id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
9750	setup-config.php is tainted by request data	hakre	ryan	"just stumbeled over it and think this should be prevented: setup-config.php uses relative include pathes. those can be manipulated by adding an additional slash after .php in the requests URL:

Example: http://example.com/wp-admin/setup-config.php/?step=1

relative file pathes should be based on ABSPATH which is defined there as well.

"	defect (bug)	closed	lowest	2.8	Security	2.8	minor	fixed	has-patch