I’m creating a simple plugin to set a page as a homepage from the list pages (to appear next to edit, preview, trash actions etc), I was just wondering what that the most appropriate/secure place to submit this information to? By far the easiest way would be to just post back to the plugin file itself with a $_GET param, but that seems rather hacky and doesn’t use a nonce or anything (my plugin does have current_user_can() in it.
Code is as simple as this:
function add_post_actions($actions, $post) {
if($post->ID == get_option('page_on_front')) {
$actions['homepage'] = '<span style="color: #999;">Your Homepage</span>';
} else {
$actions['homepage'] = '<a href="https://wordpress.stackexchange.com/questions/27989/blah.php?post=".$post->ID."">Set As Homepage</a>';
}
return $actions;
}
function change_to_homepage($postId) {
if ( ! current_user_can( 'manage_options' ) )
wp_die( __( 'You do not have sufficient permissions to manage options for this site.' ) );
update_option('show_on_front', 'page');
update_option('page_on_front', $postId);
}
1 Answer
To me it makes sense to send via GET to the page you are currently on.
That way you just hook into admin_init and check for your GET variables.
As for security you can pass nonces via URLS: http://codex.wordpress.org/Function_Reference/wp_nonce_url
