Changes between Initial Version and Version 1 of Ticket #48356, comment 3
- Timestamp:
- 10/17/2019 02:46:57 PM (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #48356, comment 3
initial v1 8 8 I don't think it is good to create my own nonce method here, as this is not a niche scope - more and more plugins rely on LOGGED-IN state, like BuddyPress, bbPress and that is a large amount of WordPress. And WordPress core says that I MUST CHECK with wp_check_referer. I believe current or later Plugin validator plugin's will reject the plugin if this is not used. I even got to explain when I made sanitation in the model, and not in the controller, and mods of W.org checked in the controller. 9 9 10 So, I'm reopening the ticket, as I strongly believe there has to be done regarding this in WordPress core, as it is first o n all related to the basics of security, asas long as WordPress has build-it LOGIN / LOGOUT mechanism, and WP_User is a part of WordPress core, the has to be a way to handle this via WordPress core as well.10 So, I'm reopening the ticket, as I strongly believe there has to be done regarding this in WordPress core, as it is first of all related to the basics of security, and as long as WordPress has build-it LOGIN / LOGOUT mechanism, and WP_User is a part of WordPress core, the has to be a way to handle this via WordPress core as well. 11 11 I also add '2nd opinion tag'. I also do not understand why you removed Javascript tag. What was the reason for that?