[wp-trac] [WordPress Trac] #13827: Security Vulnerabilities In wp-signup.php Breaking Plugins

WordPress Trac wp-trac at lists.automattic.com
Fri Jun 11 21:28:06 UTC 2010


#13827: Security Vulnerabilities In wp-signup.php Breaking Plugins
-------------------------------------------+--------------------------------
 Reporter:  uglyrobot                      |        Owner:  wpmuguru 
     Type:  defect (bug)                   |       Status:  reviewing
 Priority:  normal                         |    Milestone:           
Component:  Multisite                      |      Version:  3.0      
 Severity:  normal                         |   Resolution:           
 Keywords:  needs-patch reporter-feedback  |  
-------------------------------------------+--------------------------------

Comment(by uglyrobot):

 nonce's won't work for the reasons I specified above. For some signup
 plugins (not bot prevention ones) you can echo in hidden form fields data
 you collect on the signup part of the form into the blog part of the form.

 But for any anti-spam plugins there is no way to carry data over between
 forms in a way that can't be manipulated short of starting a php session
 and using that to carry data over.

 While there are dirty hacks to try and get around this bug, the fact
 remains that their necessity is due to a fundamental design flaw in wp-
 signup.php. A plugin dev has to know about this exploit and hack around
 it. If we can just combine the user and blog forms all would be well.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/13827#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list