[wp-hackers] Rethinking check_admin_referer()

Rob r at robm.me.uk
Mon Apr 17 06:38:54 GMT 2006

Excuse my ignorance, but what are CSF attacks (Google only seems to turn 
up one of your comments on Matt's site, relating to XSS attacks) and in 
what way do they somehow bypass user level/cap checking? Surely if we 
check the user's permissions on every admin page, we eradicate the 
possibility of a user somehow accessing functionality they're not 
supposed to be able to access?

Rob Miller
http://robm.me.uk/ | http://kantian.co.uk/

More information about the wp-hackers mailing list