[wp-hackers] Security at Wordpress

Robert Deaton false.hopes at gmail.com
Fri Apr 21 23:30:37 GMT 2006


On 4/21/06, Elliotte Harold <elharo at metalab.unc.edu> wrote:
> However, I suspect what you've discovered is the well-known problem
> where GET is used for operations with side effects, a common flaw in web
> apps designed by people who don't understand HTTP.

I'd like to pipe in with one possible reason (and most likely the
actual reason) for why this hasn't already been done in WordPress, and
the check_admin_referer() function was added as a band-aid to this
wound.

Think about every area in the admin panel where it makes sense to use
a normal link instead of a form button to do things. Let's take the
manage posts page, where the Delete action is one that uses GET to
carry out an action. Now, let's think about a cross browser way to
make this link POST its data instead, without javascript, because we
have to be kind to those who disable javascript. Oh, yeah, we can make
a form with a submit button, but that doesn't match all the other
links to do things on the page, and it'd look completely wrong if we
changed everything to submit buttons. Oh wait, we can style that with
CSS? You're leaving a few browsers out. So now what do we have? An
ugly interface, which will surely raise more eyebrows, to fix a
problem that has a different solution.

As far as I'm concerned, until there is a solution that makes sense
for this problem, I'm fine with abusing the HTTP standard.


--
--Robert Deaton
http://somethingunpredictable.com


More information about the wp-hackers mailing list