[wp-hackers] Security at Wordpress

Brian Layman Brian at TheCodeCave.com
Mon Apr 24 20:18:34 GMT 2006

David Chait
>Is it allowed to require a AYS (i.e. POST-ed form) to validate the
You're mixing apples and oranges.   AYS does not mean "post" and posts
doesn't fix everything.

Owen's submitted a good fix for all of this that includes AYS prompts but
not switching over to posting.  

The discussion at this point is largely academic.  

Switching over to posting would mean rewriting a lot more code and require a
lot more testing and would delay any release.

That's good enough reason not to do it right now, IMHO.

Brian Layman

More information about the wp-hackers mailing list