[wp-hackers] Security Vulnerability found

David Chait davebytes at comcast.net
Wed Apr 13 19:26:33 GMT 2005


How about making the user-level below which the restriction is in effect be a dropdown list in the options somewhere... and have the lowest be 2, so no 'accidents'.

-d
  ----- Original Message ----- 
  From: Amit Gupta 
  To: wp-hackers at lists.automattic.com 
  Sent: Wednesday, April 13, 2005 2:58 PM
  Subject: Re: [wp-hackers] Security Vulnerability found



  "Matthew Mullenweg" <m at mullenweg.com> wrote:
  > That said, I think a default feature restricting users lower than level 
  > 8 to a known subset of HTML would be useful, and will be including a 
  > future release. A while back Mark Ghosh created the giant array that 
  > KSES needs to accomplish this, I'm sure he (or I) still have it 
  > somewhere.

  I'd say, make that optional. I've got a multi-author blog but
  I don't want everyone access to admin functions. So I've all
  of them on level 2 & some on level 5(sub-admins).
  But I want them to be able to post any HTML they want as they
  are trusted that much. :)


  -----
  Amit Gupta

  || Canned!! -- my Atropine || iG:Syntax Hiliter v2.01 ||
  || iGEEK.INFO || Free Nokia Ringtones || Online Gaming @ Games Planet || 




------------------------------------------------------------------------------


  _______________________________________________
  wp-hackers mailing list
  wp-hackers at lists.automattic.com
  http://lists.automattic.com/mailman/listinfo/wp-hackers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20050413/a277a69f/attachment.html


More information about the wp-hackers mailing list