[wp-hackers] Rethinking check_admin_referer()

David House dmhouse at gmail.com
Mon Apr 17 19:38:16 GMT 2006


On 17/04/06, Paul Mitchell <wp-hackers at paul-mitchell.me.uk> wrote:
> This makes wp-admin/edit-comments.php and wp-admin/moderation.php
> extremely dangerous as the admin referer check is ineffective.

Yeah, this is a flaw in the current system. I _think_ nonces would fix
this, someone else would have to verify that.

--
-David House, dmhouse at gmail.com, http://xmouse.ithium.net


More information about the wp-hackers mailing list