[wp-hackers] Rethinking check_admin_referer()

David House dmhouse at gmail.com
Mon Apr 17 15:27:20 GMT 2006


On 17/04/06, Robert Deaton <false.hopes at gmail.com> wrote:
> I think you are terribly confused about "referer contexts" and what
> exactly you're talking about.

The confusion here is that any link clicked from within the preview
window has a referer of an admin page, so it would bypass the referer
checks. This means that potentially, you could click a destructive
link like that image redirection example and destroy one of your
posts. This would probably have been left in a comment to an
already-published post, which you subsequently edit.

The thing I'm not sure about is whether any requests made from an
iframe (i.e. images) takes the iframe's URL as a referer or if it
inherits the parent page's (in the latter case we'd have a CSRF
problem).

--
-David House, dmhouse at gmail.com, http://xmouse.ithium.net


More information about the wp-hackers mailing list