[wp-trac] [WordPress Trac] #17601: Fatal Errors at URLs Such As canonical.php
WordPress Trac
wp-trac at lists.automattic.com
Tue May 31 02:26:54 UTC 2011
#17601: Fatal Errors at URLs Such As canonical.php
--------------------------+------------------------------
Reporter: miqrogroove | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: trivial | Resolution:
Keywords: |
--------------------------+------------------------------
Comment (by dd32):
as azaozz mentions, there was a previous ticket for this, closed as
wontfix/invalid.
The reason put forward for adding it was to prevent the "security problem"
of path disclosure. From memory, it was decided that path disclosure was
not a classified as a security vulnerability to WordPress.
The other reason mentioned was showing errors to users, This was ignored
too, citing the fact that it's poor server setup to have display errors on
on a production server.
Issue at hand is the errors being logged, but the real question is, why
are the files being hit in the first place? That shouldn't happen, links
will never be generated to the files. /wp-includes/index.php doesnt exist
however, leading to that entire folder being indexed by google in some
cases (which
[http://www.google.com/search?hl=en&client=opera&hs=4Ba&rls=en&q=intitle%3A%22Index+Of%22+inurl
%3Awp-includes&aq=f&aqi=&aql=&oq= does happen]), this will cause Search
Engines to index the contents of these files, leading to the errors being
logged.
So the only problem I see here at all, is wp-includes being indexed.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17601#comment:15>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list