Package: wordpress
Version: 3.6.1+dfsg-1~deb7u2
Severity: normal
Tags: security upstream patch
Hi,
Upstream Wordpress 3.8.2 introduced a bug in bulk_edit_posts:
https://core.trac.wordpress.org/ticket/27792
It seems to me that cs27976_priv_esc backported the bug into
Wordpress 3.6, though I haven't tested in a running WP instance.
There was an incomplete fix committed as cs27991, that was reverted
and improved by cs28114. Combining these, I ended up with the attached
cs28114_bulk_edit_posts
Thanks.
-- System Information:
Debian Release: 7.1
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)
Kernel: kFreeBSD 9.0-2-amd64-xenhvm
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Index: wordpress-3.6.1+dfsg/wp-admin/includes/post.php
===================================================================
--- wordpress-3.6.1+dfsg.orig/wp-admin/includes/post.php 2014-04-17 11:54:34.000000000 +0100
+++ wordpress-3.6.1+dfsg/wp-admin/includes/post.php 2014-04-17 13:36:59.000000000 +0100
@@ -395,7 +395,12 @@
}
$updated = $skipped = $locked = array();
+ $shared_post_data = $post_data;
+
foreach ( $post_IDs as $post_ID ) {
+ // Start with fresh post data with each iteration.
+ $post_data = $shared_post_data;
+
$post_type_object = get_post_type_object( get_post_type( $post_ID ) );
if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( 'edit_post', $post_ID ) ) {
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
