Make WordPress Core

Opened 8 years ago

Closed 8 years ago

#13046 closed defect (bug) (worksforme)

System Path Disclosure

Reported by: lostsnow Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.9.2
Component: Themes Keywords:
Focuses: Cc:


GET /wp-content/themes/default/ or GET /wp-content/themes/default/footer.php etc.

then I'll see the system path like:

Fatal error: Call to undefined function get_header() in /home/lostsnow/www/lsproc/blog/wp-content/themes/default/index.php  on line 7

Change History (1)

#1 @nacin
8 years ago

  • Milestone Unassigned deleted
  • Priority changed from highest omg bbq to normal
  • Resolution set to worksforme
  • Severity changed from critical to normal
  • Status changed from new to closed

This is a "vulnerability" ultimately rooted in display_errors = 1.

Courtesy of the PHP manual:

Note: This is a feature to support your development and should never be used on production systems (e.g. systems connected to the internet).

Note: See TracTickets for help on using tickets.