[wp-trac] [WordPress Trac] #18546: Add index.php to wp-includes and wp-admin/includes
WordPress Trac
wp-trac at lists.automattic.com
Wed Sep 5 17:30:39 UTC 2012
#18546: Add index.php to wp-includes and wp-admin/includes
------------------------------------+------------------------------
Reporter: SergeyBiryukov | Owner:
Type: enhancement | Status: reopened
Priority: low | Milestone: Awaiting Review
Component: Security | Version: 3.2
Severity: minor | Resolution:
Keywords: dev-feedback has-patch |
------------------------------------+------------------------------
Changes (by bpetty):
* severity: normal => minor
* cc: bpetty (added)
* component: General => Security
* priority: normal => low
* keywords: has-patch => dev-feedback has-patch
* type: defect (bug) => enhancement
Comment:
Replying to [comment:7 ericlewis]:
> I wonder if something can be done at the rewrite module level to nix
directory indexing.
I don't think this can be tackled with mod_rewrite rules. Folders
themselves can be requested from the server without a trailing slash, so
it would require conditionals to test if the requested resource is a
folder, and that could open up major performance problems for regular,
valid requests across the wp-content folder.
An alternative solution along this kind of thinking though would be using
"Options -Indexes" in .htaccess, however, many Apache server
configurations don't allow this in .htaccess. Using index.php is much more
effective. On the other hand, Apache won't complain if it sees this option
even though it can't be disabled (under AllowOverride None configurations
with +Indexes), so that couldn't hurt, but there also might be some plugin
that uses a folder under wp-content that is intended to be indexed, so
that might not be ideal either.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18546#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list