[wp-trac] [WordPress Trac] #11644: multiple blogs & sites / merge WPMU
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 20 22:29:15 UTC 2010
#11644: multiple blogs & sites / merge WPMU
----------------------------+-----------------------------------------------
Reporter: hakre | Owner: wpmuguru
Type: task (blessed) | Status: assigned
Priority: normal | Milestone: 3.0
Component: Multisite | Version:
Severity: normal | Keywords: multisite
----------------------------+-----------------------------------------------
Comment(by jamescollins):
Replying to [comment:86 ryan]:
> (In [12774]) Use update. see #11644
I realise that this changeset has simplified the code, but is it
considered a security risk that a site admin could update other fields in
the wp_blogs table by adding them to the form before submitting it?
ie there is nothing stopping a site admin from adding a lang_id or site_id
hidden field, then submitting the form. Alternatively I could add any
other hidden field that doesn't exist in the wp_blogs table, and it would
cause a SQL error.
Prior to [12774] these extra fields would have been ignored.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11644#comment:92>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list