Context Navigation

← Previous Ticket
Next Ticket →

#18715 closed defect (bug) (wontfix)

Information disclosure issue in update.php

Reported by:	joostdevalk	Owned by:	joostdevalk
Priority:	normal	Milestone:
Component:	Security	Version:	3.3
Severity:	normal	Keywords:	has-patch
Cc:

Description

/wp-includes/update.php discloses the full path of the WP install, patch to fix that attached.

Attachments (1)

update-patch.diff (424 bytes) - added by joostdevalk 20 months ago.: Patch

Download all attachments as: .zip

Change History (2)

joostdevalk — 20 months ago

Attachment update-patch.diff added

Patch

comment:1 dd32 — 20 months ago

Milestone Awaiting Review deleted
Resolution set to wontfix
Status changed from new to closed

The same occurs in most of /wp-includes/*.php and /wp-admin/includes/*.php

However, this is not a security issue, nor is it something that intends on being "fixed" as it's not encountered during "standard usage". If WordPress is used on a production server, error displays should be disabled, and/or direct access to the php files in the above directories disabled.

Note: See TracTickets for help on using tickets.

Download in other formats: