Replies: 0
Hi. Excellent plugin.
just minor suggestions.
1) in cau_functions.php, line 801:
.... $wpdb->query( $wpdb->prepare( "UPDATE $updateLog SET method = 'Manual' WHERE slug = '%s'", $_GET['plugin'] ) );
there should be sanitize_key($_GET['plugin'])
2) it might be better to have $_ kind variable assignments – secured with nonce/check-admin_referrer. i.e. pluginlist.php [line 5] initial lines, $filter = $_GET['filter']; or status.php[line 320] (would be nice to use sanitize_key additionally onto them ).
3) comanion-auto-update.php[line 223]:
$requestedPage = $_GET['tab'];... require_once( ... $requestedPage.'.php' );
even though that is protected , it would be nice if that page was protected with nonce, in addition to sanitize_key usage.