[wp-hackers] Developer portal

[Matt Walters]

On Sat, Dec 12, 2009 at 11:07 AM, Simon Blackbourn <piemanek at gmail.com> wrote:
> A whole section on plugin security (using wp_nonce, avoiding xss, things to
> be aware of when handling user input, etc.).

[...]

> An easy to follow security checklist, plus other WordPress-specific info,
> plus links to existing security resources online would have been very
> welcome.


+1 -- A central place that had the current best practices for security
in wordpress (including references to the escaping functions that WP
provides) would be great.  I know some folks like Mark and others work
hard on getting this information out there, but if you're new to
WordPress, you may not know he's someone you want to look up for
security info.

Also, and this was noted elsewhere I believe, I really like the
php.net documentation.  Something similar for WordPress where I could
load up worddpress.org/code/get_posts (or whatever URL) and
automatically pull up the parameters, syntax, etc, would be really
valuable to both new WordPress dev's as well as those of us that don't
use one of the functions for a month and then all of the sudden need
it for a project.  Even better if it also had the section, like on
php.net, where it suggested other functions you might be interested
in.  (like on php.net if you pull up fopen() you'll also see links to
fread(), etc)  This would be good for folks that think one function is
what they want, but really there's a more efficient way of doing it
via another function or help you quickly find documentation on other
related functions you're going to need to use anyhow.