Should my plugin actions call action_gatekeeper?

The elgg documentation says this about action_gatekeeper():

"This function should be used in Actions in companion with the Forms system, and helps protect the action from certain forms of attack."

However, it looks like the elgg core actions *never* call it.

In fact, looking at bug #1538 in elgg, this call was deliberately removed from all core actions, with the comment “no need to validate token a 2nd time”.

In the plugins, a very small number of them call action_gatekeeper in the actions, but not very many.

So.... should my plugin actions call action_gatekeeper()? 



  • Old documentation that needs to be updated. The action gatekeeper is automatically called for all actions now so no need to do this in your plugin's actions.