[wp-trac] Re: [WordPress Trac] #3317: Protected posts should not be
found in searches
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 6 01:17:53 GMT 2008
#3317: Protected posts should not be found in searches
----------------------+-----------------------------------------------------
Reporter: dosa | Owner: anonymous
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: Security | Version: 2.5.1
Severity: normal | Resolution:
Keywords: |
----------------------+-----------------------------------------------------
Comment (by DD32):
Tested on trunk:
* Created New post, Set a password, Gave it tags & categories, Added a
unique word to the content
* Upon searching for the term:
* The Post appears in the listing, however:
* It requests a password to view the contents
* It does display the title: "Protected: My Secret Post" and the date
* It doesnt show me any details of the post
* While i was at it, checked how it appeared in the RSS feed, Same as
above, not content leaked.
I believe the issue at question here, is that when you logout, The
password cookie is not cleared, So If someone has added a password, and
then typed it in, Then they will continue to see the posts' real content
until a point where the password cookie is cleared.
So its a bit confusing for users who think their Private/Protected page is
available for viewing by all.
--
Ticket URL: <http://trac.wordpress.org/ticket/3317#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list