[wp-trac] [WordPress Trac] #12988: Modify wp-load.php to search for wp-config.php 2 directories higher

WordPress Trac wp-trac at lists.automattic.com
Tue Apr 13 22:21:40 UTC 2010


#12988: Modify wp-load.php to search for wp-config.php 2 directories higher
--------------------------------+-------------------------------------------
 Reporter:  chipbennett         |        Owner:  ryan   
     Type:  enhancement         |       Status:  closed 
 Priority:  normal              |    Milestone:         
Component:  Security            |      Version:         
 Severity:  normal              |   Resolution:  wontfix
 Keywords:  wp-load, wp-config  |  
--------------------------------+-------------------------------------------

Comment(by chipbennett):

 Replying to [comment:7 westi]:
 > The whole search a folder up feature was introduced for a specific use
 case - subversion managed installs where wordpress itself is an external.
 >
 So, it doesn't hurt anything to cater to that use case, because the more
 common use case is the first conditional. Why wouldn't that apply here,
 also?

 > If you were to want to place wp-config.php any higher than one directory
 you can easily do this by putting a dummy one in the normal place which
 includes the one you have stored elsewhere.
 >
 Not a bad solution in the short-term. But, isn't it just as server-
 intensive - just using an include, instead of a file-search if-statement?
 (I also wonder how necessary it is to verify wp-settings.php doesn't also
 exist with wp-config.php when searching in higher-up directories? That
 would be an even more esoteric use case, no?)

 > The only real benifit moving it out of public_html has is if the server
 stops processing php files otherwise you have no real benifit - you still
 need to have the file permissions correct and be on a host which stops
 people looking at each others files securely.

 It may be security-through-obscurity (which isn't really security at all),
 but doesn't moving wp-config outside of public_html make it just a bit
 harder to scan for it?

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/12988#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list