[wp-trac] Re: [WordPress Trac] #3317: Protected posts should not be found in searches

WordPress Trac wp-trac at lists.automattic.com
Fri Jun 6 01:17:53 GMT 2008

#3317: Protected posts should not be found in searches
 Reporter:  dosa      |        Owner:  anonymous
     Type:  defect    |       Status:  reopened 
 Priority:  normal    |    Milestone:           
Component:  Security  |      Version:  2.5.1    
 Severity:  normal    |   Resolution:           
 Keywords:            |  
Comment (by DD32):

 Tested on trunk:

  * Created New post, Set a password, Gave it tags & categories, Added a
 unique word to the content
  * Upon searching for the term:
    * The Post appears in the listing, however:
      * It requests a password to view the contents
      * It does display the title: "Protected: My Secret Post" and the date
      * It doesnt show me any details of the post
  * While i was at it, checked how it appeared in the RSS feed, Same as
 above, not content leaked.

 I believe the issue at question here, is that when you logout, The
 password cookie is not cleared, So If someone has added a password, and
 then typed it in, Then they will continue to see the posts' real content
 until a point where the password cookie is cleared.

 So its a bit confusing for users who think their Private/Protected page is
 available for viewing by all.

Ticket URL: <http://trac.wordpress.org/ticket/3317#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list