diff options
| author | ozhozh <ozhozh@12232710-3e20-11de-b438-597f59cd7555> | 2012-10-14 18:23:38 +0400 |
|---|---|---|
| committer | ozhozh <ozhozh@12232710-3e20-11de-b438-597f59cd7555> | 2012-10-14 18:23:38 +0400 |
| commit | 26b01cfdc51fec08a66bc2d52ea1cea335d6fb75 (patch) | |
| tree | 6078ec6411138e3b7c3e353f84d560528e1b9991 /user | |
| parent | e2a3ece2089aa41e709a88ce2e540988605dc037 (diff) | |
Best practice: add nonce to the sample plugin
git-svn-id: http://yourls.googlecode.com/svn/trunk@774 12232710-3e20-11de-b438-597f59cd7555
Diffstat (limited to 'user')
| -rw-r--r-- | user/plugins/sample-page/plugin.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/user/plugins/sample-page/plugin.php b/user/plugins/sample-page/plugin.php index e6c8e73d..bfb920c9 100644 --- a/user/plugins/sample-page/plugin.php +++ b/user/plugins/sample-page/plugin.php @@ -22,19 +22,29 @@ function ozh_yourls_samplepage_add_page() { function ozh_yourls_samplepage_do_page() {
// Check if a form was submitted
- if( isset( $_POST['test_option'] ) )
+ if( isset( $_POST['test_option'] ) ) {
+ // Check nonce
+ yourls_verify_nonce( 'sample_page' );
+
+ // Process form
ozh_yourls_samplepage_update_option();
+ }
// Get value from database
$test_option = yourls_get_option( 'test_option' );
+
+ // Create nonce
+ $nonce = yourls_create_nonce( 'sample_page' );
echo <<<HTML
<h2>Sample Plugin Administration Page</h2>
<p>This plugin stores an integer in the option database</p>
<form method="post">
+ <input type="hidden" name="nonce" value="$nonce" />
<p><label for="test_option">Enter an integer</label> <input type="text" id="test_option" name="test_option" value="$test_option" /></p>
<p><input type="submit" value="Update value" /></p>
</form>
+
HTML;
}
|