[wp-trac] [WordPress Trac] #60237: Fatal error when someone opens "/wp-includes/blocks" or "/wp-includes/blocks/index.php" directly
WordPress Trac
noreply at wordpress.org
Mon Jan 29 01:52:34 UTC 2024
#60237: Fatal error when someone opens "/wp-includes/blocks" or "/wp-
includes/blocks/index.php" directly
-------------------------------------+---------------------------
Reporter: akrocks | Owner: rajinsharwar
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Editor | Version: 5.5
Severity: normal | Resolution: wontfix
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+---------------------------
Changes (by peterwilsoncc):
* status: assigned => closed
* resolution: => wontfix
* milestone: 6.5 =>
Comment:
There have been a number of similar reports to this in the past. Similar
errors also happen in many other `wp-includes/*.php` and `wp-
admin/includes/*.php` files.
However, [https://make.wordpress.org/core/handbook/testing/reporting-
security-vulnerabilities/#why-are-there-path-disclosures-when-directly-
loading-certain-files this is not a security issue], nor is it something
that's intended to be "fixed" as it's not encountered during "standard
usage". As such, I'll close the ticket as `wontfix` (trac's term to
indication no action is planned).
If WordPress is used on a production server, error displaying should be
disabled, and/or direct access to the PHP files in the above directories
should be disabled.
Some previous discussions: #35835, #38317.
Some other related tickets: #10367, #18715, #30103, #30806, #31663,
#47154, #47945.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60237#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list