[wp-trac] [WordPress Trac] #16483: Visibility: password-protected exposes multiple pages
WordPress Trac
noreply at wordpress.org
Fri Aug 12 04:16:56 UTC 2016
#16483: Visibility: password-protected exposes multiple pages
--------------------------------------------------+--------------------
Reporter: monkeyhouse | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.7
Component: Security | Version: 3.0.4
Severity: normal | Resolution:
Keywords: dev-feedback needs-testing has-patch | Focuses:
--------------------------------------------------+--------------------
Comment (by voldemortensen):
After reading #20308, the only way I can see that effecting anything is if
a developer does the following:
Checks the protected posts cookie if it exists.
If it exists, only show posts that have that exact password.
However, the query would still be able to list all posts with the same
password. This would just require users to enter the password for each
post. I'm struggling to come up with a scenario where this would be the
solution though.
Either way, the remedy to this, if its even an issue, could be doing what
@nacin suggested and adding a filter to the cookie name. That would allow
a plugin to restore this "feature".
--
Ticket URL: <https://core.trac.wordpress.org/ticket/16483#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list