Ticket #10692 (closed defect (bug): fixed)
Do not allow unfiltered uploads for admins by default
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | 2.8.5 |
| Component: | Security | Version: | |
| Severity: | normal | Keywords: | upload |
| Cc: |
Description
When someone compromises an admin account, often one of the first things they do is upload some .php files. This is allowed because admin users have the unfiltered_upload capability. Perhaps this should be disallowed by default, with a wp-config define enabling it again. With this disallowed and all write permissions on files locked down, adding arbitrary code is much harder even when an admin account is compromised.
Attachments
-
10692.diff
(529 bytes) -
added by ryan 2 years ago.
Change History
+100
All users should be limited by the whitelist and admins should add filetypes to that with knowledge.
- Status changed from new to closed
- Resolution set to fixed
- Status changed from closed to reopened
- Resolution fixed deleted
Are you not missing a break in the case statement in the 2.8 patch ?
It happens to work without the break since an imaginary cap is inserted, but the break should be there. Well-spotted.
- Status changed from reopened to closed
- Resolution set to fixed
comment:10
snakefoot — 2 years ago
You are welcome :), I'm maintaining a Wordpress 2.0 installation while waiting for a blocking issue will be resolved. I monitor the code changes related to security issues to see if they are relevant for Wordpress 2.0.
