[wp-trac] Re: [WordPress Trac] #9750: setup-config.php is tainted by request data

WordPress Trac wp-trac at lists.automattic.com
Thu May 7 18:22:40 GMT 2009


#9750: setup-config.php is tainted by request data
--------------------------+-------------------------------------------------
 Reporter:  hakre         |       Owner:  ryan                 
     Type:  defect (bug)  |      Status:  new                  
 Priority:  normal        |   Milestone:  2.8                  
Component:  Security      |     Version:  2.8                  
 Severity:  normal        |    Keywords:  has-patch 2nd-opinion
--------------------------+-------------------------------------------------

Comment(by hakre):

 added the files i used for the seperated test.

 http://host/samedir/file.php :
 {{{
 Hello World, this is file.php ...
 hello world, this is otherfile.php!
 }}}

 http://host/samedir/file.php/ :
 {{{
 Warning: require_once(../samedir/otherfile.php) [function.require-once]:
 failed to open stream: No such file or directory in [...]\samedir\file.php
 on line 14

 Fatal error: require_once() [function.require]: Failed opening required
 '../samedir/otherfile.php' (include_path='.;[...]\pear') in
 [...]\samedir\file.php on line 14
 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/9750#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list