[wp-hackers] Potential Problems with upgrade.php b0rking installs
with plugins.
Chris Coggburn
chris at coggburn.us
Thu Oct 14 03:54:00 UTC 2004
Either way I think that upgrade.php should require admin access before
it will work, Robert just pointed out that it is a big security risk for
databases, with enough hits it could knock a db offline.
Robert Deaton wrote:
>In case you guys haven't heard, running upgrade.php is a method that
>can easily break blogs that rely on plugins on nearly any part of
>their page, since upgrade.php disables them. My suggestion is to do a
>cookie/session check on it, just like the rest of the files in
>wp-admin.
>
>_______________________________________________
>hackers mailing list
>hackers at wordpress.org
>http://wordpress.org/mailman/listinfo/hackers_wordpress.org
>
>
More information about the hackers
mailing list