[wp-trac] [WordPress Trac] #10367: Assert the existence of ABSPATH in wp-settings.php
WordPress Trac
wp-trac at lists.automattic.com
Thu Jul 9 13:22:12 UTC 2009
#10367: Assert the existence of ABSPATH in wp-settings.php
--------------------------+-------------------------------------------------
Reporter: wet | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Security | Version:
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
wp-settings.php is publicly visible from an URL like http://example.com
/wp-settings.php and discloses web server internals like the absolute file
system path through PHP notices, as ABSPATH is not defined under such
circumstances:
{{{
Warning: require(ABSPATHwp-includes/compat.php) [function.require]: failed
to open stream: No such file or directory in /[...]/wp-settings.php on
line 246
}}}
Attached patch fixes this behaviour.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10367>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list