[wp-trac] [WordPress Trac] #19235: Turn ms-files.php off by default
WordPress Trac
wp-trac at lists.automattic.com
Mon Feb 20 00:32:17 UTC 2012
#19235: Turn ms-files.php off by default
-------------------------+--------------------
Reporter: nacin | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.4
Component: Security | Version: 3.3.1
Severity: critical | Resolution:
Keywords: 3.4-early |
-------------------------+--------------------
Changes (by juliobox):
* version: => 3.3.1
* component: Multisite => Security
* severity: normal => critical
Comment:
About Security, my view :
Test: http://hollywoodpq.com/wp-content/blogs.dir/2/files/obm-
gallery/widgetCache.php [[BR]]
Now just remove "wp-content/blogs.dir/2/" you got now: [[BR]]
New test: http://hollywoodpq.com/files/obm-gallery/widgetCache.php [[BR]]
[[BR]]
Php files are downloadables ? Damn . . .
What do you think about that ?
[[BR]]
''ps: Demo site found with google.''[[BR]]
,,''Julio - Web Security Consultant - boiteaweb.fr'',,
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19235#comment:25>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list