[wp-hackers] xmlrpc issue or no?

Matt Mullenweg m at mullenweg.com
Sun Feb 3 03:46:00 GMT 2008


chays wrote:
> 1. the fix isnt mine. It's securiteam's.

Okay, well then "Paul (Yabba) Jones" is wrong and it's still not 
recommended and shouldn't be promoted. I recommended two temporary fixes 
that work.

> 2. Its tested, and yes, it does work, for the exploit provided.

Yes but we think there's a different issue it doesn't address and it's 
generally bad policy to have people mucking around editing a huge PHP 
file. They should do one of the fixes above, both non-harmful, or wait 
for the release.

> 3. I never got an e-mail you from this morning and I'll stop short of
> calling you out on that fact except to say that I was at my computer most of
> the day, and would NOT have missed an e-mail from you had I received it.

My mistake, it was sent to the user "whoami" not "whooami".

> I think your apparent anger is a little misdirected Matt , especially given
> all the dates that have been tossed about regarding this.

I'm not angry, just trying to resolve the issue quickly and safely.

-- 
Matt Mullenweg
http://ma.tt | http://automattic.com


More information about the wp-hackers mailing list