[wp-hackers] BugTraq post

Otto otto at ottodestruct.com
Tue Dec 18 03:56:38 GMT 2007


He emailed me with more information on this.. I think I see what he's
talking about, although I still can't reproduce it.

Create a blank blog with default permalinks.
Create a draft post.

Go to http://example.com/wp/'wp-admin/ . The single quote there is intentional.

The existence of the "wp-admin/" triggers is_admin() to return true.
And this code in query.php:

elseif ( !$this->is_singular ) {
	$where .= " AND (post_status = 'publish'";

	if ( is_admin() )
		$where .= " OR post_status = 'future' OR post_status = 'draft' OR
post_status = 'pending'";

	if ( is_user_logged_in() ) {
		$where .= current_user_can( "read_private_{$post_type}s" ) ? " OR
post_status = 'private'" : " OR post_author = $user_ID AND post_status
= 'private'";
	}

	$where .= ')';
}

Causes it to display the drafts when the user is not logged in.

I think that's what he's saying. I can't get it to work on my testbed
yet, but he insists that it does.

-Otto



On 12/16/07, Otto <otto at ottodestruct.com> wrote:
> He's severely confused about what the is_admin() function does. As we
> know, is_admin() returns true when you're looking at any of the admin
> pages.
>
> He seems to think that it's supposed to tell whether the user is an
> admin or not, which is not the case.
>
> Anyway, his "flaw" does not work.
>
> -Otto
>
> On 12/15/07, Aaron Brazell <emmensetech at gmail.com> wrote:
> > Matt-
> >
> > I saw that earlier today and I agree... if the cookie isn't set, wp-
> > admin will redirect to wp-login.php. And if he is able to access wp-
> > admin (say with open registration, which is legit), what he can view
> > is going to be subject to a cap check. Either he's smoking something
> > or he hasn't provided all the info.
> >
> > My take.
> > --
> > Aaron Brazell
> > Director of Technology, b5media
> >
> > skype: technosailor
> > phone: 410-608-6620
> > web: http://technosailor.com
> >
> > Everything contained in this email is confidential and stuff
> >
> > On Dec 15, 2007, at 9:25 PM, Matt Mullenweg wrote:
> >
> > > Is anyone able to use this to read drafts? This guy seems confused.
> > >
> > > http://www.securityfocus.com/archive/1/485160/30/0/threaded
> > >
> > > --
> > > Matt Mullenweg
> > > http://photomatt.net | http://wordpress.org
> > > http://automattic.com | http://akismet.com
> > > _______________________________________________
> > > wp-hackers mailing list
> > > wp-hackers at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
>


More information about the wp-hackers mailing list