[wp-hackers] Security Vulnerability found
David Chait
davebytes at comcast.net
Wed Apr 13 19:26:33 GMT 2005
How about making the user-level below which the restriction is in effect be a dropdown list in the options somewhere... and have the lowest be 2, so no 'accidents'.
-d
----- Original Message -----
From: Amit Gupta
To: wp-hackers at lists.automattic.com
Sent: Wednesday, April 13, 2005 2:58 PM
Subject: Re: [wp-hackers] Security Vulnerability found
"Matthew Mullenweg" <m at mullenweg.com> wrote:
> That said, I think a default feature restricting users lower than level
> 8 to a known subset of HTML would be useful, and will be including a
> future release. A while back Mark Ghosh created the giant array that
> KSES needs to accomplish this, I'm sure he (or I) still have it
> somewhere.
I'd say, make that optional. I've got a multi-author blog but
I don't want everyone access to admin functions. So I've all
of them on level 2 & some on level 5(sub-admins).
But I want them to be able to post any HTML they want as they
are trusted that much. :)
-----
Amit Gupta
|| Canned!! -- my Atropine || iG:Syntax Hiliter v2.01 ||
|| iGEEK.INFO || Free Nokia Ringtones || Online Gaming @ Games Planet ||
------------------------------------------------------------------------------
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20050413/a277a69f/attachment.html
More information about the wp-hackers
mailing list