I would like to address a question on “edit-comments.php”. Why the default setting of “comments view” has been set as “detail”? If some attack (expression for an XSS attack) expression has been passed, the administrator could see insecure expression. So, line 50 in edit-comments.php of WP 2.6.3 is:
49: if ( empty($_GET[‘mode’]) )
50: $mode = ‘detail’;
but I will suggest that it should be modified as:
if ( empty($_GET[‘mode’]) )
$mode = ‘list’;
I will appreciate for any comment, thanks.
- The topic ‘Comments View to be more secure’ is closed to new replies.