to
> make sure the user actually requested it.
>
> On 29 May 2012 00:29, Mike Walsh <mpwalsh8 at gmail.com> wrote:
> > On Mon, May 28, 2012 at 1:21 PM, Dion Hulse (dd32) <wordpress at dd32.id.au
> >wrote:
> >
> >> I'd suggest one of 2 things:
> >> 1. Use admin-post.php for callbacks, and redirect back to the plugin
> >> page afterwards
> >> or
> >> 2. Register the pages you need, and use the load-<pagehook> action to
> >> process form events from that page. The load hook is run before any
> >> admin template code is run.
> >>
> >> I'm not sure if I'm missing something here though :)
> >>
> >>
> > Just to clarify, if I use admin-post.php, I need to add a nonce to the
> URL,
> > correct?
> >
> > Mike
> > --
> > Mike Walsh - mpwalsh8 at gmail.com
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
--
Mike Walsh - mpwalsh8 at gmail.com
More information about the wp-hackers
mailing list