[wp-trac] [WordPress Trac] #13317: Code Impriovement in get_userdata
WordPress Trac
wp-trac at lists.automattic.com
Thu May 13 09:37:48 UTC 2010
#13317: Code Impriovement in get_userdata
------------------------------------+---------------------------------------
Reporter: hakre | Owner:
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 3.0
Component: Security | Version:
Severity: major | Resolution:
Keywords: has-patch dev-feedback |
------------------------------------+---------------------------------------
Comment(by Denis-de-Bernardy):
What I'm meaning is that get_userdata(garbage) should not return an admin
user on 99% of sites. It should fail and return false, zero, whatever. If,
for any reason, a plugin uses the function improperly, it may very well
introduce security risks. And nevermind that you can't see one. I'm sure
you couldn't see any in the eval() calls used in permalinks either. But
low and behold, they got exploited.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13317#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list