Support » Plugins » AJAX Calls – Security?

  • Resolved pipelineae


    Currently writing a plugin for both WP and WPMU that uses ajax calls to do it’s job.

    It’s coming along brilliantly, however I’ve hit a wall.
    The plugin uses SQL inserts, and since the ajax calls to a page that isn’t checked for security (ie: not auth_redirect’d), it’s quite prone to sql-injection in it’s current form.

    Since the plugin uses the xjax responseText for a lot of the page layout, I’m not sure how to go about restricting access to the php file to only logged in users.

    So, I guess what I need to know is:

    • What’s the best way to wp-admin authentications without affecting the layout?
    • What files need to be included by the sql-insert file in order to have all the proper database functions declared?


Viewing 1 replies (of 1 total)
  • Nevermind.

    After a little fooling around, I managed to include admin.php properly from the plugin folder, without wp-config.php being not-found.

    That allowed me to use the auth_redirect() function, which securely checks the cookies ensuring the user is logged in before accessing the php file.

    Took a bit of thinking, but I finally got there.

Viewing 1 replies (of 1 total)
  • The topic ‘AJAX Calls – Security?’ is closed to new replies.