[wp-trac] [WordPress Trac] #27101: Input Validation on wp-admin/plugins.php in line 147
WordPress Trac
noreply at wordpress.org
Tue Feb 11 21:29:30 UTC 2014
#27101: Input Validation on wp-admin/plugins.php in line 147
--------------------------+-----------------------------
Reporter: OswaldoMG | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.5.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Improper Control of Filename for Include/Require Statement
The PHP application receives user-supplied input but does not properly
restrict the input before using it in require(), include(), or similar
functions. This can allow an attacker to specify a URL to a remote
location from which the application will retrieve code and execute it.
Found by static analysis application.
{{{
143 @ini_set('display_errors', true); //Ensure that Fatal errors are
displayed.
144 // Go back to "sandbox" scope so we get the same errors as before
145 function plugin_sandbox_scrape( $plugin ) {
146 wp_register_plugin_realpath( WP_PLUGIN_DIR . '/' .
$plugin );
147 include( WP_PLUGIN_DIR . '/' . $plugin );
148 }
}}}
Recommendations: Do not allow untrusted input to be evaluated or otherwise
interpreted as code.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27101>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list