[wp-hackers] Security at Wordpress
Brian at TheCodeCave.com
Mon Apr 24 20:18:34 GMT 2006
>Is it allowed to require a AYS (i.e. POST-ed form) to validate the
You're mixing apples and oranges. AYS does not mean "post" and posts
doesn't fix everything.
Owen's submitted a good fix for all of this that includes AYS prompts but
not switching over to posting.
The discussion at this point is largely academic.
Switching over to posting would mean rewriting a lot more code and require a
lot more testing and would delay any release.
That's good enough reason not to do it right now, IMHO.
More information about the wp-hackers