[wp-trac] Re: [WordPress Trac] #3807: Admin Functions Denying Access with "You don't have permission to do that"

WordPress Trac wp-trac at lists.automattic.com
Mon Jun 4 22:17:49 GMT 2007


#3807: Admin Functions Denying Access with "You don't have permission to do that"
-----------------------------------------------+----------------------------
 Reporter:  seanwedig                          |        Owner:  anonymous   
     Type:  defect                             |       Status:  new         
 Priority:  normal                             |    Milestone:  2.4 (future)
Component:  Administration                     |      Version:  2.1         
 Severity:  major                              |   Resolution:              
 Keywords:  permissions has-patch 2nd-opinion  |  
-----------------------------------------------+----------------------------
Comment (by basvd):

 Alright, thanks for the clarification.[[BR]]
 [[BR]]
 The cause of this bug is actually a PHP security patch/extension called
 Suhosin. I wrote about the issue in detail
 [http://sparepencil.com/archives/2007/06/03/wordpress-and-the-cookies/ on
 my blog].[[BR]]
 [[BR]]
 Using `$_COOKIE` would indeed be more risky (although I doubt it if
 Suhosin is running).[[BR]]
 Anyhow, I am currently talking to the developer(s) of Suhosin about
 implementing a cookie decryption function (natively in Suhosin or in PHP
 userspace) which can be applied to any encrypted string which is known to
 be cookiedata.[[BR]]
 [[BR]]
 If this is implemented in Suhosin, we could use it to further minimise
 this bug.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/3807#comment:7>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list