[wp-trac] [WordPress Trac] #29335: change wp-admin/wp-content/wp-includes by a variable in the code
WordPress Trac
noreply at wordpress.org
Sat Aug 23 13:58:00 UTC 2014
#29335: change wp-admin/wp-content/wp-includes by a variable in the code
--------------------------+------------------------------
Reporter: Neustradamus | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: trunk
Severity: blocker | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by georgestephanis):
Howdy, and thanks for the bug report!
Could you explain how this is a security issue, in your opinion, let alone
a blocker?
Also, could you refer to specific examples in the codebase that you're
referring to? WPINC is a folder name, but a hardcoded constant in core,
and could be used in filesystem paths and urls. WP_ADMIN_DIR isn't
actually a thing, because core doesn't support relocating the `wp-admin`
directory like it supports relocating the `wp-content` directory -- hence
the need for WP_CONTENT_DIR -- which is the full path, not just the folder
name like WPINC is.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/29335#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list