[wp-hackers] Rethinking check_admin_referer()
Michael D. Adams
mikea at turbonet.com
Wed Apr 19 01:05:22 GMT 2006
> On 4/18/06, Brian Layman <Brian at thecodecave.com> wrote:
> to click on an image that's acting as a submit control in a <form>.
> Requiring POST raises the bar, but doesn't really fix the problem.
Perhaps we already are, but let's get this thread back on track. Mark
wasn't discussing the security problems with the current scheme (which are
not insurmountable ), but the convenience problems.
PS: Not directed at anyone in particular. Rather, equally applicable to
myself as any other.
More information about the wp-hackers