Changes between Initial Version and Version 1 of Ticket #36177, comment 7
- Timestamp:
- 04/28/2016 03:18:06 PM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #36177, comment 7
initial v1 11 11 12 12 13 This works for me, but it may break existing plugins that would (stupidly) rely on executing uploaded PHP file .13 This works for me, but it may break existing plugins that would (stupidly) rely on executing uploaded PHP files. 14 14 15 15 But how does this particular .htaccess file get locked down? Presumably wp-content/uploads is writable by the webserver, so it doesn't completely prevent vulnerable code from manipulating or deleting this file entirely. What springs to mind is using a sticky bit on wp-content/uploads so that as long as .htaccess isn't owned by the webserver, that file can't be manipulated from vulnerable PHP code.