[wp-trac] Re: [WordPress Trac] #10294: CSRF through the img tag
WordPress Trac
wp-trac at lists.automattic.com
Wed Jul 1 07:59:20 UTC 2009
#10294: CSRF through the img tag
--------------------------+-------------------------------------------------
Reporter: SaltwaterC | Owner: ryan
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: Security | Version: 2.8
Severity: normal | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Comment(by dd32):
SaltwaterC: What is your proposed solution to a 3rdparty issue (Of not
having some sort of "are you sure you wish to do this" action
Its impossible.
{{{bb-login.php?logout}}} compared to {{{image.php?image=1234}}} How is
wordpress to know the latter is a image and not a malicious link?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10294#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list