[wp-trac] [WordPress Trac] #18715: Information disclosure issue in update.php
WordPress Trac
wp-trac at lists.automattic.com
Tue Sep 20 08:20:01 UTC 2011
#18715: Information disclosure issue in update.php
--------------------------+--------------------------
Reporter: joostdevalk | Owner: joostdevalk
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 3.3
Severity: normal | Resolution: wontfix
Keywords: has-patch |
--------------------------+--------------------------
Changes (by dd32):
* status: new => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
The same occurs in most of /wp-includes/*.php and /wp-admin/includes/*.php
However,
[http://codex.wordpress.org/FAQ_Security#Why_are_there_path_disclosures_when_directly_loading_certain_files.3F
this is not a security issue], nor is it something that intends on being
"fixed" as it's not encountered during "standard usage". If !WordPress is
used on a production server, error displays should be disabled, and/or
direct access to the php files in the above directories disabled.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18715#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list