[wp-trac] [WordPress Trac] #10739: Pass logged_in cookie to async-upload
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 9 09:27:56 UTC 2009
#10739: Pass logged_in cookie to async-upload
-------------------------------+--------------------------------------------
Reporter: nbachiyski | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Unassigned
Component: Upload | Version:
Severity: normal | Resolution:
Keywords: reporter-feedback |
-------------------------------+--------------------------------------------
Changes (by azaozz):
* keywords: has-patch => reporter-feedback
* status: closed => reopened
* resolution: fixed =>
Comment:
This doesn't look good... We make the cookies not accessible by JS and at
the same time put them in plain view and accept them in the GET request.
Perhaps we could look at making a short-lived (30 min?) nonce for the
flash uploader, would be way more secure.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10739#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list