igmoweb · November 29, 2017 14:46
diff --git a/plugin-corregido.php b/plugin-corregido.php
 <?php

 /**
 * Plugin Name: Un ejemplo de plugin con un problema de CSRF
 */

 add_action( 'init', 'maybe_delete_user' );
 function maybe_delete_user() {
 	if ( isset( $_POST['action'] ) && $_POST['action'] === 'delete-user' ) {

 		if ( ! current_user_can( 'manage_options' ) ) {
 			return;
 		}

 		if ( ! isset( $_POST['delete-user-nonce'] ) ) {
 			wp_die( '¿Qué haces?');
 		}

 		if ( ! wp_verify_nonce( $_POST['delete-user-nonce'], 'delete-user' ) ) {
 			wp_die( '¿Qué haces?');
 		}

 		$user_id = absint( $_POST['user_id'] );

 		wp_delete_user( $user_id );
 	}
 }
	<?php

	/**
	* Plugin Name: Un ejemplo de plugin con un problema de CSRF
	*/

	add_action( 'init', 'maybe_delete_user' );
	function maybe_delete_user() {
	if ( isset( $_POST['action'] ) && $_POST['action'] === 'delete-user' ) {

	if ( ! current_user_can( 'manage_options' ) ) {
	return;
	}

	if ( ! isset( $_POST['delete-user-nonce'] ) ) {
	wp_die( '¿Qué haces?');
	}

	if ( ! wp_verify_nonce( $_POST['delete-user-nonce'], 'delete-user' ) ) {
	wp_die( '¿Qué haces?');
	}

	$user_id = absint( $_POST['user_id'] );

	wp_delete_user( $user_id );
	}
	}