WordPress.org
Get WordPress

Make WordPress Core

Opened 11 years ago

Closed 11 years ago

#27102 closed defect (bug) (invalid)

Input validation on wp-admin/update.php in line 87

Reported by: oswaldomg's profile OswaldoMG Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.5.2
Component: General Keywords:
Focuses: Cc:

Description

Improper Control of Filename for Include/Require Statement

The PHP code receives user-supplied input but does not properly restrict the input before using it in require(), include(), or similar functions. This can allow an attacker to specify a URL to a remote location from which the application will retrieve code and execute it.

Found by static analysis application.


  82          if ( isset($_GET['failure']) ){
  83              echo '<p>' . __('Plugin failed to reactivate due to a fatal error.') . '</p>';
  84  
  85              error_reporting( E_CORE_ERROR | E_CORE_WARNING | E_COMPILE_ERROR | E_ERROR | E_WARNING | E_PARSE | E_USER_ERROR | E_USER_WARNING | E_RECOVERABLE_ERROR );
  86              @ini_set('display_errors', true); //Ensure that Fatal errors are displayed.
  87              wp_register_plugin_realpath( WP_PLUGIN_DIR . '/' . $plugin );
  88              include( WP_PLUGIN_DIR . '/' . $plugin );
  89          }

Recommendations: Do not allow untrusted input to be evaluated or otherwise interpreted as code.

Change History (1)

#1 @nacin
11 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

If you're going to submit any more static code analysis tickets, please read the ticket form first:

Do not report potential security vulnerabilities here.
See the Security FAQ and contact security@….

This is invalid. The value is trusted.

Note: See TracTickets for help on using tickets.