[wp-hackers] Critical WP Flaw?
r at robm.me.uk
Thu Jul 27 11:23:06 GMT 2006
Ryan Boren wrote:
> If you're relying on the cap/level check provided when you register a
> menu/submenu, that will cover most plugins.
And just to add that if you combine capped/levelled admin menus with
nonce checks, you largely avoid any methods of getting your form actions
to execute for non-privileged users, even if they're in files separate
to the admin menus.
http://robm.me.uk/ | http://kantian.co.uk/
More information about the wp-hackers