#27102: Input validation on wp-admin/update.php in line 87
--------------------------+-----------------------------
Reporter: OswaldoMG | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.5.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Improper Control of Filename for Include/Require Statement
The PHP code receives user-supplied input but does not properly restrict
the input before using it in require(), include(), or similar functions.
This can allow an attacker to specify a URL to a remote location from
which the application will retrieve code and execute it.
Found by static analysis application.
{{{
82 if ( isset($_GET['failure']) ){
83 echo '<p>' . __('Plugin failed to reactivate due to a
fatal error.') . '</p>';
84
85 error_reporting( E_CORE_ERROR | E_CORE_WARNING |
E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR |
E_USER_WARNING | E_RECOVERABLE_ERROR );
86 @ini_set('display_errors', true); //Ensure that Fatal
errors are displayed.
87 wp_register_plugin_realpath( WP_PLUGIN_DIR . '/' .
$plugin );
88 include( WP_PLUGIN_DIR . '/' . $plugin );
89 }
}}}
Recommendations: Do not allow untrusted input to be evaluated or otherwise
interpreted as code.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27102>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform