RSS enclosure and password protect bug

  • gouks

    (@gouks)


    20 years ago

    Hya all.
    I just saw that there seems to be a bug (unless it’s wanted but I don’t want it…) in the rss2.0 enclosures feature in wordpress 1.5. (I haven’t tried the cvs though)
    the problem is that if you password protect a post, and put enclosures in it, they still show in in the feed, even though the password has not been entered yet (for the text you get a password field)

    I made a quick patch to the rss_enclosure() function to change that and add password verification.
    you can check that at:
    https://www.mindblaze.net/articles/information-technology/security-breach-in-wordpress-15-rss-feeds-enclosures/

    I’m not a php guru, so be sure to double check it if you apply this patch.
    Feedback is welcome.

  • The topic ‘RSS enclosure and password protect bug’ is closed to new replies.