Opened 14 years ago
Closed 11 years ago
#16410 closed defect (bug) (duplicate)
Open basedir problem in /wp-includes/theme.php
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.0.4 |
Component: | Themes | Keywords: | has-patch |
Focuses: | Cc: |
Description
On line 590 in theme.php there's:
if ( is_dir($theme_root . '/' . $theme_dir) && is_readable($theme_root . '/' . $theme_dir) ) {
please change this to:
if ( $theme_dir!=".." && is_dir($theme_root . '/' . $theme_dir) && is_readable($theme_root . '/' . $theme_dir) ) {
is_dir() should not check .. and . folders, this results in open basedir errors when sharing themes between multiple installs. (symlinked)
Attachments (1)
Change History (6)
#2
follow-up:
↓ 4
@
14 years ago
- Cc westi added
- Keywords needs-patch added; has-patch removed
- Milestone changed from Awaiting Review to Future Release
- Severity changed from major to normal
#4
in reply to:
↑ 2
@
14 years ago
- Keywords has-patch added; needs-patch removed
Patch updated as per westi's and dd32's comments above. I realised we don't need to check for '..'
or even '.svn'
specifically because we were already checking for $theme_dir[0] == '.'
, just needed to move it in front of the is_dir
check.
Note: See
TracTickets for help on using
tickets.
We should more likely move the check for . and CVS before the if is_dir check and include .. (and probably .svn) in the list of dirs to skip