Title: Loophole software
Last modified: September 1, 2016

---

# Loophole software

 *  [alnazer](https://wordpress.org/support/users/alnazer/)
 * (@alnazer)
 * [9 years, 11 months ago](https://wordpress.org/support/topic/loophole-software/)
 * Note that there is a loophole in the software
    in file controllers/respond.php
 * i any one know any post id he will add a comment
 * i suggest add variable in get parameter named accesstoken
    when user want add
   a new comment Compare this code value value of existing properties plugin
 * existing accesstoken manager can controlled by plugin options
 * example
 *     ```
       class JSON_API_Respond_Controller {
   
         function submit_comment() {
           global $json_api;
           nocache_headers();
           if (empty($_REQUEST['post_id'])) {
             $json_api->error("No post specified. Include 'post_id' var in your request.");
           } else if (empty($_REQUEST['name']) ||
                      empty($_REQUEST['email']) ||
                      empty($_REQUEST['content'])) {
             $json_api->error("Please include all required arguments (name, email, content).");
           } else if (!is_email($_REQUEST['email'])) {
             $json_api->error("Please enter a valid email address.");
           }elseif($_REQUEST['accesstoken'] !== get_option('json_api_accesstoken',true)){
           	 $json_api->error("Please enter a correct AccessToken.");
           }
           $pending = new JSON_API_Comment();
           return $pending->handle_submission();
         }
   
       }
       ```
   
 * **elseif($_REQUEST[‘accesstoken’] !== get_option(‘json_api_accesstoken’,true)){
   
   $json_api->error(“Please enter a correct AccessToken.”); } Excuse my English 
   is weak
 * [https://wordpress.org/plugins/json-api/](https://wordpress.org/plugins/json-api/)

The topic ‘Loophole software’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/json-api.svg)
 * [JSON API](https://wordpress.org/plugins/json-api/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/json-api/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/json-api/)
 * [Active Topics](https://wordpress.org/support/plugin/json-api/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/json-api/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/json-api/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [alnazer](https://wordpress.org/support/users/alnazer/)
 * Last activity: [9 years, 11 months ago](https://wordpress.org/support/topic/loophole-software/)
 * Status: not resolved