[wp-trac] Re: [WordPress Trac] #1038: Limit access to php files
WordPress Trac
wp-trac at lists.automattic.com
Tue Nov 21 21:21:45 GMT 2006
#1038: Limit access to php files
-----------------------------+----------------------------------------------
Reporter: anonymousbugger | Owner: matt
Type: defect | Status: closed
Priority: lowest | Milestone:
Component: Security | Version: 2.0.2
Severity: trivial | Resolution: wontfix
Keywords: needs-patch |
-----------------------------+----------------------------------------------
Changes (by foolswisdom):
* keywords: bg|needs-patch => needs-patch
* status: assigned => closed
* resolution: => wontfix
* milestone: 2.1 =>
Comment:
Closing ticket as WONTFIX. Ticket has not been updated in 7 months.
It seems two issues are discussed in this bug:[[br]]
1. What if I web server problem resulted in served up php files being
displayed in plain text, specifically wp-config.php [[br]]
2. Source php files in wp-include being directly called for malicious
purposes
The discussion has not resulted in any patches, though it sounds like ```
<?php defined('__WP__') || die(''); ``` would be accepted for the
appropriate php files.
Changing to enhancement b/c no real issue shown to be defective. As the
priority of "lowest" reflects, and the lack of recent "progress", does not
seem worth keeping this ticket open longer.
--
Ticket URL: <http://trac.wordpress.org/ticket/1038#comment:16>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list