[wp-trac] Re: [WordPress Trac] #4748: Unprivileged users can
perform some actions on pages they aren't allowed to access
WordPress Trac
wp-trac at lists.automattic.com
Sun Aug 26 16:33:41 GMT 2007
#4748: Unprivileged users can perform some actions on pages they aren't allowed to
access
-------------------------------------------------------------+--------------
Reporter: xknown | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.2.3
Component: Security | Version: 2.2.2
Severity: normal | Resolution:
Keywords: has-patch has-fix security privilege-escalation |
-------------------------------------------------------------+--------------
Comment (by xknown):
A more safer approach is to check access rights on the affected files
(`can_user_can`), because the current implementation and the patch you
propose could be bypassed (i.e. try this on a Windows box `/wp-
admin/themes.Php/index.php`).
--
Ticket URL: <http://trac.wordpress.org/ticket/4748#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list