[wp-trac] [WordPress Trac] #23480: Do Not Allow Negative IDs in wp_set_auth_cookie()

WordPress Trac noreply at wordpress.org
Fri Feb 15 16:10:56 UTC 2013


#23480: Do Not Allow Negative IDs in wp_set_auth_cookie()
--------------------------+--------------------
 Reporter:  mordauk       |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  3.6
Component:  Users         |     Version:  3.5.1
 Severity:  major         |  Resolution:
 Keywords:  has-patch     |
--------------------------+--------------------

Comment (by mordauk):

 Thanks Nacin.

 Any chance of getting
 http://core.trac.wordpress.org/attachment/ticket/23480/23480.diff in
 before 3.6?

 I debated whether to report this to security at wordpress.org or here and
 opted for here because it's not so much a security flaw as it is a flaw
 that could result in security flaws unknowingly in plugins (as happened to
 me).

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/23480#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list