[wp-hackers] BugTraq post

James Davis james at freecharity.org.uk
Wed Dec 19 15:27:30 GMT 2007

Bull3t wrote:
> I can't reproduce it either - not really sure how the single quote in the
> URL helps at all though? Also, on the BugTraq post he put 3 t's in the
> http... So I ignored the single quote as a mistake as well. Meh, Aaron could
> be correct; maybe he is smoking something...

After his clarifying post I can reproduce this. Create a draft post. Log

Visit http://yourblog.com/index.php/'wp-admin/ and the draft will be
displayed because query.php mistakenly uses is_admin() on link 1172 to
check if the user is an administrator.

I'll open a ticket shortly after I've made myself a coffee =)


http://www.freecharity.org.uk/ - Free IT services for charities
http://www.freecharity.org.uk/wiki/ - The VCSWiki

More information about the wp-hackers mailing list