[wp-hackers] Rethinking check_admin_referer()

Brian Layman Brian at TheCodeCave.com
Mon Apr 17 15:49:55 GMT 2006

>The thing I'm not sure about is whether any requests made from an
>iframe (i.e. images) takes the iframe's URL as a referer or if it
>inherits the parent page's (in the latter case we'd have a CSRF

Well put.  Thank you.

Brian Layman

More information about the wp-hackers mailing list