[wp-trac] [WordPress Trac] #11893: Comment author should be able to edit his comments for a half hour
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 15 07:12:15 UTC 2010
#11893: Comment author should be able to edit his comments for a half hour
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Future Release
Component: Comments | Version: 2.9.1
Severity: normal | Keywords: needs-patch
-------------------------------+--------------------------------------------
Comment(by miqrogroove):
Ah, you've also got trivial session fixation in the existing system.
That's a deal-breaker for anonymous comment editing.
1. Fill the name field as 'user1' and leave a comment.
2. Delete author cookie or switch computers.
3. Leave a second comment with same name value as the first commenter.
WordPress resets the second user's author cookie with the first user's
session key. The second user can now guess the comment ID number and edit
the first user's comment.
Conversely:
1. Leave a comment using a known name, 'scribu'.
2. Use your favorite method to sneak your author cookie onto scribu's
computer.
3. When scribu leaves a comment, the author key is already known by a
third party and the comment ID number can be guessed for editing access.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11893#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list