WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 5 years ago

Last modified 5 years ago

#5152 closed enhancement (wontfix)

Allow user deletions to occur via URL paramters

Reported by: Viper007Bond Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3
Component: Administration Keywords: has-patch
Focuses: Cc:

Description

There's no way to delete a user via the URL. /wp-admin/users.php relies on $_POST for some things.

Having it be able to be done via the URL could allow plugins to add a link to easily just delete a user rather than having to write a whole form. Or even perhaps a plugin could add to the "a new user has registered on your site" e-mail with a delete link.

As to security, it's all nonce protected, so there shouldn't be any problems.

Thoughts?

Attachments (1)

5152.patch (3.2 KB) - added by Viper007Bond 7 years ago.

Download all attachments as: .zip

Change History (7)

Viper007Bond7 years ago

comment:1 Otto427 years ago

-1.

Using GET links to delete things might not be the greatest idea. What if you're running a pre-caching type of thing (such as, say, google's web accelerator, or half a dozen others) and it prefetches your deletion link? HTTP GET is generally considered safe. Deleting something based on a GET, even with nonces, is not safe.

Let the plugin build a form instead. It's a minor thing for safety.

comment:2 JeremyVisser7 years ago

But heck, we already blatantly violate the RFCs with the Delete links in the management screens (and no, the nonces don't count), so what's a few more? I mean, it's not like WP's goal is to be standards compliant, or anything silly like that. ;)

comment:3 ffemtcj6 years ago

  • Milestone changed from 2.5 to 2.6

comment:5 JeremyVisser5 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

Totally.

comment:6 Denis-de-Bernardy5 years ago

  • Milestone 2.9 deleted
Note: See TracTickets for help on using tickets.