[wp-trac] [WordPress Trac] #23012: Refresh the code for the default widgets
WordPress Trac
noreply at wordpress.org
Fri Jul 3 13:43:12 UTC 2015
#23012: Refresh the code for the default widgets
-------------------------------------------------+-------------------------
Reporter: Viper007Bond | Owner: chriscct7
Type: enhancement | Status: reviewing
Priority: normal | Milestone: Future
Component: Widgets | Release
Severity: normal | Version: 3.5
Keywords: good-first-bug has-patch dev- | Resolution:
feedback | Focuses:
-------------------------------------------------+-------------------------
Comment (by toscho):
Replying to [comment:22 ocean90]:
> That's true, but in WordPress core we trust translations, see recent
discussion in #30724.
That’s a very, very bad idea. WP has no control over the final location of
the language files and their content. A simple symlink placed by an
attacker on a self-hosted installation can replace the file already. See
http://wordpress.stackexchange.com/a/138677/73
--
Ticket URL: <https://core.trac.wordpress.org/ticket/23012#comment:23>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list