[wp-trac] Re: [WordPress Trac] #3142: user_edit.php vulnerable:
User can spy out metadata of other users
WordPress Trac
wp-trac at lists.automattic.com
Sat Sep 23 17:26:41 GMT 2006
#3142: user_edit.php vulnerable: User can spy out metadata of other users
----------------------------+-----------------------------------------------
Reporter: adapter | Owner: anonymous
Type: defect | Status: reopened
Priority: high | Milestone: 2.1
Component: Administration | Version: 2.0.4
Severity: major | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Changes (by foolswisdom):
* resolution: fixed =>
* keywords: bug vulnerability =>
* status: closed => reopened
Comment:
Hi Adapter,
Thank you for participating in WordPress!
Please do not mark bugs as FIXED. That is done when a fix is checked into
the official source tree.
Please try to be as concise as possible. For example when you say "this
bug" I do not know if you are referring to the originally reported problem
or, my guess, what you thought was causing the "case insensitivity".
Please do not attach files, but attach a diff.
ENV: WP 2.0.4
Using 2 "subscribers", I have not been able to reproduce the problem you
describe.
Below "You do not have permission to edit this user." the users *own* data
is displayed. I think this experience is a bit awkward (and a new bug
could be created), but this is not the bug you describe.
--
Ticket URL: <http://trac.wordpress.org/ticket/3142>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list