[wp-trac] [WordPress Trac] #27103: Input validation on wp-settings.php in line 311
WordPress Trac
noreply at wordpress.org
Tue Feb 11 21:40:03 UTC 2014
#27103: Input validation on wp-settings.php in line 311
--------------------------+-----------------------------
Reporter: OswaldoMG | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.5.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Improper Control of Filename for Include/Require Statement
The PHP application receives user-supplied input but does not properly
restrict the input before using it in require(), include(), or similar
functions. This can allow an attacker to specify a URL to a remote
location from which the application will retrieve code and execute it.
Found by static analysis application.
{{{
308 $locale = get_locale();
309 $locale_file = WP_LANG_DIR . "/$locale.php";
310 if ( ( 0 === validate_file( $locale ) ) && is_readable( $locale_file
) )
311 require( $locale_file );
312 unset( $locale_file );
313
314 // Pull in locale data after loading text domain.
315 require_once( ABSPATH . WPINC . '/locale.php' );
}}}
Recommendations: Do not allow untrusted input to be evaluated or otherwise
interpreted as code.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27103>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list