From 26b01cfdc51fec08a66bc2d52ea1cea335d6fb75 Mon Sep 17 00:00:00 2001
From: ozhozh <ozhozh@12232710-3e20-11de-b438-597f59cd7555>
Date: Sun, 14 Oct 2012 14:23:38 +0000
Subject: [PATCH] Best practice: add nonce to the sample plugin

git-svn-id: http://yourls.googlecode.com/svn/trunk@774 12232710-3e20-11de-b438-597f59cd7555
---
 user/plugins/sample-page/plugin.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/user/plugins/sample-page/plugin.php b/user/plugins/sample-page/plugin.php
index e6c8e73..bfb920c 100644
--- a/user/plugins/sample-page/plugin.php
+++ b/user/plugins/sample-page/plugin.php
@@ -22,19 +22,29 @@ function ozh_yourls_samplepage_add_page() {
 function ozh_yourls_samplepage_do_page() {
 
 	// Check if a form was submitted
-	if( isset( $_POST['test_option'] ) )
+	if( isset( $_POST['test_option'] ) ) {
+		// Check nonce
+		yourls_verify_nonce( 'sample_page' );
+		
+		// Process form
 		ozh_yourls_samplepage_update_option();
+	}
 
 	// Get value from database
 	$test_option = yourls_get_option( 'test_option' );
+	
+	// Create nonce
+	$nonce = yourls_create_nonce( 'sample_page' );
 
 	echo <<<HTML
 		<h2>Sample Plugin Administration Page</h2>
 		<p>This plugin stores an integer in the option database</p>
 		<form method="post">
+		<input type="hidden" name="nonce" value="$nonce" />
 		<p><label for="test_option">Enter an integer</label> <input type="text" id="test_option" name="test_option" value="$test_option" /></p>
 		<p><input type="submit" value="Update value" /></p>
 		</form>
+
 HTML;
 }
 
-- 
2.45.0