[wp-trac] Re: [WordPress Trac] #4606: Redirection Vulnerability in
wp-pass.php
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 19 03:35:56 GMT 2007
#4606: Redirection Vulnerability in wp-pass.php
------------------------------------------------------------+---------------
Reporter: snakefoot | Owner: markjaquith
Type: defect | Status: reopened
Priority: high | Milestone: 2.3
Component: Security | Version: 2.0.10
Severity: major | Resolution:
Keywords: developer-feedback has-patch security redirect |
------------------------------------------------------------+---------------
Changes (by markjaquith):
* status: closed => reopened
* resolution: fixed =>
Comment:
Issue with that first swing was that it couldn't handle relative paths,
like "wp-admin/" -- which is the default redirect_to for wp-login.php
A more robust solution is coming up.
--
Ticket URL: <http://trac.wordpress.org/ticket/4606#comment:10>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list