[wp-trac] [WordPress Trac] #46742: Path Disclosure issue via Media Uploader
WordPress Trac
noreply at wordpress.org
Sun Mar 31 18:26:05 UTC 2019
#46742: Path Disclosure issue via Media Uploader
--------------------------+-----------------------
Reporter: chitran | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: Media | Version: 5.1
Severity: minor | Resolution:
Keywords: 2nd-opinion | Focuses:
--------------------------+-----------------------
Changes (by joemcgill):
* keywords: => 2nd-opinion
Comment:
@chitran I've also tested on several environments with `display_errors`
turned off using a PNG file modified exactly as you have described. I can
get the warning to display by either ensuring that PHP `display_errors` is
true/on or if I set both `WP_DEBUG` and `WP_DEBUG_DISPLAY` to true (note
that the latter is `true` by default).
I'll wait for a second opinion, but this seems like a configuration issue
where any warning will display and is not something that we specifically
guard against.
I'll also reiterate that if you think you found a security issue, you
should report it as outlined in the
[https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/ Security FAQ] and not here.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46742#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list