[wp-trac] Re: [WordPress Trac] #8814: Bad use of $_REQUEST variable
in wordpress
WordPress Trac
wp-trac at lists.automattic.com
Mon Apr 20 12:09:37 GMT 2009
#8814: Bad use of $_REQUEST variable in wordpress
--------------------------+-------------------------------------------------
Reporter: firstbit | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8
Component: Security | Version: 2.8
Severity: normal | Keywords: has-patch needs-testing dev-feedback
--------------------------+-------------------------------------------------
Comment(by Denis-de-Bernardy):
I can spot a lines in the code where _REQUEST[auth_cookie] gets used for
whatever reason. I take it that it's to make WP based authentication work
with _ENV variables on wordpress.org.
at any rate, the attached patch needs some testing, as I might have missed
areas in the code base where a REQUEST variable might be in a cookie.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/8814#comment:7>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list