[wp-hackers] Rethinking check_admin_referer()
Owen Winkler
ringmaster at midnightcircus.com
Fri Apr 21 21:32:40 GMT 2006
Denis de Bernardy wrote:
> woops... this belongs somewhere else in the thread, but those who followed
> it probably knew instantly. for the others, I meant storing unique tokens
> and the like, which was discussed earlier for so-called nonces, hashes, etc.
Yeah, I was wondering what you were going on about. :)
>> pardon for asking, but what's the point in storing this into
>> the db or a cookie. doesn't it belong in a session variable?
The patch I submitted uses none of those. And it seems to work just
fine in spite of a few changes that need to be made.
Owen
More information about the wp-hackers
mailing list