[wp-trac] [WordPress Trac] #53271: How to stop direct access wp-includes files
WordPress Trac
noreply at wordpress.org
Tue May 25 05:37:49 UTC 2021
#53271: How to stop direct access wp-includes files
----------------------------+-----------------------------
Reporter: classicalrehan | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: I18N | Version: 5.7.1
Severity: critical | Keywords:
Focuses: |
----------------------------+-----------------------------
Hi Team,
I am getting 500 error due to WordPress loopholes,
if someone trying to access directly this file then it's generating 500
error because in these below file wp extend another class "Walker" without
checking ABSPATH
if ( ! defined( 'ABSPATH' ) ) {
exit; // Exit if accessed directly
}
File: wp-includes/class-walker-nav-menu.php
File: wp-includes/class-walker-comment.php
File: wp-includes/class-walker-category-dropdown.php
The walker class include in wp via wp-settings.php but in my case user are
directly access file
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53271>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list