lolamax
Forum Replies Created
-
Regarding the cookie values you mentioned: I do not see any cookies (except wordpress_test_cookie) on the wp-login.php pages, when user is not-logged-in. Or am I wrong?
Thank you for the reply. I understand that there are few absolutes in security and my intention to ask this question is to learn to understand the security implications and consequences. Just to understand better: What is the reason, that wordpress does not use nonces in the login / registration and comment form?
Forum: Plugins
In reply to: [WooCommerce] Creating custom WooCommerce endpointsWould be great, if someone could help with this…
Thank you!
Forum: Everything else WordPress
In reply to: Not escaped WP core functionsThat’s good to know. Thank you for the detailed explanation!
Forum: Everything else WordPress
In reply to: Not escaped WP core functionsThere was no reaction on the ticket https://core.trac.www.ads-software.com/ticket/51611 until now. Because it’s my first ticket there, I ask myself what I’ve done wrong? Did I make a mistake in the ticket creation or is my question not worth answering?
Forum: Everything else WordPress
In reply to: Not escaped WP core functionsI understand – this makes sense.
Thank you!Forum: Everything else WordPress
In reply to: Not escaped WP core functionsI get your point, however, wouldn’t it be better not to use these functions, as long as they echo without escaping and instead use get_the_archive_title() and get_the_archive_description(), directly and escape the output (Like it is done e.g. in twenty twenty)?
Forum: Everything else WordPress
In reply to: Not escaped WP core functionsHi Joy,
You mean something like it’s done in twenty twenty ( echo wp_kses_post( $archive_title ); )?
Could you please explain a bit more detailed, why you think that this is not necessary?