[wp-trac] Re: [WordPress Trac] #8814: Bad use of $_REQUEST variable
in wordpress
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 7 07:49:31 GMT 2009
#8814: Bad use of $_REQUEST variable in wordpress
--------------------------+-------------------------------------------------
Reporter: firstbit | Owner: ryan
Type: defect (bug) | Status: new
Priority: high | Milestone: 2.8
Component: Security | Version:
Severity: normal | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Comment (by jacobsantos):
There was already a discussion about this a year ago with no results. So I
mean, good luck.
I also don't think it is as big of a problem as you seem to make it out to
be. !WordPress uses nonces, so it is unlikely that deletions could occur.
!WordPress also does sanitizations, so it is unlikely that a XSS attack
will occur.
--
Ticket URL: <http://trac.wordpress.org/ticket/8814#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list