Preload query call should ask for token

  • Resolved Willian Cruz

    (@wcruz)


    2 years, 4 months ago

    Hello, guys.

    As anyone can run a manual preload, this can be an issue to large sites. Especially if someone call it repeatedly.

    To avoid this, I suggest you to ask for a token when calling a preload, as you do when we call a chache clearing, ie:
    https://myserver.com/?action=wpfastestcache&type=preload&token=123abc

    The change seems to be simple, something like this in wpFastestCache.php:

    if(isset($_GET) && isset($_GET["type"])  && $_GET["type"] == "preload"){
		// /?action=wpfastestcache&type=preload

		if(isset($_GET["token"]) && $_GET["token"]){
				if(defined("WPFC_CLEAR_CACHE_URL_TOKEN") && WPFC_CLEAR_CACHE_URL_TOKEN){
						if(WPFC_CLEAR_CACHE_URL_TOKEN == $_GET["token"]){
								add_action('init', array($this, "create_preload_cache"), 11);
						}else{
								die("Wrong token");
						}
				}else{
						die("WPFC_CLEAR_CACHE_URL_TOKEN must be defined");
				}
		}else{
				die("Security token must be set.");
		}
}

    Thank you in advance and congratz for the great work.

Viewing 1 replies (of 1 total)
  • Plugin Author Emre Vona

    (@emrevona)

    2 years, 4 months ago

    If someone wants to attack your site, they can do it in any way. Tokens definitely won’t be enough to stop this.

Viewing 1 replies (of 1 total)

The topic ‘Preload query call should ask for token’ is closed to new replies.