[wp-hackers] BugTraq post

Otto otto at ottodestruct.com
Sun Dec 16 10:24:42 GMT 2007


He's severely confused about what the is_admin() function does. As we
know, is_admin() returns true when you're looking at any of the admin
pages.

He seems to think that it's supposed to tell whether the user is an
admin or not, which is not the case.

Anyway, his "flaw" does not work.

-Otto

On 12/15/07, Aaron Brazell <emmensetech at gmail.com> wrote:
> Matt-
>
> I saw that earlier today and I agree... if the cookie isn't set, wp-
> admin will redirect to wp-login.php. And if he is able to access wp-
> admin (say with open registration, which is legit), what he can view
> is going to be subject to a cap check. Either he's smoking something
> or he hasn't provided all the info.
>
> My take.
> --
> Aaron Brazell
> Director of Technology, b5media
>
> skype: technosailor
> phone: 410-608-6620
> web: http://technosailor.com
>
> Everything contained in this email is confidential and stuff
>
> On Dec 15, 2007, at 9:25 PM, Matt Mullenweg wrote:
>
> > Is anyone able to use this to read drafts? This guy seems confused.
> >
> > http://www.securityfocus.com/archive/1/485160/30/0/threaded
> >
> > --
> > Matt Mullenweg
> > http://photomatt.net | http://wordpress.org
> > http://automattic.com | http://akismet.com
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list