[wp-trac] Re: [WordPress Trac] #4759: Blank index.php in wp-content subdirs (proposal + bug patch)

WordPress Trac wp-trac at lists.automattic.com
Mon Aug 20 15:15:52 GMT 2007 

#4759: Blank index.php in wp-content subdirs (proposal + bug patch)
----------------------------------------------+-----------------------------
 Reporter:  ozh                               |        Owner:  anonymous  
     Type:  defect                            |       Status:  new        
 Priority:  normal                            |    Milestone:  2.3 (trunk)
Component:  Administration                    |      Version:             
 Severity:  normal                            |   Resolution:             
 Keywords:  index opendir security has-patch  |  
----------------------------------------------+-----------------------------
Changes (by Ozh):

  * keywords:  index opendir security => index opendir security has-patch
  * type:  enhancement => defect
  * component:  Security => Administration
  * severity:  trivial => normal
  * summary:  Blank index.php in wp-content subdirs => Blank index.php in
              wp-content subdirs (proposal + bug patch)

Comment:

 As of now there is a bug (feature?) making the Dashboard default page
 display the content of any 'index.php' that might exist in /wp-
 content/plugins/
 I think this is a bug because index.php might not be a plugin

 Here is a proposal for a fix of this behavior (sorry, I have nothing like
 svn or patch on the machine I'm on right now).

 1) A new function (in wp-admin/includes/plugins.php would be appropriate)

 {{{
 /**
  * Checks if a file is (seems to be) a plugin - Ozh
  * @param       string  $plugin_file    full path to a file
  * @return      boolean
  */
 function is_pluginfile($plugin_file) {
         if ( !is_readable( $plugin_file ) or substr($plugin_file, -4) !=
 '.php' )
                 return false;

         $plugin_data = get_plugin_data( $plugin_file );

         if ( empty ( $plugin_data['Name'] ) )
                 return false;

         return true;
 }
 }}}

 2) Changes to /wp-admin/menu-header.php

 Replace every ''file_exists'' with ''is_pluginfile''


 3) If this patch is accepted, function get_plugins() from /wp-
 admin/includes/plugins.php could use is_pluginfile() as well with an
 improved test on line 73:


 {{{
 line 73 --              if ( !is_readable( "$plugin_root/$plugin_file" ) )
 line 73 ++              if ( !is_pluginfile( "$plugin_root/$plugin_file" )
 )
 }}}

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4759#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list