#29335 closed enhancement (duplicate)
change wp-admin/wp-content/wp-includes by a variable in the code
Reported by: | Neustradamus | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Bootstrap/Load | Keywords: | reporter-feedback |
Focuses: | Cc: |
Description
Dear developers,
There are missing points in the current code, can you update the code and change:
- wp-admin by WP_ADMIN_DIR
- wp-content by WP_CONTENT_DIR
- wp-includes by WPINC
Change History (5)
#2
@
10 years ago
- Component changed from Security to Bootstrap/Load
- Severity changed from blocker to normal
- Type changed from defect (bug) to enhancement
- Version trunk deleted
#4
@
10 years ago
In the same time, by default, you can add a .htaccess in /
# Disable directory browsing
Options All -Indexes
In the code there are (not all):
WPINC
WP_CONTENT_DIR
WP_CONTENT_URL
WP_PLUGIN_DIR
PLUGINDIR
WP_PLUGIN_URL
WPMU_PLUGIN_DIR
MUPLUGINDIR
WPMU_PLUGIN_URL
UPLOADS
Like WP_CONTENT_DIR/WP_CONTENT_URL:
I will be nice to have a WP_INCLUDES_DIR / WP_INCLUDES_URL for replace wp-includes
It will be nice to have a WP_ADMIN_DIR / WP_ADMIN_URL for replace wp-admin
Note: See
TracTickets for help on using
tickets.
Howdy, and thanks for the bug report!
Could you explain how this is a security issue, in your opinion, let alone a blocker?
Also, could you refer to specific examples in the codebase that you're referring to? WPINC is a folder name, but a hardcoded constant in core, and could be used in filesystem paths and urls. WP_ADMIN_DIR isn't actually a thing, because core doesn't support relocating the
wp-admin
directory like it supports relocating thewp-content
directory -- hence the need for WP_CONTENT_DIR -- which is the full path, not just the folder name like WPINC is.