[wp-trac] Re: [WordPress Trac] #4939: check_ajax_referer does not
protect from CSRF at all
WordPress Trac
wp-trac at lists.automattic.com
Thu Sep 13 04:08:59 GMT 2007
#4939: check_ajax_referer does not protect from CSRF at all
----------------------+-----------------------------------------------------
Reporter: xknown | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone:
Component: Security | Version: 2.3
Severity: normal | Resolution:
Keywords: |
----------------------+-----------------------------------------------------
Comment (by mdawaffe):
Rather than setting the user, we could check to see if the current user
matches the user from the cookie and die('-1') otherwise.
--
Ticket URL: <http://trac.wordpress.org/ticket/4939#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list