WordPress.org

Make WordPress Core

#24561 closed defect (bug) (duplicate)

wp-settings does not check if ABSPATH is defined

Reported by: tivnet Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

I believe, something like this should appear at the beginning of wp-settings.php:

if ( !defined('ABSPATH') ) {
 die;
}
  • Obviously, those lines won't work without the above validation:
require( ABSPATH . WPINC . '/load.php' );
...
  • With php display errors turned on, calling this file directly may reveal some sensitive information.

Change History (1)

comment:1 ocean9010 months ago

  • Keywords needs-patch removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #10367.

Note: See TracTickets for help on using tickets.