jdmanci7
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Can’t find is_admin() function in query.phpThanks, saved me hours of looking.
Overall the problem isn’t up to me. Basically my website also has e-commerce in which the credit card merchant has decided all companies to be compliant with a security company, in this case Security Metrics standards.
When they scan the website, they come up with an issue that they consider not up to their standards of security for websites that do e-commerce and process credit cards.
The problem is they are saying that the query.php file is creating a situation in which the is_admin() function returns true to a particular URL, which allows said person to view all messages, whether or not they are considered drafts, future, or pending.
There is a trac for it:
https://core.trac.www.ads-software.com/ticket/5487and this leads to another page:
https://www.securityfocus.com/archive/1/485252/30/0/threadedand this posting:
https://www.blackhatdomainer.com/how-to-know-today-what-shoemoney-is-going-to-post-tomorrowNow these are like 2 years old. I haven’t been using WordPress long enough to know whether or not the is_admin() has changed.
Did WordPress ever update in the last two years to block this? Or have they just left it up to the user to apply the patch described in the trac if they don’t want people peaking on their future posts.
Oh and how this effects credit card processing and why a security company considers this a level 4 out of 8 threat and thus not compliant beats me, lol.