[wp-trac] [WordPress Trac] #21981: Securing the uploads directory

WordPress Trac wp-trac at lists.automattic.com
Mon Sep 24 11:00:42 UTC 2012


#21981: Securing the uploads directory
-------------------------+----------------------
 Reporter:  japh         |       Owner:
     Type:  enhancement  |      Status:  closed
 Priority:  normal       |   Milestone:
Component:  Upload       |     Version:
 Severity:  normal       |  Resolution:  wontfix
 Keywords:               |
-------------------------+----------------------

Comment (by dd32):

 Replying to [comment:4 sirzooro]:
 > What about wrapping these directives in `<IfModule> </IfModule>`?

 my only thoughts there are
 * mod_php.c vs mod_php5.c  vs mod_suphp.c  (although I'm sure 2 of them
 are more common than the other variations)
 * would mean different behaviour between different hosts
 * .php files shouldn't end up in the uploads directory to start with, if a
 select group of WordPress installations were to start having that
 behaviour, I can almost assure you that some plugins would rely upon it,
 leading to issues for others.

 but more of that last one, rather than looking at the problem, solve the
 cause, why would .php files end up in the upload directory in most cases?

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21981#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list