[wp-trac] Re: [WordPress Trac] #5564: Non Plugin Files Cab Be
Easily Included In Current Plugins using database Manipulation
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 2 06:22:28 GMT 2008
#5564: Non Plugin Files Cab Be Easily Included In Current Plugins using database
Manipulation
-------------------------------+--------------------------------------------
Reporter: keithdsouza | Owner: anonymous
Type: defect | Status: new
Priority: highest omg bbq | Milestone: 2.5
Component: Security | Version:
Severity: critical | Resolution:
Keywords: reporter-feedback |
-------------------------------+--------------------------------------------
Comment (by darkdragon):
Well, since I'm not a security expert, I'm not quite sure if this if valid
or not. I keep thinking of a possible system, but you would almost have to
have PHP extension support for this kind of thing.
Building Web Database Logic into a PHP extension is probably just asking
for more work than it is worth it.
Any smarter person can explain how the ticket can be prevented? I would be
willing to make a patch if it is within my ability to do so.
--
Ticket URL: <http://trac.wordpress.org/ticket/5564#comment:6>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list