[wp-trac] [WordPress Trac] #35835: _deprecated_file undefined in rss-functions.php
WordPress Trac
noreply at wordpress.org
Mon Nov 16 23:09:07 UTC 2020
#35835: _deprecated_file undefined in rss-functions.php
-----------------------------------+------------------------
Reporter: thib3113 | Owner: whyisjake
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 5.6
Component: General | Version: 5.5
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion | Focuses:
-----------------------------------+------------------------
Comment (by williampatton):
Replying to [comment:18 SergeyBiryukov]:
> There are ~30 files in core with `_deprecated_file()`, why only this one
is being patched? Is there anything specific calling this file directly,
but not the others?
In my case it was a fuzzing bot that was calling the file directly. I
presume to get a file inclusion path disclosure of some kind but I can't
be sure of the motives.
> Should we try to address other instances too and edit the
[https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/#why-are-there-path-disclosures-when-directly-loading-
certain-files security handbook] accordingly?
I agree that we should try and address other instances too if they can
easily be identified. Today I only had this one file in my logs as being
accessed directly but in the past there have been some others (I recall
one being from ID3 library but I am certain there have been more over
time).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35835#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list