[wp-trac] [WordPress Trac] #31663: wp-login.php - Cannot modify header information
WordPress Trac
noreply at wordpress.org
Tue Mar 17 15:02:37 UTC 2015
#31663: wp-login.php - Cannot modify header information
------------------------------------+----------------------
Reporter: cashbox0815 | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Login and Registration | Version: 4.1.1
Severity: normal | Resolution: invalid
Keywords: | Focuses:
------------------------------------+----------------------
Changes (by nacin):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Hi cashbox0815, there is no way for us to hide every full-path disclosure
that could be triggered by WordPress or a theme or a plugin (short of a
auto prepend file) without resorting the rule that display_errors must
never be enabled on a production site.
IMO, file paths are guessable 99% of the time anyway and leaking them
doesn't really matter. Regardless: display_errors must never be enabled on
a production site.
If we leak a path even with display_errors turned off (this has happened
before, such as in an error message), then we'll gladly fix it.
Thank you for your report. Please email security at wordpress.org next time
(as the new ticket form requests in multiple places, including a checkbox
you had to click).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31663#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list