[wp-trac] [WordPress Trac] #45773: Full Path Disclosure if we access the file directly
WordPress Trac
noreply at wordpress.org
Wed Dec 26 19:03:48 UTC 2018
#45773: Full Path Disclosure if we access the file directly
--------------------------+------------------------
Reporter: alishanvr | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: duplicate
Keywords: | Focuses:
--------------------------+------------------------
Changes (by swissspidy):
* status: new => closed
* focuses: performance, coding-standards =>
* resolution: => duplicate
* milestone: Awaiting Review =>
Comment:
Hi @alishanvr and welcome to WordPress Trac!
This has come up many times before, for example in #36177, #30806, and
most recently in #44700.
Path disclosure is a server configuration problem. Never enable
`display_errors` on a production site. See
[https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/ Security FAQ].
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45773#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list