[wp-hackers] Critical WP Flaw?
ryan at boren.nu
Thu Jul 27 09:39:09 GMT 2006
Denis de Bernardy wrote:
> Ryan said:
>>> 2) _Official_ threat level, just how serious is it?
>> If plugins don't check caps, it can be very serious.
>>> 3) Possible fix dates
>> Up to plugin authors.
> I now end up wondering whether I should fix my own plugins or not...
> I check user levels, not caps. And I rely on WP to check this for me, via
> the admin interface's built-in protections. This is what most plugin authors
> do, as far as I can tell. If doing this is wrong, we've got a huge number of
> plugins in need of fixing. Or a huge WordPress workflow error.
User level checks are fine. WP checks the cap/level you pass when you
register a menu/submenu and uses that to deny access to the plugin, but
that is not sufficient for plugins that use multiple files and do more
"advanced things". Some plugins need to add more fine-grained cap
checking. Most plugins are fine though.
> Anyway... without any information, how should I or any other plugin author
> guess if anything needs to be fixed, and what needs to be fixed?
I like to protect all non-idempotent operations with cap checks, even
when the umbrella check should protect them. I'd suggest creating a
Subscriber level user on a test blog and then directly enter the URLs
that load your plugin. Make sure the caps are enforced for all entry
points to your plugin.
More information about the wp-hackers