[wp-hackers] Critical WP Flaw?

Andy Staines andy at yellowswordfish.com
Thu Jul 27 10:01:07 GMT 2006

On 10:28  AM |  Thu 27 Jul 06, at 10:28  AM |  27 Jul 06, Joey B wrote:

> Saying so here won't make much of a dent in changing that. I've never
> heard of current_user_can(), either, along with, apparently, a lot of
> other plugin devs. This would lead me to believe there is a failure in
> documentation which should probably also be addressed along with this
> security vulnerability, if this is so important.
Thanks for saying this Joey - I'm glad I'm not the only one. I've  
done my best with what's in the codex and by working through other  
peoples plugin code but if the ones I looked at didn't do things  
right then I just inherited the same old problems. WordPress is a  
fantastic platform to work with but by encouraging a third party  
plugin architecture there is a dire need for specific documentation  
that is lacking. Sadly, the only people who can really compile that  
documentation are the people who designed the architecture in the  
first place. Without that, plugins will continue to cause certain  
users problems and lay themselves open to vulnerabilities that we  
didn't even know were possible. I know you guys work hard and you  
have my admiration and respect but to just throw out the comment that  
authors need to do this or that doesn't help most of us one little bit.

If I could write it up I would!


More information about the wp-hackers mailing list