[wp-trac] [WordPress Trac] #31779: Warn users before using a built-in file editor for the first time

WordPress Trac noreply at wordpress.org
Sun Apr 12 21:06:18 UTC 2015 

#31779: Warn users before using a built-in file editor for the first time
-------------------------+---------------------------------
 Reporter:  helen        |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Editor       |     Version:
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:  ui, administration
-------------------------+---------------------------------

Comment (by magicroundabout):

 I should add that @nacin was involved in an exchange on Twitter on this
 topic.

 His stance was that the plugin and theme upload capability posed as much
 of a threat as the editors. I said that that may be true, but the
 uploaders aren't (in my experience, at least) being exploited. To which
 his response was that it's an arms race. Which I take to mean that if we
 lock down the editors then they'll head to the uploaders for their
 exploits.

 (I hope this is an accurate interpretation of that conversation -
 apologies to Andrew if I've misrepresented his view)

 I don't really have a response to the arms war comment. I think he's
 right. But I also think @brocheafoin is right in his new-but-closed
 ticket: the editors aren't actually much help anyway and end up getting
 users into trouble.

 I think what I'd like to see here is a more informed and creative
 conversation about both the editors and the uploaders. If these are
 frequently exploited (or exploitable) functions from a security point of
 view, and cause users pain as much as they help them, then let's find some
 better solutions, as I don't feel like education is enough.  I think (but
 I have no proof) that if you put a "This thing is dangerous and here's
 why" warning on the page, people will ignore it, as much as they ignore
 terms and conditions.

 Some of my previous questions stand:
  - what are the usage stats for the editors?
  - is there any evidence that users will miss them?
  - could we come up with some way of ensuring that code modified through
 the editors is not malicious or broken?  e.g. If someone proposed
 including a linting process, or even syntax checking, before saving a PHP
 file, then that might help.

 But also I wonder if there are better ways to secure both the editor and
 uploader functions, or at the very least to monitor activity through them.
 Has use of a captcha (or honeypot, or similar) ever been discussed? Or
 some kind of re-verification? Or a log of changes so that hacks can be
 detected?  I'm not a security expert, so I don't know what the modern-day
 options are here for preventing unwanted changes.

 There seems to be acceptance that there is an issue here. The proposed
 solution is education/notification. I'd like to see some more options.
 Happy to be referred to a previous debate/discussion somewhere if this has
 already done the rounds.

 Thanks

--
Ticket URL: <https://core.trac.wordpress.org/ticket/31779#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list