WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #48356, comment 3


Ignore:
Timestamp:
10/17/2019 02:46:57 PM (22 months ago)
Author:
KestutisIT
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #48356, comment 3

    initial v1  
    88I don't think it is good to create my own nonce method here, as this is not a niche scope - more and more plugins rely on LOGGED-IN state, like BuddyPress, bbPress and that is a large amount of WordPress.  And WordPress core says that I MUST CHECK with wp_check_referer. I believe current or later Plugin validator plugin's will reject the plugin if this is not used. I even got to explain when I made sanitation in the model, and not in the controller, and mods of W.org checked in the controller.
    99
    10 So, I'm reopening the ticket, as I strongly believe there has to be done regarding this in WordPress core, as it is first on all related to the basics of security, as as long as WordPress has build-it LOGIN / LOGOUT mechanism, and WP_User is a part of WordPress core, the has to be a way to handle this via WordPress core as well.
     10So, I'm reopening the ticket, as I strongly believe there has to be done regarding this in WordPress core, as it is first of all related to the basics of security, and as long as WordPress has build-it LOGIN / LOGOUT mechanism, and WP_User is a part of WordPress core, the has to be a way to handle this via WordPress core as well.
    1111I also add '2nd opinion tag'. I also do not understand why you removed Javascript tag. What was the reason for that?