search

webtions / i-recommend-this

This plugin allows your visitors to simply like/recommend your posts instead of comment on it.
22 stars 10 forks source link

Secure widget code #18

Closed hchouhan closed 6 years ago

hchouhan commented 6 years ago

Not using Nonces and/or checking permissions

Please add a nonce to your POST calls to prevent unauthorized access.

Keep in mind, check_admin_referer alone is NOT bulletproof security. Do not rely on nonces for authorization purposes. Use current_user_can() in order to prevent users without the right permissions from accessing things.

https://codex.wordpress.org/WordPress_Nonces

Example:

function options_widget_most_recommended_posts()

Use code from https://github.com/wpexplorer/my-widget-plugin/blob/master/my-widget-plugin.php

hchouhan commented 6 years ago

8c4859a5107f1f9abf4136a15ff57eda3b3d1a2c