[wp-trac] [WordPress Trac] #11531: Some taxonomy names should be disallowed

WordPress Trac wp-trac at lists.automattic.com
Sun Jun 13 02:07:45 UTC 2010 

#11531: Some taxonomy names should be disallowed
-------------------------------+--------------------------------------------
 Reporter:  Denis-de-Bernardy  |       Owner:  ryan                         
     Type:  defect (bug)       |      Status:  new                          
 Priority:  normal             |   Milestone:  3.1                          
Component:  Cache              |     Version:  2.9                          
 Severity:  normal             |    Keywords:  needs-patch reporter-feedback
-------------------------------+--------------------------------------------
Changes (by shidouhikari):

 * cc: shidouhikari (added)
  * priority:  high => normal
  * severity:  major => normal


Comment:

 I agree with dd32, a theme or plugin would need to create a taxonomy with
 a conflicting name.

 That has no security severity, since we already rely on theme/plugin being
 trusted. If we'd consider this issue a security flaw, then what about
 theme/plugin being able to edit global $post from any action and filter,
 or add filters to get_option()? With these 2 little features anything in a
 site can be changed from a code running in modules.

 Only security risk I see here is if a theme/plugin is installed, hides
 data in cache using this method, and then it's found as risky and removed
 from wp-content, but its altered data remains in cache until cache becomes
 outdated and forced to be updated from database. But if that's the case,
 whoever removes it will know about cache and a simple wp_cache_flush()
 will solve the rest.

 The real problem here is if a theme designer that knows little about Core
 and never saw cache in his life decides to create a taxonomy "users". But
 terms have different fields than other objects, so the whole site would
 probably break still during development, just with pageload-living cache,
 still during development. He would find it out easily and learn about
 cache or much probably just try giving his taxonomy another name and see
 everything go back to normal. "Well, IDK why that happened, but it seems a
 taxonomy named 'users' breaks everything, I'll just use a less common name
 and move on".

 using a prefix like "tax-".$term->taxonomy in every cache code solves it
 all.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11531#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list