[wp-trac] [WordPress Trac] #20195: Plugins uninstall.php
WordPress Trac
wp-trac at lists.automattic.com
Tue May 1 01:09:32 UTC 2012
#20195: Plugins uninstall.php
--------------------------+------------------------------
Reporter: wpsmith | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Plugins | Version:
Severity: major | Resolution:
Keywords: dev-feedback |
--------------------------+------------------------------
Comment (by nacin):
Replying to [comment:13 lightningspirit]:
> Indeed, there is no way to secure once one have access to the
environment. Perhaps we could do a "security by obscurity" to wp-load.php,
giving user the option to move wp-load.php one level above, as we
currently allow for wp-config.php.
Not really, because they could always include wp-blog-header, or index, or
other files. Remote "inclusion" of files is not a vulnerability. I don't
think allow_url_include does what you think it does.
Moving wp-config.php up one level is not there for security. It is to use
WordPress in its own folder, as an SVN external, with wp-config.php
sitting beside it.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20195#comment:15>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list