Support » Plugins and Hacks » Hacks » Edit post data outside of loop [Approve/Reject system]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    The click action should result in a form submit using the POST method, where the post ID is a hidden form field. The ID is still discoverable, but it is much less obvious than an URL parameter. In addition, the form should submit a nonce field so the server can confirm the request is from a valid form and not some user trying to game the system.

    You may also want to consider a mechanism so that the same user cannot vote more than once, unless this is actually a “feature” of your scheme. It’s very difficult to make a voting scheme that cannot be cheated, but you can at least make cheating difficult for the average user.

    Finally, consider using an AJAX-like technique to submit the vote, instead of requesting an entirely new page, unless again, this is a “feature” of your scheme.

    Swennet

    (@swennet)

    @bcworkz

    Thanks for the pointers! I already finished the script with some of the features you recommended. I will also look into AJAX and the nonce fields.

    Thanks for the reply!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Edit post data outside of loop [Approve/Reject system]’ is closed to new replies.