[wp-trac] [WordPress Trac] #44022: Location information of admin users leaked
WordPress Trac
noreply at wordpress.org
Wed May 9 15:01:52 UTC 2018
#44022: Location information of admin users leaked
-------------------------------------+-----------------------------
Reporter: alicewondermiscreations | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
-------------------------------------+-----------------------------
class-wp-community-events.php
That class and what it does really needs to be taken out of core and
turned into a plugin. I don't care if it is a plugin that installed by
default and even turned on by default, but it needs to be easy to turn
off.
https://gist.github.com/AliceWonderMiscreations/b6acab93d03f73ba3b327aaebbf043e1
That turns it off, but that will get undone w/ the next WordPress because
it is modifying a core file.
Please turn that feature into a plugin that can easily be turned off by
non-technical admins.
Also the class uses unsalted md5 - wouldn't it be better to use one of the
site specific salts in the wp-config.php to salt the key created with the
md5?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44022>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list