[wp-trac] Re: [WordPress Trac] #9185: cordon off all non-entry points from the public

WordPress Trac wp-trac at lists.automattic.com
Mon Feb 23 19:55:24 GMT 2009

#9185: cordon off all non-entry points from the public
 Reporter:  jidanni          |       Owner:  ryan                    
     Type:  feature request  |      Status:  new                     
 Priority:  normal           |   Milestone:  2.9                     
Component:  Security         |     Version:  2.7                     
 Severity:  normal           |    Keywords:  2nd-opinion dev-feedback

Comment(by jidanni):

 Even arbitrary execution of my well intentioned
 jammed an error message into a <title>

 <title><br /> <b>Fatal error</b>: Call to undefined function
 wp_title() in

 One might imagine longer such strings ending up in <title>s etc.
 crashing people browsers or overflowing stacks leading to arbitrary
 code execution...

 Firefox was immune but emacs-w3m fell for it.

 Then of course there are poorly written 3rd party plugins, or maybe
 even with backdoors using overflows and <script> etc. achieving XSS
 and other things over my head, (so sorry for the FUD if I'm wrong.)

 Or perhaps just a one-liner that when executed prints wp-config.php,
 exposing passwords.

 OK, all of this could be done by different routes, except maybe the

 Anyway, mainly I notice !MediaWiki even has a includes/FakeTitle.php
 * Fake title class that triggers an error if any members are called
 which I don't understand, but implies that !MediaWiki are serious about
 It is some kind of double entry point protection...

Ticket URL: <http://core.trac.wordpress.org/ticket/9185#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list