[wp-hackers] Any other way to do it? (or, do we really need Nonces?)

Chris chris.hearn01 at ntlworld.com
Fri Mar 2 00:51:26 GMT 2007

Sorry - I think just answered own question - I guess it's because the 
conversation just refers specifically to _links_

Jeremy Visser wrote:
> Mark Jaquith wrote:
>> On Feb 27, 2007, at 11:47 AM, howard chen wrote:
>>> can WP allow detete/update action thru HTTP Get?
>> We protect HTTP GET deletes with nonces
> I've always disliked doing any dangerous action with GET, regardless of
> whether the links are protected with nonces.
> Can't we have some sort of JavaScript action that will load the
> comment/post ID into a POST form and submit it automagically?
> I would have suggested having separate <button>s like this styled like
> links so we could use POST still:
> 	<button name="comment_id" value="1">Delete me!</button>
> 	<button name="comment_id" value="2">Delete me!</button>
> 	<button name="comment_id" value="3">Delete me!</button>
> ...but MSIE doesn't like it.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list