[wp-trac] Re: [WordPress Trac] #8317: New installs: admin has
user_level 0
WordPress Trac
wp-trac at lists.automattic.com
Wed Nov 26 00:29:55 GMT 2008
#8317: New installs: admin has user_level 0
---------------------+------------------------------------------------------
Reporter: Mr Pete | Owner: jacobsantos
Type: defect | Status: new
Priority: normal | Milestone: 2.8
Component: Upgrade | Version: 2.5
Severity: major | Resolution:
Keywords: |
---------------------+------------------------------------------------------
Comment (by Mr Pete):
I'm browsing down quickly. Obviously the first one is affected.
Next one I see that will act differently in PHP5 and PHP4:
taxonomy.php line 114, function _cat_row()
{{{
$category = get_category( $category, OBJECT, 'display' );
...
$category->count = number_format_i18n( $category->count );
}}}
And the same at line 274, function link_cat_row()
In PHP4, the original category object is not changed because $category is
a copy. In PHP5, the original would be changed if number_format_i18n() is
anything but a nop.
I don't know if this is a problem or not. If the original should not be
modified, the code is wrong for PHP5.
Every function that accepts OBJECT as a return type acts differently in
PHP5 and PHP4. I don't immediately see other issues in the code base than
what I've outlined here, but then I only spent a few minutes.
Again, this most likely impacts non-core code (all those "OBJECT" returns
are there for a purpose, even though not used in the core code base.)
Overall, I suspect the actual core code bugs related to this are rare.
I suspect this is a potential security hole. A badly coded plugin has
direct access to original objects in PHP5, because the objects (and
arrays!) are returned by reference in all of the above functions.
Should this be documented? I dunno... I'm just a noob.
--
Ticket URL: <http://trac.wordpress.org/ticket/8317#comment:27>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list