[wp-trac] Re: [WordPress Trac] #5564: Non Plugin Files Cab Be
Easily Included In Current Plugins using database Manipulation
WordPress Trac
wp-trac at lists.automattic.com
Mon Feb 4 14:58:46 GMT 2008
#5564: Non Plugin Files Cab Be Easily Included In Current Plugins using database
Manipulation
-------------------------------+--------------------------------------------
Reporter: keithdsouza | Owner: anonymous
Type: enhancement | Status: new
Priority: normal | Milestone: 2.6
Component: General | Version:
Severity: normal | Resolution:
Keywords: reporter-feedback |
-------------------------------+--------------------------------------------
Changes (by pishmishy):
* component: Security => General
Comment:
I'm moving it from the Security component. There may be extra checks that
could be done here but none will remove the security risk. A malicious
theme could just manipulate the database directly I'm sure, and we accept
that risk.
--
Ticket URL: <http://trac.wordpress.org/ticket/5564#comment:9>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list