[wp-trac] [WordPress Trac] #3478: Title of private posts show up in
dashboard
WordPress Trac
wp-trac at lists.automattic.com
Sun Dec 17 11:28:47 GMT 2006
#3478: Title of private posts show up in dashboard
----------------------+-----------------------------------------------------
Reporter: McShelby | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.2
Component: Security | Version: 2.0.5
Severity: major | Keywords:
----------------------+-----------------------------------------------------
When a user A logs in to Wordpress he cannot actually see the comments
attached to a private post of some other user B, but he can see the title
of the post on the Dashboard page. There's a link under "Latest Activity
>> Comments" which shows the title of the private post which has recently
had a comment attached to it. If user A clicks on the post title link, he
correctly gets the 404 page. However the title of user B's private post
was revealed.
--
Ticket URL: <http://trac.wordpress.org/ticket/3478>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list