[wp-trac] [WordPress Trac] #12988: Modify wp-load.php to search for wp-config.php 2 directories higher
WordPress Trac
wp-trac at lists.automattic.com
Tue Apr 13 22:42:00 UTC 2010
#12988: Modify wp-load.php to search for wp-config.php 2 directories higher
--------------------------------+-------------------------------------------
Reporter: chipbennett | Owner: ryan
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: wontfix
Keywords: wp-load, wp-config |
--------------------------------+-------------------------------------------
Comment(by sivel):
Replying to [comment:8 chipbennett]:
> So, it doesn't hurt anything to cater to that use case, because the more
common use case is the first conditional. Why wouldn't that apply here,
also?
One of the topics we discussed before marking this as wontfix was "To what
end?". When do we draw the line to say, ok this many directories is too
many. We made the change to originally to fill a technical need and not a
security need. If we decide today to allow it 2 directories up, tomorrow
someone will want it three.
> Not a bad solution in the short-term. But, isn't it just as server-
intensive - just using an include, instead of a file-search if-statement?
Honestly, it is not as server intensive, and as far as my last comment I
think this is a very valid solution.
> I also wonder how necessary it is to verify wp-settings.php doesn't also
exist with wp-config.php when searching in higher-up directories? That
would be an even more esoteric use case, no?
The reason we check for wp-settings.php is in case that you install WP in
a sub-directory of another WP install, we don't want it use the wp-
config.php from the parent install.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12988#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list