[wp-hackers] Rethinking check_admin_referer()
Elliotte Harold
elharo at metalab.unc.edu
Wed Apr 19 17:48:07 GMT 2006
Matt Mullenweg wrote:
> This has been brought up many times before.
>
> <form method="post" action="http://example.com/wp-admin/delete-all.php">
> <input type="submit" name="Submit" value="Click Here" />
> for a free iPod!
> </form>
Personally I'm a little more likely to notice a form in a comment than a
plain link and wonder what's it doing there. Using an image submit
button that contains a picture of text might disguise the link a little
more effectively.
But is this even allowed? With the default options is it possible to put
a form tag (or an img or script tag) in a comment?
--
Elliotte Rusty Harold elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim
More information about the wp-hackers
mailing list