[wp-hackers] Security at Wordpress

Elliotte Harold elharo at metalab.unc.edu
Mon Apr 24 19:10:27 GMT 2006

Robert Deaton wrote:

> If there's a more robust solution, we're still waiting to hear it. All
> we've heard is some pedantry about the HTTP standard. Matt has
> dismissed the idea because, as he sees it (and I must agree), a
> solution using POST still needs nonces, and has detrimental
> side-effects (can't approve comments from e-mails et al). 

You continue to ask for things that can't and shouldn't be done. Not 
approving comments from e-mails via GET is a feature, not a bug. As long 
as you insist on bug-prone kludges like this, it's pointless for me to 
submit a patch. You've already said you aren't willing to accept a 
version of WordPress that limits GET to safe operations as I require. 
When you change your mind about that, then it's worth my time to submit 
a patch.

Elliotte Rusty Harold  elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!

More information about the wp-hackers mailing list