[Secure-testing-team] Bug#745030: Quick Draft regression in Wordpress 3.8.2
Steven Chamberlain
steven at pyro.eu.org
Thu Apr 17 12:19:02 UTC 2014
Package: wordpress
Version: 3.6.1+dfsg-1~deb7u2
Severity: normal
Tags: security upstream patch
Control: found -1 wordpress/3.6.1+dfsg-1~deb6u2
Hi,
Upstream Wordpress 3.8.2 fix broke the Quick Draft feature, and
this affects the Debian backport to 3.6 as well:
http://wordpress.org/news/2014/04/wordpress-3-8-3/
After logging into the Dashboard, the upper-right QuickPress pane
allows to draft or publish a post. With cs27976_priv_esc applied
to Wordpress 3.8 or 3.6, the Save Draft button reports success
but the draft remains hidden from view, and is garbage-collected
after seven days.
Upstream commit 27904 fixed this and I've tested in 3.6. I
can't currently see it in their Trac but you can fetch it with:
$ svn diff -r 27889:27904 http://core.svn.wordpress.org/branches/3.8/
Wordpress 3.8.3 also added a mechanism to restore drafts that may
have been lost in the past 7 days due to this bug. That may be
excessive though.
Thanks.
-- System Information:
Debian Release: 7.1
APT prefers proposed-updates
APT policy: (500, 'proposed-updates'), (500, 'stable')
Architecture: kfreebsd-amd64 (x86_64)
Kernel: kFreeBSD 9.0-2-amd64-xenhvm
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Secure-testing-team
mailing list