[wp-trac] Re: [WordPress Trac] #5262: Theme editor should allow
creation of files.
WordPress Trac
wp-trac at lists.automattic.com
Sat Oct 27 04:50:39 GMT 2007
#5262: Theme editor should allow creation of files.
--------------------------------------+-------------------------------------
Reporter: youngmicroserf | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone: 2.5
Component: Administration | Version: 2.3
Severity: minor | Resolution:
Keywords: admin theme theme-editor |
--------------------------------------+-------------------------------------
Comment (by jaredbangs):
I think it's probably a bad idea for any directory in the wp install to be
writable, because of similar issues to those we discussed recently in
#5174.
Of course you have to allow the uploads directory to be writable if you
want to support uploads (from within WP), but even that opens up the
possibility of weird stuff happening by a misbehaved plugin.
It's kind of a mute point in most cases, I guess, though, since I suspect
that for most WP installs the directories are all left writable by the web
server, and most people probably also don't inspect all the plugin code
they add to their blogs to make sure they're not doing something nasty.
I'm actually a bit surprised that I haven't heard of plugins and/or themes
doing stuff like this, but I guess the whole sponsored theme thing
recently was similar, in terms of what lengths they were going to to try
to cover their tracks.
--
Ticket URL: <http://trac.wordpress.org/ticket/5262#comment:9>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list