On 2005-10-26T00:40-0700 Matt Mullenweg wrote: > >I need a Wordpress release with the updated "Snoopy version 1.2.1. ASAP. > Could you confirm this affects WP? We use an older version of Snoopy > that has been modified, and the only calls to it are hard-coded RSS > feeds, so I don't think this would actually be exploitable.
I don't have time to check this out. The exploit seems to require snoopy to be subclassed by something and then a direct argument fed to it. It really gets messy if you say you've modified Snoopy for Wordpress. You should perhaps consider marking that in the header of the source and somehow pass these changes upstream. I don't know. Isn't there a chance perhaps that a plugin uses Snoopy? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
