[wp-trac] Re: [WordPress Trac] #8814: Bad use of $_REQUEST variable in wordpress

WordPress Trac wp-trac at lists.automattic.com
Thu Jan 8 14:28:50 GMT 2009


#8814: Bad use of $_REQUEST variable in wordpress
--------------------------+-------------------------------------------------
 Reporter:  firstbit      |        Owner:  ryan
     Type:  defect (bug)  |       Status:  new 
 Priority:  high          |    Milestone:  2.8 
Component:  Security      |      Version:      
 Severity:  normal        |   Resolution:      
 Keywords:                |  
--------------------------+-------------------------------------------------
Comment (by wet):

 I did an experiment where I provoked something I'd roughly dub "denial of
 service".

 Steps to reproduce:

   * Login to your dashboard
   * Set a cookie named 'title' to 'foo bar'. http://justaddwater.dk/wp-
 content/uploads/2007/01/cookieeditor.html comes handy.
   * Go to http://yourdomain.com/wp-admin/press-this.php
   * Try to create a post titled 'bar baz'.

 Expected: Creation of post titled 'bar baz'.

 Result: Creation of post titled 'foo bar'.

 This error persists as long the cookie is set.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/8814#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list