[wp-hackers] Security at Wordpress
ringmaster at midnightcircus.com
Mon Apr 24 12:08:01 GMT 2006
Andy Skelton wrote:
> If you only moved certain actions (e.g. delete post) out of the GET
> domain while leaving others alone (e.g. comment moderation) you'd
> probably have more luck getting your code committed.
Also note that this is a mock-up, not a patch to the code. A patch to
do just what we see here would probably have been less work.
Does this look reasonable in Safari? That's where I hear there are
problems, though I haven't looked at it there myself yet.
Strange that all of the POST proponents hadn't written a patch for this
already - it might have been less overall work than the bluster they've
created, and it might already have been committed by now.
More information about the wp-hackers