[wp-trac] [WordPress Trac] #30910: future post permalink can be revealed when blog article requested by url like ...?p={post_id}
WordPress Trac
noreply at wordpress.org
Mon Jan 5 13:05:48 UTC 2015
#30910: future post permalink can be revealed when blog article requested by url
like ...?p={post_id}
---------------------------+-----------------------------
Reporter: e.mazovetskiy | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Canonical | Version: trunk
Severity: normal | Keywords:
Focuses: |
---------------------------+-----------------------------
If your permalink is composed of article's title, it can be easily
revealed by brute force on post id, giving a clue to the content of your
future post.
Error 404 is rendered in this case but location is being changed from
?p=NNNN, to the permalink of future post, which is completely undesirable
sometimes.
There is work around this with filter on 'redirect_canonical', but I think
this should be the part of core.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/30910>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list