Opened 2 years ago

Last modified 2 years ago

#16410 new defect (bug)

Open basedir problem in /wp-includes/theme.php

Reported by: webraket Owned by:
Priority: normal Milestone: Future Release
Component: Themes Version: 3.0.4
Severity: normal Keywords: has-patch
Cc: westi

Description

On line 590 in theme.php there's:

if ( is_dir($theme_root . '/' . $theme_dir) && is_readable($theme_root . '/' . $theme_dir) ) {

please change this to:

if ( $theme_dir!=".." && is_dir($theme_root . '/' . $theme_dir) && is_readable($theme_root . '/' . $theme_dir) ) {

is_dir() should not check .. and . folders, this results in open basedir errors when sharing themes between multiple installs. (symlinked)

Attachments (1)

16410.diff (3.7 KB) - added by solarissmoke 2 years ago.

Download all attachments as: .zip

Change History (5)

comment:1   solarissmoke2 years ago

  • Keywords has-patch added

comment:2 follow-up: ↓ 4   westi2 years ago

  • Cc westi added
  • Keywords needs-patch added; has-patch removed
  • Milestone changed from Awaiting Review to Future Release
  • Severity changed from major to normal

We should more likely move the check for . and CVS before the if is_dir check and include .. (and probably .svn) in the list of dirs to skip

comment:3   dd322 years ago

Can we drop CVS out of it when adding .svn?

comment:4 in reply to: ↑ 2   solarissmoke2 years ago

  • Keywords has-patch added; needs-patch removed

Patch updated as per westi's and dd32's comments above. I realised we don't need to check for '..' or even '.svn' specifically because we were already checking for $theme_dir[0] == '.', just needed to move it in front of the is_dir check.

Last edited 2 years ago by solarissmoke (previous) (diff)

solarissmoke2 years ago

Note: See TracTickets for help on using tickets.