[wp-trac] [WordPress Trac] #42917: Add in htaccess
WordPress Trac
noreply at wordpress.org
Sat Dec 16 23:06:53 UTC 2017
#42917: Add in htaccess
-----------------------------+------------------------------
Reporter: gabrielmasson | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.9.1
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by jeremyescott):
Replying to [comment:2 joostdevalk]:
Anecdote, but:
Long story, customer needs to put some publicly accessible JSON files so
his game app can read info about in-app purchase options. So he made a
folder in his WP directory /steam/game-name/ and put a file called game-
name-iap.json in it. He then, from within his game, tried to CURL into
/steam, which failed 403 Forbidden, /steam/game-name, which failed, 403
Forbidden, and finally called me for help.
Those folders didn't have an index, so if I understand the original
report, that folder should be readable, right? It wasn't. But, after I
advised him to CURL directly into the file from the full path, so /steam
/game-name/game-name-iap.json, he could read the file.
So is this a problem, or is this an enhancement that extends already
present security?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42917#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list