[wp-hackers] Critical WP Flaw?
Andy Staines
andy at yellowswordfish.com
Thu Jul 27 10:01:07 GMT 2006
On 10:28 AM | Thu 27 Jul 06, at 10:28 AM | 27 Jul 06, Joey B wrote:
>
>
> Saying so here won't make much of a dent in changing that. I've never
> heard of current_user_can(), either, along with, apparently, a lot of
> other plugin devs. This would lead me to believe there is a failure in
> documentation which should probably also be addressed along with this
> security vulnerability, if this is so important.
>
>
Thanks for saying this Joey - I'm glad I'm not the only one. I've
done my best with what's in the codex and by working through other
peoples plugin code but if the ones I looked at didn't do things
right then I just inherited the same old problems. WordPress is a
fantastic platform to work with but by encouraging a third party
plugin architecture there is a dire need for specific documentation
that is lacking. Sadly, the only people who can really compile that
documentation are the people who designed the architecture in the
first place. Without that, plugins will continue to cause certain
users problems and lay themselves open to vulnerabilities that we
didn't even know were possible. I know you guys work hard and you
have my admiration and respect but to just throw out the comment that
authors need to do this or that doesn't help most of us one little bit.
If I could write it up I would!
andy
http://www.yellowswordfish.com
More information about the wp-hackers
mailing list