Make WordPress Core

Opened 8 years ago

Last modified 5 years ago

#36779 new defect (bug)

Move /wp-admin/load-scripts.php and /wp-admin/load-styles.php to /wp-includes

Reported by: saulnunez's profile SaulNunez Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.4.2
Component: Script Loader Keywords:
Focuses: Cc:


Basically these files are inside /wp-admin directory, but you can hit them and get an output without being authenticated,


If these scripts are for use inside admin, why authentication isn't required?,
if these scripts are for general use on the admin, themes, etc, why these aren't on wp-includes?

This was pointed to me on a security scan, and apart from that if the idea is general use for this, I think hosting these on /wp-admin is misleading.

Change History (0)

Note: See TracTickets for help on using tickets.