I'm assigning Stefan to this bug, as it looks like a good first WP review for him to do.
Robert, just to be sure, this is about the following plugin right? http://wordpress.org/extend/plugins/editorial-calendar/
Using ZAP I have tried to forge requests to the admin AJAX code to post new entries. The code seems to correctly check the nonce and cookie (session) and does not allow me to make changes without being properly logged in.
Thanks for evaluating! This plugin isn't that important to the Hacks blog, so if it has issues, we don't have to use it. Just let me know what you prefer. Thanks!
Hi Robert, I think it is all good. This is my first review so I just need to follow up with my colleagues on how to officially sign off on it tomorrow.
No worries, I appreciate the dedication and doing it properly! :-)