Opened 7 years ago
Closed 7 years ago
#24561 closed defect (bug) (duplicate)
wp-settings does not check if ABSPATH is defined
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | General | Keywords: | |
| Focuses: | Cc: |
Description
I believe, something like this should appear at the beginning of wp-settings.php:
if ( !defined('ABSPATH') ) {
die;
}
- Obviously, those lines won't work without the above validation:
require( ABSPATH . WPINC . '/load.php' ); ...
- With php display errors turned on, calling this file directly may reveal some sensitive information.
Change History (1)
Note: See
TracTickets for help on using
tickets.
Duplicate of #10367.