[wp-hackers] Moved from BlogWare to WordPress - Need Help
Mark Jaquith
mark.wordpress at txfx.net
Sat May 20 10:32:44 GMT 2006
On May 20, 2006, at 6:23 AM, Sean Hickey wrote:
> BTW: Does WP even check for referers in it's own code? I've submitted
> comments to people's blogs using telnet from my home computer.
Doesn't check refs for comment submission, but for database-changing
stuff in the admin, yeah. Up until version 2.0.2, that is. The
upcoming 2.0.3 maintenance release (and the upcoming 2.1 release) use
a "secret hash with expiration" (nonce [1]) method that works more
securely and more reliably than ref checks.
[1] http://en.wikipedia.org/wiki/Nonce
--
Mark Jaquith
http://txfx.net/
More information about the wp-hackers
mailing list