[wp-trac] [WordPress Trac] #42986: Insert default filters to wp_delete_file to don't delete core files.
WordPress Trac
noreply at wordpress.org
Thu Jun 28 15:39:22 UTC 2018
#42986: Insert default filters to wp_delete_file to don't delete core files.
-------------------------+-----------------------
Reporter: lenon | Owner: (none)
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: Media | Version: 4.9.1
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------+-----------------------
Changes (by lenon):
* status: closed => reopened
* resolution: wontfix =>
Comment:
The recently vulnerability published by ripstech (
https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/ )
could have been avoided if had accept implementation and use
wp_delete_file. I belive yet that wordpress need of option more security
to delete files.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42986#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list