Relying on browser referer to watermark is insecure
-
Some browsers don’t send a referer header, and they can be faked. So, this piece of code won’t work if no browser referer is sent.
if ( strpos( strtolower( wp_get_referer() ), strtolower( admin_url() ), 0 ) === 0 )
Instead it should be:
if ( is_admin() && ( ! defined( 'DOING_AJAX' ) || ! DOING_AJAX ))
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Relying on browser referer to watermark is insecure’ is closed to new replies.