Open ddur opened 5 years ago
Actually, private or localhost address can also be used from shared server by other shared server users. So, I believe that this line should not skip 'XX' code from checking, but leave it to user defined checks (country codes). Same as 'ZZ' code described in two lines below. https://github.com/tokkonopapa/WordPress-IP-Geo-Block/blob/5df0e717b27eb888b2559557f4c1c651fbbd99ad/ip-geo-block/classes/class-ip-geo-block.php#L383
I do not see why localhost/private request would be allowed to skip nonce validation, especially under shared server environment? https://github.com/tokkonopapa/WordPress-IP-Geo-Block/blob/5df0e717b27eb888b2559557f4c1c651fbbd99ad/ip-geo-block/classes/class-ip-geo-block.php#L825
Actually, private or localhost address can also be used from shared server by other shared server users. So, I believe that this line should not skip 'XX' code from checking, but leave it to user defined checks (country codes). Same as 'ZZ' code described in two lines below. https://github.com/tokkonopapa/WordPress-IP-Geo-Block/blob/5df0e717b27eb888b2559557f4c1c651fbbd99ad/ip-geo-block/classes/class-ip-geo-block.php#L383
I do not see why localhost/private request would be allowed to skip nonce validation, especially under shared server environment? https://github.com/tokkonopapa/WordPress-IP-Geo-Block/blob/5df0e717b27eb888b2559557f4c1c651fbbd99ad/ip-geo-block/classes/class-ip-geo-block.php#L825