[wp-hackers] BugTraq post
otto at ottodestruct.com
Sun Dec 16 10:24:42 GMT 2007
He's severely confused about what the is_admin() function does. As we
know, is_admin() returns true when you're looking at any of the admin
He seems to think that it's supposed to tell whether the user is an
admin or not, which is not the case.
Anyway, his "flaw" does not work.
On 12/15/07, Aaron Brazell <emmensetech at gmail.com> wrote:
> I saw that earlier today and I agree... if the cookie isn't set, wp-
> admin will redirect to wp-login.php. And if he is able to access wp-
> admin (say with open registration, which is legit), what he can view
> is going to be subject to a cap check. Either he's smoking something
> or he hasn't provided all the info.
> My take.
> Aaron Brazell
> Director of Technology, b5media
> skype: technosailor
> phone: 410-608-6620
> web: http://technosailor.com
> Everything contained in this email is confidential and stuff
> On Dec 15, 2007, at 9:25 PM, Matt Mullenweg wrote:
> > Is anyone able to use this to read drafts? This guy seems confused.
> > http://www.securityfocus.com/archive/1/485160/30/0/threaded
> > --
> > Matt Mullenweg
> > http://photomatt.net | http://wordpress.org
> > http://automattic.com | http://akismet.com
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers