[wp-hackers] BugTraq post

Ryan Boren ryan at boren.nu
Tue Dec 18 22:59:21 GMT 2007


On 12/18/07, Otto <otto at ottodestruct.com> wrote:
> The single quote in the URL (possibly any other character as well)
> makes WordPress go to the main page and not the admin pages, but the
> URL still contains "wp-admin/" and so is_admin() will return true.

Maybe is_admin() should check if is_user_logged_in().  Only logged in
users should be in the admin.

Ryan


More information about the wp-hackers mailing list