[wp-trac] [WordPress Trac] #42986: Insert default filters to wp_delete_file to don't delete core files.
WordPress Trac
noreply at wordpress.org
Tue Jan 9 04:48:27 UTC 2018
#42986: Insert default filters to wp_delete_file to don't delete core files.
-------------------------+----------------------
Reporter: lenon | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Media | Version: 4.9.1
Severity: normal | Resolution: wontfix
Keywords: | Focuses:
-------------------------+----------------------
Changes (by dd32):
* status: new => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
Hey @lenon and welcome to Trac.
Thanks for submitting this, however, this doesn't seem like something
which is needed in WordPress.
My issues with this is:
* Plugins could bypass this by using `unlink()` directly
* We can't enforce plugins to use `wp_delete_file()`
* We can't prevent plugins from using `unlink()`.
* Plugins should not allow deletion of arbitrary files, if a plugin
allows for `wp_delete_file()` to be passed `ABSPATH` it's not sanitizing
it's input correctly.
I'm going to close this as `wontfix`, however, you can still reply and we
can re-open it if you can explain the benefits of adding this.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42986#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list