[wp-hackers] Rethinking check_admin_referer()

[Ryan Boren]

Sam Angove wrote:
> For token `md5($end . DB_PASS . $action . $uid)`, can't you do:
> 
> foreach ($dictionary as $word) {
> 	if (md5($known_time . $word . $known_action . $known_uid) == $known_nonce) {
> 		echo "omg! the db password is $word !!!1";
> 	}
> }

Throw in uniqid(rand(), true) so as to foil the aneristic greyfaces with 
our hot eristic vibes.

Ryan