Request: security audit for my first ajax plugin?
-
Hi,
I wrote a simple plugin to delete comments directly from the frontend: https://github.com/MarcDK/marctv-ajax-trash-comments I don’t want to publish this to the wp repository until somebody took a look at it.
Here is what I did to make it more secure:
* Proper use of nonce and corresponding check_ajax_referer() function. I understand that this is some kind of hash check to make sure the origin of the request is the correct one in that context.
* Used input_filter instead of global POST variable.
* Included a current_user_can() check.
Did i overlook anything or maybe I misunderstood how these things work?
- The topic ‘Request: security audit for my first ajax plugin?’ is closed to new replies.