Request: security audit for my first ajax plugin?

Hi,

I wrote a simple plugin to delete comments directly from the frontend: https://github.com/MarcDK/marctv-ajax-trash-comments I don’t want to publish this to the wp repository until somebody took a look at it.

Here is what I did to make it more secure:

* Proper use of nonce and corresponding check_ajax_referer() function. I understand that this is some kind of hash check to make sure the origin of the request is the correct one in that context.

* Used input_filter instead of global POST variable.

* Included a current_user_can() check.

Did i overlook anything or maybe I misunderstood how these things work?