[wp-hackers] Moved from BlogWare to WordPress - Need Help

Mark Jaquith mark.wordpress at txfx.net
Sat May 20 10:32:44 GMT 2006

On May 20, 2006, at 6:23 AM, Sean Hickey wrote:

> BTW: Does WP even check for referers in it's own code?  I've submitted
> comments to people's blogs using telnet from my home computer.

Doesn't check refs for comment submission, but for database-changing  
stuff in the admin, yeah.  Up until version 2.0.2, that is.  The  
upcoming 2.0.3 maintenance release (and the upcoming 2.1 release) use  
a "secret hash with expiration" (nonce [1]) method that works more  
securely and more reliably than ref checks.

[1] http://en.wikipedia.org/wiki/Nonce
Mark Jaquith

More information about the wp-hackers mailing list