[wp-hackers] Rethinking check_admin_referer()

David House dmhouse at gmail.com
Thu Apr 20 11:03:42 GMT 2006

Everyone that has participated in this debate:

This is a call for clarity. Amongst the plethora of arguments,
counters, counter-counters, metaphors, buzzwords and changes of
opinion I have little idea what is going on. I've tried to keep up
with the thread, but I, and I guess others, don't really have a grasp
of what the options are.

Thus I would like to be presented with:

1) The problems present in the current system.
2) A list of the options.
3) Their relative pros/cons.
4) Your opinion.

As I read it, the first currently stands as follows:

1) Annoyance when the referer check doesn't work, security holes
arising from clicking links in comments within the admin, or missed
check_admin_referer() calls.

But the for other three I've either got an incomplete picture, or no
idea at all.

Thank you.

-David House, dmhouse at gmail.com, http://xmouse.ithium.net

More information about the wp-hackers mailing list