[wp-trac] [WordPress Trac] #11531: Some taxonomy names should be disallowed
WordPress Trac
wp-trac at lists.automattic.com
Mon Dec 21 08:19:50 UTC 2009
#11531: Some taxonomy names should be disallowed
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Cache | Version: 2.9
Severity: normal | Keywords: needs-patch
-------------------------------+--------------------------------------------
Changes (by dd32):
* keywords: => needs-patch
* milestone: 2.9.1 => 3.0
Comment:
Rather than being dis-allowed, The group should be prefixed with
something, such as {{{tax-$taxonomy}}}
Milestone: In my opinion, This is not a "high-risk" security issue. My
reasoning for this, is due to that it takes a malicious plugin or theme
running on your blog in order for an issue to arrise. Due to it having
little impact upon end users (Rather, The onus falls on Developers right
now to use a non-conflicting taxonomy name, And any malicious plugin could
access/overwrite users directly) and not being a regression from a
previous version, It belongs in the next major release.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11531#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list