[wp-trac] Re: [WordPress Trac] #4645: Wordpress page editor "forgets" submit button on form

WordPress Trac wp-trac at lists.automattic.com
Mon Jul 16 21:07:21 GMT 2007

#4645: Wordpress page editor "forgets" submit button on form
 Reporter:  Nosve         |        Owner:  anonymous
     Type:  defect        |       Status:  new      
 Priority:  high          |    Milestone:  2.2.2    
Component:  General       |      Version:  2.2      
 Severity:  major         |   Resolution:           
 Keywords:  forms submit  |  
Comment (by Nazgul):

 It's not a security risk.

 You need the unfiltered_html capability to include javascript/raw php in
 your pages/posts, which by default is only given to administrators.

 Contributers don't have that capability and therefore can't abuse it,
 because script tags and the like are filtered out.

Ticket URL: <http://trac.wordpress.org/ticket/4645#comment:7>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list