[wp-hackers] Any other way to do it? (or, do we really need Nonces?)

Jeremy Visser jeremy.visser at gmail.com
Sat Mar 3 03:30:21 GMT 2007

Elliotte Harold wrote:
> We've been down this road before. Believe it or not the answer seems to
> be so WP can style the buttons and links a certain way, nothing more.

This sounds like a _really_ bad reason to do so. (Perhaps even against
WP's philosophy?)
It is really not hard to style a <button> or <input> like a link:

	input[type=submit], input[type=button], input[type=reset],
	button {
		border: none;
		background-color: transparent;
		font-family: inherit;
		color: blue;
		text-decoration: underline;

> It really is broken, and is going to continue to be a cause of security
> holes, but I have personally despaired of this being fixed short of a fork.

It is not going to eliminate security holes. Even on POST forms, you
still need the nonce:

	<input type="hidden" name="nonce" value="_deadbeef" />

But with the POST forms, at least it stops a rogue prefetching program
like Google Web Accelerator from randomly deleting posts/comments.

Well, I have to admit GWA isn't a problem anymore, as it's hardcoded not
to prefetch links that contain a '?' in them. Apparently, Backpack users
complained of things disappearing by themselves, and they narrowed down
the cause to GWA.

More information about the wp-hackers mailing list