[wp-trac] [WordPress Trac] #16483: Visibility: password-protected exposes multiple pages

WordPress Trac noreply at wordpress.org
Fri Aug 12 04:16:56 UTC 2016


#16483: Visibility: password-protected exposes multiple pages
--------------------------------------------------+--------------------
 Reporter:  monkeyhouse                           |       Owner:
     Type:  defect (bug)                          |      Status:  new
 Priority:  normal                                |   Milestone:  4.7
Component:  Security                              |     Version:  3.0.4
 Severity:  normal                                |  Resolution:
 Keywords:  dev-feedback needs-testing has-patch  |     Focuses:
--------------------------------------------------+--------------------

Comment (by voldemortensen):

 After reading #20308, the only way I can see that effecting anything is if
 a developer does the following:

 Checks the protected posts cookie if it exists.
 If it exists, only show posts that have that exact password.

 However, the query would still be able to list all posts with the same
 password. This would just require users to enter the password for each
 post. I'm struggling to come up with a scenario where this would be the
 solution though.

 Either way, the remedy to this, if its even an issue, could be doing what
 @nacin suggested and adding a filter to the cookie name. That would allow
 a plugin to restore this "feature".

--
Ticket URL: <https://core.trac.wordpress.org/ticket/16483#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list