[wp-hackers] BugTraq post

Abel Cheung abelcheung at gmail.com
Wed Dec 19 20:41:47 GMT 2007


On Dec 19, 2007 11:27 PM, James Davis <james at freecharity.org.uk> wrote:
> Bull3t wrote:
> > I can't reproduce it either - not really sure how the single quote in the
> > URL helps at all though? Also, on the BugTraq post he put 3 t's in the
> > http... So I ignored the single quote as a mistake as well. Meh, Aaron could
> > be correct; maybe he is smoking something...
>
> After his clarifying post I can reproduce this. Create a draft post. Log
> out.
>
> Visit http://yourblog.com/index.php/'wp-admin/ and the draft will be
> displayed because query.php mistakenly uses is_admin() on link 1172 to
> check if the user is an administrator.

Here is the 2nd confirmation that the said problem can be reproduced:

1. login and create draft post
2. save the draft post and logout
3. Go to the aforementioned URL and draft post is shown

This is tested with 2.3.1, 2.2.3 and 2.2.0.

Abel


>
> I'll open a ticket shortly after I've made myself a coffee =)
>
> James
>
> --
> http://www.freecharity.org.uk/ - Free IT services for charities
> http://www.freecharity.org.uk/wiki/ - The VCSWiki
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
Abel Cheung   (GPG Key: 0xC67186FF)
Key fingerprint: 671C C7AE EFB5 110C D6D1  41EE 4152 E1F1 C671 86FF
--------------------------------------------------------------------
* My own cave: http://me.abelcheung.org/
* Opensource Application Knowledge Assoc. - http://oaka.org/


More information about the wp-hackers mailing list