[wp-trac] [WordPress Trac] #21981: Securing the uploads directory
WordPress Trac
wp-trac at lists.automattic.com
Mon Sep 24 11:00:42 UTC 2012
#21981: Securing the uploads directory
-------------------------+----------------------
Reporter: japh | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Upload | Version:
Severity: normal | Resolution: wontfix
Keywords: |
-------------------------+----------------------
Comment (by dd32):
Replying to [comment:4 sirzooro]:
> What about wrapping these directives in `<IfModule> </IfModule>`?
my only thoughts there are
* mod_php.c vs mod_php5.c vs mod_suphp.c (although I'm sure 2 of them
are more common than the other variations)
* would mean different behaviour between different hosts
* .php files shouldn't end up in the uploads directory to start with, if a
select group of WordPress installations were to start having that
behaviour, I can almost assure you that some plugins would rely upon it,
leading to issues for others.
but more of that last one, rather than looking at the problem, solve the
cause, why would .php files end up in the upload directory in most cases?
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21981#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list