[wp-hackers] (no subject)
Brian at TheCodeCave.com
Wed Apr 19 21:36:04 GMT 2006
Michael said something like:
>Of particular interest to me was Bryan Layman's reply  suggesting
>that GETs be met with an approval screen and POSTs be checked by
>check_admin_referer() (or whatever security system) before going on
>their merry state changing way.
Actually, that was Paul Mitchell :) but I agree that it is a interesting
idea especially if the post required a nonce to succeed where as the Get
would not need it. It provides a handy solution for book marking and
emailing destructive links. It's a lot more code and testing but it is a
very interesting idea...
More information about the wp-hackers