[pLog-svn] r6276 - in plog/branches/lifetype-1.2/class: data/validator misc template test/tests/misc
Jon Daley
plogworld at jon.limedaley.com
Sat Mar 29 17:21:01 EDT 2008
On Sat, 29 Mar 2008, Jon Daley wrote:
> I just went to check to see how wordpress does it, and it turns out they are
> significantly worse off than we are. I'll file a bug with them. Perhaps my
> attacker wasn't specifically attacking lifetype, but knew that lots of
> resource uploaders don't work well in the validation department.
Ah. Wordpress allows admins to upload php scripts (though they
report an error and say that the file isn't uploaded), but don't allow
other users to do so. Not so critical. I can't figure out where to
report a bug for wordpress though.
More information about the pLog-svn
mailing list