[wp-trac] Re: [WordPress Trac] #5272: WordPress allows anonymous
user to see slug for private post by guessing post number
WordPress Trac
wp-trac at lists.automattic.com
Sat Apr 18 16:21:45 GMT 2009
#5272: WordPress allows anonymous user to see slug for private post by guessing
post number
--------------------------+-------------------------------------------------
Reporter: tzafrir | Owner: pishmishy
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 2.9
Component: General | Version: 2.3.1
Severity: major | Keywords: needs-patch
--------------------------+-------------------------------------------------
Changes (by Denis-de-Bernardy):
* keywords: has-patch canonical redirection private => needs-patch
Comment:
The patch is invalid. There is some reprocessing of 404 code further down,
that ends up not getting processed. Imo, what WP should do here is return
a 403 error.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/5272#comment:7>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list