Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Nonce en una URL
<?php
/*
Plugin Name: Seguridad en Plugins
Description: Aprendiendo a hacer nuestros plugins más seguros
Text Domain: seguridad-plugins
Domain Path: /languages
*/
/**
* Añadimos un enlace debajo del contenido de un post para poder eliminarlo
*/
add_filter( 'the_content', 'dp_sep_add_delete_link' );
function dp_sep_add_delete_link( $content ){
$new_content = $content;
if( is_single() && in_the_loop() && is_main_query() && current_user_can('edit_others_posts') ):
// http://cursodesarrolloplugins.local/?action=dp_sep_delete&post_id=8
$post_id = get_the_ID();
$url = add_query_arg( array(
'action' => 'dp_sep_delete',
'post_id' => $post_id,
'nonce' => wp_create_nonce('dp_sep_delete-'.$post_id),
), home_url() );
$new_content .= '<a href="'.$url.'">'.__( 'Eliminar post', 'seguridad-plugins').'</a>';
endif;
return $new_content;
}
/**
* Recuperamos los parámetros de la URL y eliminamos el post
*/
add_action( 'init', 'dp_sep_delete_post' );
function dp_sep_delete_post(){
if( isset( $_GET['action'] ) &&
isset( $_GET['post_id'] ) &&
isset( $_GET['nonce'] ) &&
current_user_can('edit_others_posts') &&
wp_verify_nonce( $_GET['nonce'], $_GET['action'].'-'.$_GET['post_id'])
):
// Enviamos a la papelera este post
wp_trash_post( $_GET['post_id'] );
// Redireccionamos a la home
wp_safe_redirect( home_url() );
exit;
endif;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.