Be carefull when using login link! | ww.wp.xz.cn

gioni
(@gioni)

10 years, 6 months ago

Do not use sample code from description of this plugin! That is unsafe way!

Do not ever use code like
echo $_SERVER['REQUEST_URI'];
It opens door for potential XSS attack!

This is right and safe way:
<a href="/wp-login.php?redirect_to=<?php echo esc_url_raw($_SERVER['REQUEST_URI']); ?>" class="simplemodal-login">Log In</a>

https://ww.wp.xz.cn/plugins/simplemodal-login/

The topic ‘Be carefull when using login link!’ is closed to new replies.

Tags

xss

0 replies
1 participant
Last reply from: gioni
Last activity: 10 years, 6 months ago
Status: not resolved