[wp-trac] Re: [WordPress Trac] #6871: Plugins without headers don't
show in the plugins page, keeping some exploits hidden
WordPress Trac
wp-trac at lists.automattic.com
Fri May 2 00:52:37 GMT 2008
#6871: Plugins without headers don't show in the plugins page, keeping some
exploits hidden
-----------------------------------------------------+----------------------
Reporter: guillep2k | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.5.2
Component: Security | Version: 2.5
Severity: critical | Resolution:
Keywords: exploit security has-patch dev-feedback |
-----------------------------------------------------+----------------------
Changes (by DD32):
* keywords: exploit security has-patch => exploit security has-patch
dev-feedback
Comment:
1. {{{substr($plugin,0,3) != '../'}}} is really not needed, Simply because
it should be caught by the other strpos IMO, ./../ is just as valid, and
as such, would be used by any more exploits.
1. {{{strpos($plugin,'/../') === false}}} That gets rid of the chance of
someone having multiple dots in the actual filename, But really, Who does
that? Granted, {{{strpos($plugin,'../')}}} might be a better option, As it
catches both cases 2 & 1
1. What about on Windows platforms? {{{C:\www\app\..\ }}} is valid, it
resolves to {{{C:\www\}}}
--
Ticket URL: <http://trac.wordpress.org/ticket/6871#comment:12>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list