[wp-trac] [WordPress Trac] #16449: incorrect referer check in check_admin_referer()
WordPress Trac
wp-trac at lists.automattic.com
Thu Feb 3 07:10:58 UTC 2011
#16449: incorrect referer check in check_admin_referer()
-------------------------------------+------------------------------
Reporter: indie-ulf | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.0.4
Severity: normal | Resolution:
Keywords: has-patch needs-testing |
-------------------------------------+------------------------------
Comment (by markjaquith):
Good catch. In the future, please send security-related items to security
/ wordpress / org.
> The older, less secure form with no parameter ("check_admin_referer()")
still works, it's not documented as deprecated anywhere
We should throw a deprecated notice if it is used without a parameter.
To be clear, this is not an issue in core, as no active code uses the
function without a parameter. But it would be a security bonus to plugins
that haven't been updated to use nonces.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16449#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list