[wp-trac] Re: [WordPress Trac] #1038: Limit access to php files
WordPress Trac
wp-trac at lists.automattic.com
Tue Apr 29 10:27:29 GMT 2008
#1038: Limit access to php files
-----------------------------+----------------------------------------------
Reporter: anonymousbugger | Owner: matt
Type: defect | Status: reopened
Priority: normal | Milestone:
Component: Security | Version: 2.5
Severity: normal | Resolution:
Keywords: needs-patch |
-----------------------------+----------------------------------------------
Comment (by thenlich):
Setting display_errors = 0 is a workaround, which is not always possible,
as it requires write access to php.ini. And shared servers do exist, so it
is a real problem.
Admittedly, the path info disclosure is not an exploitable security hole
by itself (only in combination with other defects), so instead of
"wontfix" I recommend changing this into an enhancement rather than a
defect.
Do not recommend to close the ticket simply because a workaround exists.
--
Ticket URL: <http://trac.wordpress.org/ticket/1038#comment:19>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list