[wp-hackers] Critical WP Flaw?

Christopher J. Hradil chradil at comcast.net
Thu Jul 27 11:12:42 GMT 2006

what's the projected date for 2.0.4 ? 
is there an easy way to provide users an 'interim' patch or upgrade to plug
the holes in the short term ?

Christopher J. Hradil
chradil at comcast.net

-----Original Message-----
From: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Ryan Boren
Sent: Thursday, July 27, 2006 6:11 AM
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] Critical WP Flaw?

Ryan Duff wrote:
> Ryan Boren wrote:
>> I like to protect all non-idempotent operations with cap checks, even 
>> when the umbrella check should protect them.  I'd suggest creating a 
>> Subscriber level user on a test blog and then directly enter the URLs 
>> that load your plugin.  Make sure the caps are enforced for all entry 
>> points to your plugin.
>> Ryan
> 9 emails later... you've wasted a lot of Ryan's time by starting this 
> thread while he could have actually been productive at fixing the issue.
> And we wonder why things don't/can't get done around here.

Actually, I had it fixed before the thread was started.  :-) At least I
think it's fixed.  I was getting a bit confused about which bug we were
talking about and the exact nature of the bug.  I've now talked to Dave, and
I think I got it.  I'm to blame in part for confusing the issue.

To recap, there is a bug in core WP involved that I believe I've fixed for
2.0.4.  This is the core API bug Dave is talking about on his blog. 
  I was in error before to say that this is a problem to be fixed solely by
the plugins.  There are some plugins that need help beyond the fix to the
core, but the core fix should cover most plugins.  Sorry for the confusion.

And with that, I really need to get some sleep.  Later all.


wp-hackers mailing list
wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list