[wp-trac] [WordPress Trac] #19330: Information disclosure in wp-app.php

WordPress Trac wp-trac at lists.automattic.com
Tue Nov 22 13:39:05 UTC 2011

#19330: Information disclosure in wp-app.php
 Reporter:  Ov3rfly       |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Security      |    Version:  3.2.1
 Severity:  normal        |   Keywords:
 /wp-app.php discloses the full url to admin-interface if AtomPub is
 disabled, line 285:
 // check to see if AtomPub is enabled
 if ( !get_option( 'enable_app' ) )
         $this->forbidden( sprintf( __( 'AtomPub services are disabled on
 this site.  An admin user can enable them at %s' ), admin_url('options-
 writing.php') ) );
 Suggested fix: Do not print output of admin_url('options-writing.php')

Ticket URL: <http://core.trac.wordpress.org/ticket/19330>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list