Opened 16 years ago
Closed 10 years ago
#6978 closed defect (bug) (worksforme)
Accessing password protected posts though bloglines sends reader directly to dashboard
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 2.5.1 |
| Component: | Template | Keywords: | reporter-feedback |
| Focuses: | Cc: |
Description
Accessing password protected posts though bloglines sends non-admin reader directly to admin dashboard:
1) User selects a feed in bloglines
2) In the bloglines frame the user enters the password for the protected post
3) Wordpress dashboard is loaded in the bloglines frame instead of the protected post
This gives the non-admin user full access to the wordpress blog.
Attachments (2)
Change History (8)
#1
@
16 years ago
- Severity changed from major to normal
This isn't actually a security issue. The redirection only shows the dashboard if you're already logged in with a cookie. If you're not logged in, you get the login prompt.
It is, however, broken, because you should see the entry, not the dashboard/admin login box.
Still broke as of 2.6.1 beta2
Note: See
TracTickets for help on using
tickets.
Picture of wordpress protected post password prompt in bloglines