[wp-trac] [WordPress Trac] #5272: Wodpress allows anonymous user to
see slug for private post by guessing post number
WordPress Trac
wp-trac at lists.automattic.com
Mon Oct 29 00:06:08 GMT 2007
#5272: Wodpress allows anonymous user to see slug for private post by guessing
post number
---------------------+------------------------------------------------------
Reporter: tzafrir | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.4
Component: General | Version: 2.3.1
Severity: major | Keywords:
---------------------+------------------------------------------------------
I have pretty permalinks enabled, and I set a post as private.
Entering http://blog.url/?p=(postid) will redirect the user, any user, to
http://blog.url/perma/link/, and only then give him a 404 error.
Depending on permalink structure, this shows the private post's title to
anyone who figures out its post number.
--
Ticket URL: <http://trac.wordpress.org/ticket/5272>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list