[wp-trac] [WordPress Trac] #10367: Assert the existence of ABSPATH in wp-settings.php
WordPress Trac
wp-trac at lists.automattic.com
Tue Dec 22 10:15:06 UTC 2009
#10367: Assert the existence of ABSPATH in wp-settings.php
--------------------------+-------------------------------------------------
Reporter: wet | Owner: ryan
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: wontfix
Keywords: has-patch |
--------------------------+-------------------------------------------------
Changes (by westi):
* status: reopened => closed
* resolution: => wontfix
Comment:
Replying to [comment:4 wet]:
> In the light of the [http://core.trac.wordpress.org/changeset/11769
current] [http://core.trac.wordpress.org/changeset/11766 CYA]
[http://core.trac.wordpress.org/changeset/11761#file10 swoop], would this
patch be eventually reconsidered for commit?
Those changes were about checking capabilities and stopping the direct
load of admin files which shouldn't be called directly.
Adding these checks at the top of every file does not improve security and
as was said above you should not have error_reporting outputting to the
end-user on a live site.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10367#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list