[wp-trac] [WordPress Trac] #41597: Language pack download requires too broad file system permissions
WordPress Trac
noreply at wordpress.org
Fri Aug 11 04:11:47 UTC 2017
#41597: Language pack download requires too broad file system permissions
-----------------------------+------------------------------
Reporter: kpumuk | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses: administration
-----------------------------+------------------------------
Comment (by marsjaninzmarsa):
Need to remember that language packs are not just pomo files, it may also
contain PHP files with permissions to run arbitrary code. Not sure how
exactly it's related to above, but security measures should be same as
with themes/plugins.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/41597#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list