[wp-hackers] Security Vulnerability found

Amit Gupta amit at igeek.info
Wed Apr 13 18:58:37 GMT 2005


"Matthew Mullenweg" <m at mullenweg.com> wrote:
> That said, I think a default feature restricting users lower than level 
> 8 to a known subset of HTML would be useful, and will be including a 
> future release. A while back Mark Ghosh created the giant array that 
> KSES needs to accomplish this, I'm sure he (or I) still have it 
> somewhere.

I'd say, make that optional. I've got a multi-author blog but
I don't want everyone access to admin functions. So I've all
of them on level 2 & some on level 5(sub-admins).
But I want them to be able to post any HTML they want as they
are trusted that much. :)


-----
Amit Gupta

|| Canned!! -- my Atropine || iG:Syntax Hiliter v2.01 ||
|| iGEEK.INFO || Free Nokia Ringtones || Online Gaming @ Games Planet || 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20050413/a6b61f74/attachment.html


More information about the wp-hackers mailing list