[wp-hackers] (no subject)
Michael D Adams
mikea at turbonet.com
Wed Apr 19 20:38:45 GMT 2006
Mark Jaquith's interesting "Rethinking check_admin_referer()" thread
 has generated some POST v. GET debate. This debate seems to crop
up once or twice a year, so while people are thinking about it, allow
me to needlessly fan the flames :)
Of particular interest to me was Bryan Layman's reply  suggesting
that GETs be met with an approval screen and POSTs be checked by
check_admin_referer() (or whatever security system) before going on
their merry state changing way.
Though GETs can probably be made just as secure as POSTs, I see no
harm in changing many of WP's requests to POST.
Here's what I suggest:
1. If non indempotent operations are called by GETs, produce a
confirmation screen (similar to mailapprovecomment) per .
2. If non indempotent operations are called by POSTs, if
( check_admin_referer() ) go.
3. Change many of WP's admin requests to POSTs. I may have missed
some, and some of those listed below are a little silly; I just made
a cursory glance through wp-admin/. Some CSS magic would be needed
in order to keep the admin pages not hideous (this is beyond me).
a. Delete Post/Page
b. Delete Comment
c. (Un)Approve Comment
d. Delete Category
e. Delete Link
f. Move Link
g. (De)Activate Plugins
h. Change Themes
4. Add do_action( 'wp_admin_form', what, id ) to all FORMs in the
admin section. This allows people to create a plugin that castrates
check_admin_referer() wherever deemed necessary and to include nonces
(or anything else) in specific FORMs.
Mark and Owen Winkler proposed a similar idea :
1. Switch to nonces
2. Switch to POSTs
3. if nonce fails, check_admin_referer()
4. if that fails, present confirmation dialogue.
My proposal is similar, but keeps the referer as the main check and
allows other checks to be optionally plugged in. It would not allow
a complete replacement of check_admin_referer() by nonces, but
perhaps it's good enough? Maybe I'm just being lazy and skirting the
"check_admin_referer() really needs to be rethought" issue.
More information about the wp-hackers