From d5c5d675849d24688a90e9af893a9fb93e632e04 Mon Sep 17 00:00:00 2001
From: Ben Keith <ben@benlk.com>
Date: Thu, 23 Jun 2016 13:17:36 -0400
Subject: [PATCH] Another note about $_POST['ds_npr_update_push'] validation

---
 push_story.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/push_story.php b/push_story.php
index 6d5bace..19d1a2b 100644
--- a/push_story.php
+++ b/push_story.php
@@ -116,6 +116,8 @@ function nprstory_api_delete ( $post_ID ) {
  * this is where the magic happens
  */
 if ( isset( $_POST['ds_npr_update_push'] ) ) {
+	// No need to validate the ds_npr_update_push contents; we're checking only for its existence
+	// permissions check is handled by nprstory_api_push
 	add_action( 'save_post', 'nprstory_api_push', 10, 2 );
 }
 add_action( 'trash_post', 'nprstory_api_delete', 10, 2 );