#5152 closed enhancement (wontfix)
Allow user deletions to occur via URL paramters
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Administration | Version: | 2.3 |
| Severity: | normal | Keywords: | has-patch |
| Cc: |
Description
There's no way to delete a user via the URL. /wp-admin/users.php relies on $_POST for some things.
Having it be able to be done via the URL could allow plugins to add a link to easily just delete a user rather than having to write a whole form. Or even perhaps a plugin could add to the "a new user has registered on your site" e-mail with a delete link.
As to security, it's all nonce protected, so there shouldn't be any problems.
Thoughts?
Attachments (1)
Change History (7)
Viper007Bond
— 6 years ago
comment:2
JeremyVisser
— 6 years ago
But heck, we already blatantly violate the RFCs with the Delete links in the management screens (and no, the nonces don't count), so what's a few more? I mean, it's not like WP's goal is to be standards compliant, or anything silly like that. ;)
comment:4
Denis-de-Bernardy
— 4 years ago
wontfix?
comment:5
JeremyVisser
— 4 years ago
- Resolution set to wontfix
- Status changed from new to closed
Totally.
comment:6
Denis-de-Bernardy
— 4 years ago
- Milestone 2.9 deleted
Note: See
TracTickets for help on using
tickets.
-1.
Using GET links to delete things might not be the greatest idea. What if you're running a pre-caching type of thing (such as, say, google's web accelerator, or half a dozen others) and it prefetches your deletion link? HTTP GET is generally considered safe. Deleting something based on a GET, even with nonces, is not safe.
Let the plugin build a form instead. It's a minor thing for safety.