[wp-hackers] BugTraq post
James Davis
james at freecharity.org.uk
Wed Dec 19 15:27:30 GMT 2007
Bull3t wrote:
> I can't reproduce it either - not really sure how the single quote in the
> URL helps at all though? Also, on the BugTraq post he put 3 t's in the
> http... So I ignored the single quote as a mistake as well. Meh, Aaron could
> be correct; maybe he is smoking something...
After his clarifying post I can reproduce this. Create a draft post. Log
out.
Visit http://yourblog.com/index.php/'wp-admin/ and the draft will be
displayed because query.php mistakenly uses is_admin() on link 1172 to
check if the user is an administrator.
I'll open a ticket shortly after I've made myself a coffee =)
James
--
http://www.freecharity.org.uk/ - Free IT services for charities
http://www.freecharity.org.uk/wiki/ - The VCSWiki
More information about the wp-hackers
mailing list