[wp-forums] moderated security thread

Thu Jun 24 18:43:11 UTC 2010

Then I'm glad you're on this list! I've had trouble with this account going to spam, kind of disheartening. :(

Can anyone else re-open this and post the link that Peter mentioned? I'll be away for a while.

Happy iPhone Line Day!

________
James Huff
http://www.macmanx.com
http://programnotes.wikia.com

On Jun 24, 2010, at 11:15 AM, Peter Westwood <peter.westwood at ftwr.co.uk> wrote:

> 
> On 24 Jun 2010, at 15:16, James Huff wrote:
> 
>> I reported it to the security email, included the view all link, and deleted the topic to remove it from public view.
>> 
>> It wouldn't hurt if someone else reported it too. "The squeaky wheel gets the grease."
>> 
>> ________
>> James Huff
>> http://www.macmanx.com
>> http://programnotes.wikia.com
>> 
>> On Jun 24, 2010, at 6:30 AM, mrmist <listswptesters at mist.org.uk> wrote:
>> 
>>> Hi folk
>>> 
>>> I noticed that this thread http://wordpress.org/support/topic/414556?replies=3&view=all was moderated out. Was it a red herring, or if not a red herring did whoever moderated it out report the issue?  Just wanting to make sure it's properly dealt with if it is a real risk.
>>> 
> 
> Not seen the email to security@ it may have got lost in the spam noise though.
> 
> This reads very much like the standard report of XSS issues which are only present when you are logged in as an admin as you are inherently a trusted user.
> 
> The place to to point the user is this FAQ entry - http://codex.wordpress.org/Security_FAQ#Why_are_some_users_allowed_to_post_unfiltered_HTML.3F
> 
> Then ask them to report to security@ if they find a real issue using a non-admin / editor user
> 
> Cheers
> -- 
> Peter Westwood
> http://blog.ftwr.co.uk | http://westi.wordpress.com
> C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
> 
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums