[wp-trac] [WordPress Trac] #22705: Admin cookies set to wrong path for main blog in a WP-in-subdir-sites-on-root install that uses subdomains
WordPress Trac
noreply at wordpress.org
Mon Dec 3 23:32:17 UTC 2012
#22705: Admin cookies set to wrong path for main blog in a WP-in-subdir-sites-on-
root install that uses subdomains
-------------------------------------+------------------
Reporter: markjaquith | Owner:
Type: defect (bug) | Status: new
Priority: high | Milestone: 3.5
Component: Administration | Version:
Severity: blocker | Resolution:
Keywords: has-patch needs-testing |
-------------------------------------+------------------
Comment (by nacin):
The security concern is that we like to keep the admin cookies limited to
wp-admin only. This means a vulnerability via the front-end of the site
wouldn't necessarily result in any serious compromise.
But, we already relax those rules for subdirectory installs, so we're
going to need to do it for this specific case of subdomain installs as
well, for now. When we bring multiple-domain support into core, with that
we'll need to do cross-site logins, which would mean we can again go back
to having properly sequestered admin cookies for all types of sites.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22705#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list