[wp-trac] Re: [WordPress Trac] #3807: Admin Functions Denying
Access with "You don't have permission to do that"
WordPress Trac
wp-trac at lists.automattic.com
Mon Jun 4 03:28:12 GMT 2007
#3807: Admin Functions Denying Access with "You don't have permission to do that"
-----------------------------------------------+----------------------------
Reporter: seanwedig | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.4
Component: Administration | Version: 2.1
Severity: major | Resolution:
Keywords: permissions has-patch 2nd-opinion |
-----------------------------------------------+----------------------------
Comment (by ryan):
My memory is foggy, but I think the cookies are passed to act as a nonce.
This code predates our addition of proper nonces. I think we can change
this to use _COOKIE for the login auth and a separate nonce for XSRF
protection. I'll check with mdawaffe.
--
Ticket URL: <http://trac.wordpress.org/ticket/3807#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list