[wp-trac] [WordPress Trac] #46689: Site Health: Your site is set to log errors to a potentially public file
WordPress Trac
noreply at wordpress.org
Fri Mar 29 11:28:44 UTC 2019
#46689: Site Health: Your site is set to log errors to a potentially public file
-------------------------------------------------+-------------------------
Reporter: knutsp | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Administration | Version: trunk
Severity: normal | Resolution:
Keywords: site-health has-patch has- | Focuses:
screenshots dev-feedback |
-------------------------------------------------+-------------------------
Changes (by knutsp):
* type: defect (bug) => enhancement
Comment:
Replying to [comment:3 xkon]:
> I don't know if there's a concrete way to check if the file is
accessible or not and be 100% certain. But that's why the wording of the
notice is like that as well I guess. In my opinion the users must know
that the file might be accessible depending on the overall setup of their
system, so I'd vote to leave this as is.
No way to be sure, as I know of.
But I don't like false positives, especially not under "Critical issues"
and labeled "Security". Ideally this should be under "Recommended
improvements" in the case I suggested, as it then is quite unlikely the
log file is public. Every possible, potential issue cannot be detected
anyway. It's about making it better, avoid setting off the alarm when
probably quite ok.
Related: #46692 (and where the patch should go)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46689#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list