[wp-trac] Re: [WordPress Trac] #4645: Wordpress page editor
"forgets" submit button on form
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 16 21:07:21 GMT 2007
#4645: Wordpress page editor "forgets" submit button on form
--------------------------+-------------------------------------------------
Reporter: Nosve | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.2.2
Component: General | Version: 2.2
Severity: major | Resolution:
Keywords: forms submit |
--------------------------+-------------------------------------------------
Comment (by Nazgul):
It's not a security risk.
You need the unfiltered_html capability to include javascript/raw php in
your pages/posts, which by default is only given to administrators.
Contributers don't have that capability and therefore can't abuse it,
because script tags and the like are filtered out.
--
Ticket URL: <http://trac.wordpress.org/ticket/4645#comment:7>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list