[wp-hackers] Rethinking check_admin_referer()

Owen Winkler ringmaster at midnightcircus.com
Fri Apr 21 21:32:40 GMT 2006

Denis de Bernardy wrote:
> woops... this belongs somewhere else in the thread, but those who followed
> it probably knew instantly. for the others, I meant storing unique tokens
> and the like, which was discussed earlier for so-called nonces, hashes, etc.

Yeah, I was wondering what you were going on about.  :)

>> pardon for asking, but what's the point in storing this into 
>> the db or a cookie. doesn't it belong in a session variable?

The patch I submitted uses none of those.  And it seems to work just 
fine in spite of a few changes that need to be made.


More information about the wp-hackers mailing list