[wp-trac] [WordPress Trac] #45773: Full Path Disclosure if we access the file directly
WordPress Trac
noreply at wordpress.org
Wed Dec 26 17:28:17 UTC 2018
#45773: Full Path Disclosure if we access the file directly
--------------------------+--------------------------------------------
Reporter: alishanvr | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: | Focuses: performance, coding-standards
--------------------------+--------------------------------------------
Comment (by alishanvr):
Here is the Error image.
[https://prnt.sc/lztcry]
Replying to [ticket:45773 alishanvr]:
> Hi,
>
> Today I found that if we hit direct access to [http://wp-example.com/wp-
includes/functions.php] then it discloses the full path. Because when we
try to access this file directly then at that time **ABSPATH** and
**WPINC** are not defined and the system sends the error.
>
> I have fixed this issue in the patch. Please review.
>
> Thank You,
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45773#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list