[wp-trac] Re: [WordPress Trac] #4759: Blank index.php in wp-content
subdirs (proposal + bug patch)
WordPress Trac
wp-trac at lists.automattic.com
Mon Aug 20 15:15:52 GMT 2007
#4759: Blank index.php in wp-content subdirs (proposal + bug patch)
----------------------------------------------+-----------------------------
Reporter: ozh | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.3 (trunk)
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: index opendir security has-patch |
----------------------------------------------+-----------------------------
Changes (by Ozh):
* keywords: index opendir security => index opendir security has-patch
* type: enhancement => defect
* component: Security => Administration
* severity: trivial => normal
* summary: Blank index.php in wp-content subdirs => Blank index.php in
wp-content subdirs (proposal + bug patch)
Comment:
As of now there is a bug (feature?) making the Dashboard default page
display the content of any 'index.php' that might exist in /wp-
content/plugins/
I think this is a bug because index.php might not be a plugin
Here is a proposal for a fix of this behavior (sorry, I have nothing like
svn or patch on the machine I'm on right now).
1) A new function (in wp-admin/includes/plugins.php would be appropriate)
{{{
/**
* Checks if a file is (seems to be) a plugin - Ozh
* @param string $plugin_file full path to a file
* @return boolean
*/
function is_pluginfile($plugin_file) {
if ( !is_readable( $plugin_file ) or substr($plugin_file, -4) !=
'.php' )
return false;
$plugin_data = get_plugin_data( $plugin_file );
if ( empty ( $plugin_data['Name'] ) )
return false;
return true;
}
}}}
2) Changes to /wp-admin/menu-header.php
Replace every ''file_exists'' with ''is_pluginfile''
3) If this patch is accepted, function get_plugins() from /wp-
admin/includes/plugins.php could use is_pluginfile() as well with an
improved test on line 73:
{{{
line 73 -- if ( !is_readable( "$plugin_root/$plugin_file" ) )
line 73 ++ if ( !is_pluginfile( "$plugin_root/$plugin_file" )
)
}}}
--
Ticket URL: <http://trac.wordpress.org/ticket/4759#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list