[wp-trac] Re: [WordPress Trac] #8814: Bad use of $_REQUEST variable
in wordpress
WordPress Trac
wp-trac at lists.automattic.com
Thu Jan 8 14:28:50 GMT 2009
#8814: Bad use of $_REQUEST variable in wordpress
--------------------------+-------------------------------------------------
Reporter: firstbit | Owner: ryan
Type: defect (bug) | Status: new
Priority: high | Milestone: 2.8
Component: Security | Version:
Severity: normal | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Comment (by wet):
I did an experiment where I provoked something I'd roughly dub "denial of
service".
Steps to reproduce:
* Login to your dashboard
* Set a cookie named 'title' to 'foo bar'. http://justaddwater.dk/wp-
content/uploads/2007/01/cookieeditor.html comes handy.
* Go to http://yourdomain.com/wp-admin/press-this.php
* Try to create a post titled 'bar baz'.
Expected: Creation of post titled 'bar baz'.
Result: Creation of post titled 'foo bar'.
This error persists as long the cookie is set.
--
Ticket URL: <http://trac.wordpress.org/ticket/8814#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list