[wpmu-trac] Re: [WordPress MU Trac] #685: Nonce design
incompatibility breaks plugins
WordPress MU Trac
wpmu-trac at lists.automattic.com
Sun Jul 20 10:42:39 GMT 2008
#685: Nonce design incompatibility breaks plugins
------------------------+---------------------------------------------------
Reporter: mrpeteh | Owner: donncha
Type: defect | Status: assigned
Priority: normal | Milestone:
Component: component1 | Version:
Severity: major | Resolution:
Keywords: |
------------------------+---------------------------------------------------
Changes (by donncha):
* owner: somebody => donncha
* status: new => assigned
Comment:
I'll comment on the WP trac ticket to keep the conversation in one area,
but the main reason MU uses the whitelist is for security reasons. Alex
Concha showed that any admin user on an MU site could change an blog
option and potentially run their own code. I think this change came about
around 1.3.x and I remember stressing the importance of upgrading at the
time.
I'll leave this ticket open but comment on the WP trac ticket.
--
Ticket URL: <http://trac.mu.wordpress.org/ticket/685#comment:2>
WordPress MU Trac <http://mu.wordpress.org/>
WordPress Multiuser
More information about the wpmu-trac
mailing list