[wp-trac] [WordPress Trac] #27052: Known admin user_id ( = 1 ) could lead to security problems and/or unwanted side-effects
WordPress Trac
noreply at wordpress.org
Sun Feb 9 21:45:22 UTC 2014
#27052: Known admin user_id ( = 1 ) could lead to security problems and/or unwanted
side-effects
-------------------------------------------------+----------------------
Reporter: ruud@… | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Upgrade/Install | Version: 3.8
Severity: normal | Resolution: wontfix
Keywords: has-patch needs-testing 2nd-opinion | Focuses:
-------------------------------------------------+----------------------
Comment (by TobiasBg):
Replying to [comment:4 ruud@…]:
> So if no real security threat can be circumvented by this patch then
only the 'unwanted side-effects' will be remedied by this patch, like
mistakes such as:
>
> {{{
> $current_user = wp_get_current_user();
> if ( $current_user->ID ) {
> // admin related code
> }
> }}}
That also won't really be prevented, as any random positive ID is boolean
true here.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27052#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list