Opened 5 years ago

Last modified 4 years ago

#6978 new defect (bug)

Accessing password protected posts though bloglines sends reader directly to dashboard

Reported by: MidoSibira Owned by: anonymous
Priority: normal Milestone: Future Release
Component: Template Version: 2.5.1
Severity: normal Keywords: Protected Post Bloglines
Cc:

Description

Accessing password protected posts though bloglines sends non-admin reader directly to admin dashboard:

1) User selects a feed in bloglines
2) In the bloglines frame the user enters the password for the protected post
3) Wordpress dashboard is loaded in the bloglines frame instead of the protected post

This gives the non-admin user full access to the wordpress blog.

Attachments (2)

1_BloglinesPassword.jpg (123.4 KB) - added by MidoSibira 5 years ago.
Picture of wordpress protected post password prompt in bloglines
2_BloglinesDashboard.jpg (134.9 KB) - added by MidoSibira 5 years ago.
Picture of wordpress dashboard in bloglines

Download all attachments as: .zip

Change History (6)

MidoSibira 5 years ago

Picture of wordpress protected post password prompt in bloglines

MidoSibira 5 years ago

Picture of wordpress dashboard in bloglines

comment:1   mrmist5 years ago

  • Severity changed from major to normal

This isn't actually a security issue. The redirection only shows the dashboard if you're already logged in with a cookie. If you're not logged in, you get the login prompt.

It is, however, broken, because you should see the entry, not the dashboard/admin login box.

Still broke as of 2.6.1 beta2

comment:2   ryan5 years ago

  • Milestone changed from 2.7 to 2.9

comment:3   Denis-de-Bernardy4 years ago

  • Component changed from General to Template

comment:4   ryan4 years ago

  • Milestone changed from 2.9 to Future Release
Note: See TracTickets for help on using tickets.