[wp-trac] [WordPress Trac] #41597: Language pack download requires too broad file system permissions
WordPress Trac
noreply at wordpress.org
Fri Aug 11 06:28:35 UTC 2017
#41597: Language pack download requires too broad file system permissions
-----------------------------+------------------------------
Reporter: kpumuk | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses: administration
-----------------------------+------------------------------
Comment (by SergeyBiryukov):
Replying to [comment:1 marsjaninzmarsa]:
> Need to remember that language packs are not just pomo files, it may
also contain PHP files with permissions to run arbitrary code.
Strictly speaking, language packs downloaded from translate.wordpress.org
do indeed contain only .po/.mo files.
Locale-specific PHP files like
[https://i18n.trac.wordpress.org/browser/sr_RS/tags/4.8/dist/wp-
content/languages/sr_RS.php sr_RS.php] are only present in packages
downloaded from local sites like https://sr.wordpress.org/ and are not
included in language packs.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/41597#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list