[wp-trac] [WordPress Trac] #18852: Nginx rewrite rules
WordPress Trac
wp-trac at lists.automattic.com
Tue Jul 24 21:09:39 UTC 2012
#18852: Nginx rewrite rules
-------------------------------------+--------------------------
Reporter: johnbillion | Owner: johnbillion
Type: enhancement | Status: accepted
Priority: normal | Milestone: 3.5
Component: Rewrite Rules | Version: 3.3
Severity: normal | Resolution:
Keywords: has-patch needs-testing |
-------------------------------------+--------------------------
Changes (by brianlayman):
* cc: Brian@… (added)
Comment:
I think what is listed in this ticket is fine, but I want to raise
awareness of the dangers of the try_files simply tossing all traffic that
ends in .php over to be processed by fastcgi/whatever.
In some configurations a constructed url along the lines of :
http://example.com/wp-content/uploads/2012/1/1/notrealla.jpg/.php
will allow the file notrealla.jpg to be sent to the php engine for
processing. In that way a php file can be uploaded as a .jpg and then
executed.
That's described here: http://forum.nginx.org/read.php?2,124297,page=1
Also I haven't seen anyone reference the official pange nginx has
describing configuration WordPress:
http://wiki.nginx.org/Wordpress
That config works quite well.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18852#comment:18>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list