PHP/Wordpress is daft

February 26th, 2008 | by dan |

I’ve just had to upgrade wordpress to fix this bug:

http://trac.wordpress.org/ticket/5487 -

1. Create a draft post

2. Log out

3. Visit http://yourblog.com/index.php/wp-admin/

  • is_admin() spots the wp-admin in the request and returns true
  • query.php uses is_admin() to decide to return future, draft or pending posts

That’s not how you’re supposed to do authentication!

‘Code is poetry’, indeed.

  1. 1 Trackback(s)

  2. Apr 10, 2008: ivixlog » Blog Archive » AberQuotes

Post a Comment