Test using admin-ajax
-
The test facility in this plugin falls foul of some security rules, because it:
1. Directly accesses a PHP file in
wp-content
2. Doesn’t have a CSRF token.In our specific case it was being blocked by modsecurity, but I’m sure other setups are likely to have similar problems.
I believe both these issues would be addressed by changing the test to use WordPress’ built-in AJAX endpoint
admin-ajax.phpinstead of directly addressing its own PHP file.https://www.ads-software.com/plugins/active-directory-integration/
- The topic ‘Test using admin-ajax’ is closed to new replies.
