[wp-trac] [WordPress Trac] #12988: Modify wp-load.php to search for wp-config.php 2 directories higher

WordPress Trac wp-trac at lists.automattic.com
Tue Apr 13 21:44:07 UTC 2010


#12988: Modify wp-load.php to search for wp-config.php 2 directories higher
--------------------------------+-------------------------------------------
 Reporter:  chipbennett         |        Owner:  ryan   
     Type:  enhancement         |       Status:  closed 
 Priority:  normal              |    Milestone:         
Component:  Security            |      Version:         
 Severity:  normal              |   Resolution:  wontfix
 Keywords:  wp-load, wp-config  |  
--------------------------------+-------------------------------------------

Comment(by nacin):

 My quotation actually deserves more context, as that's a relatively common
 setup.

 > Note that if you did this, it would cause an extra file seek on each and
 every page load.
 It only would if it didn't find one at the root or one level up. Point is,
 any blog using two levels up means it will go through two false ==
 file_exists checks. We could instead simply keep going one level up in
 search of wp-config until we hit a wall or find one.

 Actually, double those numbers, as we also need to check for wp-
 settings.php to make sure the wp-config a level up isn't part of another
 WP install. So two levels up is four file exists checks on every load.

 That said, I vote for wontfix. Being on one side of public_html is
 generally not where you need to concentrate your security on. And doing
 what I've suggested above is just encouraging wasteful performance. If the
 user is going to follow a tutorial to move wp-config up two or three or
 more directories, then they should instead mow down wp-config.php to just
 including a file up a few levels, or use a symlink.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/12988#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list