Opened 13 years ago
Closed 13 years ago
#18715 closed defect (bug) (wontfix)
Information disclosure issue in update.php
Reported by: | joostdevalk | Owned by: | joostdevalk |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.3 |
Component: | Security | Keywords: | has-patch |
Focuses: | Cc: |
Description
/wp-includes/update.php discloses the full path of the WP install, patch to fix that attached.
Attachments (1)
Change History (2)
#1
@
13 years ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
The same occurs in most of /wp-includes/*.php and /wp-admin/includes/*.php
However, this is not a security issue, nor is it something that intends on being "fixed" as it's not encountered during "standard usage". If WordPress is used on a production server, error displays should be disabled, and/or direct access to the php files in the above directories disabled.
Note: See
TracTickets for help on using
tickets.
Patch