[wp-trac] [WordPress Trac] #13827: Security Vulnerabilities In wp-signup.php Breaking Plugins
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 11 21:28:06 UTC 2010
#13827: Security Vulnerabilities In wp-signup.php Breaking Plugins
-------------------------------------------+--------------------------------
Reporter: uglyrobot | Owner: wpmuguru
Type: defect (bug) | Status: reviewing
Priority: normal | Milestone:
Component: Multisite | Version: 3.0
Severity: normal | Resolution:
Keywords: needs-patch reporter-feedback |
-------------------------------------------+--------------------------------
Comment(by uglyrobot):
nonce's won't work for the reasons I specified above. For some signup
plugins (not bot prevention ones) you can echo in hidden form fields data
you collect on the signup part of the form into the blog part of the form.
But for any anti-spam plugins there is no way to carry data over between
forms in a way that can't be manipulated short of starting a php session
and using that to carry data over.
While there are dirty hacks to try and get around this bug, the fact
remains that their necessity is due to a fundamental design flaw in wp-
signup.php. A plugin dev has to know about this exploit and hack around
it. If we can just combine the user and blog forms all would be well.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13827#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list