[wp-trac] Re: [WordPress Trac] #3807: Admin Functions Denying
Access with "You don't have permission to do that"
WordPress Trac
wp-trac at lists.automattic.com
Mon Jun 4 22:17:49 GMT 2007
#3807: Admin Functions Denying Access with "You don't have permission to do that"
-----------------------------------------------+----------------------------
Reporter: seanwedig | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.4 (future)
Component: Administration | Version: 2.1
Severity: major | Resolution:
Keywords: permissions has-patch 2nd-opinion |
-----------------------------------------------+----------------------------
Comment (by basvd):
Alright, thanks for the clarification.[[BR]]
[[BR]]
The cause of this bug is actually a PHP security patch/extension called
Suhosin. I wrote about the issue in detail
[http://sparepencil.com/archives/2007/06/03/wordpress-and-the-cookies/ on
my blog].[[BR]]
[[BR]]
Using `$_COOKIE` would indeed be more risky (although I doubt it if
Suhosin is running).[[BR]]
Anyhow, I am currently talking to the developer(s) of Suhosin about
implementing a cookie decryption function (natively in Suhosin or in PHP
userspace) which can be applied to any encrypted string which is known to
be cookiedata.[[BR]]
[[BR]]
If this is implemented in Suhosin, we could use it to further minimise
this bug.
--
Ticket URL: <http://trac.wordpress.org/ticket/3807#comment:7>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list