[wp-hackers] Security at Wordpress
Elliotte Harold
elharo at metalab.unc.edu
Mon Apr 24 19:10:27 GMT 2006
Robert Deaton wrote:
> If there's a more robust solution, we're still waiting to hear it. All
> we've heard is some pedantry about the HTTP standard. Matt has
> dismissed the idea because, as he sees it (and I must agree), a
> solution using POST still needs nonces, and has detrimental
> side-effects (can't approve comments from e-mails et al).
You continue to ask for things that can't and shouldn't be done. Not
approving comments from e-mails via GET is a feature, not a bug. As long
as you insist on bug-prone kludges like this, it's pointless for me to
submit a patch. You've already said you aren't willing to accept a
version of WordPress that limits GET to safe operations as I require.
When you change your mind about that, then it's worth my time to submit
a patch.
--
Elliotte Rusty Harold elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim
More information about the wp-hackers
mailing list