[wp-trac] Re: [WordPress Trac] #7417: Theme preview fails when Theme forlder contain "."(dot)

WordPress Trac wp-trac at lists.automattic.com
Tue Jul 29 16:59:19 GMT 2008


#7417: Theme preview fails when Theme forlder contain "."(dot)
----------------------------+-----------------------------------------------
 Reporter:  supremecolor    |        Owner:  anonymous
     Type:  defect          |       Status:  new      
 Priority:  normal          |    Milestone:  2.7      
Component:  Template        |      Version:  2.6      
 Severity:  normal          |   Resolution:           
 Keywords:  theme, preview  |  
----------------------------+-----------------------------------------------
Changes (by santosj):

  * milestone:  => 2.7

Comment:

 Security? The exploit I can think of is
 '../../../to/public/folder/with/whatever/'. Periods are legal in folder
 names. '../' Should be stripped, not '.'.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/7417#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list