Best practice: add nonce to the sample plugin

git-svn-id: http://yourls.googlecode.com/svn/trunk@774 12232710-3e20-11de-b438-597f59cd7555
infin80 · Oct 14, 2012 · 26b01cf · 26b01cf
1 parent e2a3ece
commit 26b01cf
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/user/plugins/sample-page/plugin.php b/user/plugins/sample-page/plugin.php
@@ -22,19 +22,29 @@ function ozh_yourls_samplepage_add_page() {
 function ozh_yourls_samplepage_do_page() {
 
 	// Check if a form was submitted
-	if( isset( $_POST['test_option'] ) )
+	if( isset( $_POST['test_option'] ) ) {
+		// Check nonce
+		yourls_verify_nonce( 'sample_page' );
+
+		// Process form
 		ozh_yourls_samplepage_update_option();
+	}
 
 	// Get value from database
 	$test_option = yourls_get_option( 'test_option' );
+
+	// Create nonce
+	$nonce = yourls_create_nonce( 'sample_page' );
 
 	echo <<<HTML
 		<h2>Sample Plugin Administration Page</h2>
 		<p>This plugin stores an integer in the option database</p>
 		<form method="post">
+		<input type="hidden" name="nonce" value="$nonce" />
 		<p><label for="test_option">Enter an integer</label> <input type="text" id="test_option" name="test_option" value="$test_option" /></p>
 		<p><input type="submit" value="Update value" /></p>
 		</form>
+
 HTML;
 }