10 Oct: Security hole in tinyMCE plugin

One of my clients recently found out the hard way that there’s a security hole in the tinybrowser plugin for tinyMCE. It’s a quick fix if you’re already using a session variable to manage authenticated users. But it’s not necessarily a straightforward fix if your sessions are managed by Zend_Auth or some other framework.