[wp-trac] [WordPress Trac] #5427: WordPress should not include a
file
indicated by a URL query string that has not been specified in an
add_submenu_page call
WordPress Trac
wp-trac at lists.automattic.com
Thu Dec 6 15:00:52 GMT 2007
#5427: WordPress should not include a file indicated by a URL query string that
has not been specified in an add_submenu_page call
----------------------------+-----------------------------------------------
Reporter: johnbillion | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.5
Component: Administration | Version: 2.3.1
Severity: normal | Keywords: add_submenu_page needs-patch
----------------------------+-----------------------------------------------
Brought up on wp-hackers: http://comox.textdrive.com/pipermail/wp-
hackers/2007-November/016405.html
It's possible to include any file within the plugins directory into the
admin interface simply by passing the filename as the `page` parameter to
any file within wp-admin.
Steps to reproduce:
1. Login to your WordPress admin panel and visit the following URL:
`www.yourblog.com/wp-admin/edit.php?page=hello.php`
2. The file `wp-content/plugins/hello.php` will be include()-ed and will
be in the scope of all the WordPress functions.
Try it with any file you have in your plugins directory. The activation
status of a plugin is irrelevant as any file within the plugins directory
can be included, including those in subdirectories (eg.
`akismet/akismet.php`).
Only files that have been specified as the file paramemeter in
`add_submenu_page` (or any of the wrapper functions) should be included
via the page parameter in wp-admin.
--
Ticket URL: <http://trac.wordpress.org/ticket/5427>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list