WordPress.org
Get WordPress

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #38317


Ignore:
Timestamp:
10/15/2016 09:30:23 AM (9 years ago)
Author:
ocean90
Comment:

Hello @damian1989, welcome to Trac!

The same occurs in most of /wp-includes/*.php and /wp-admin/includes/*.php

However, this is not a security issue, nor is it something that intends on being "fixed" as it's not encountered during "standard usage". If WordPress is used on a production server, error displays should be disabled, and/or direct access to the php files in the above directories disabled.

Additionally, when you created this ticket:

Do not report potential security vulnerabilities here. See the Security FAQ and contact security@wordpress.org.

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #38317

    • Property Status changed from new to closed
    • Property Version changed from 4.6.1 to
    • Property Milestone changed from Awaiting Review to
    • Property Keywords rss fpd removed
    • Property Resolution changed from to wontfix

  • Ticket #38317 – Description

    initial v1  
    1010Make sure it is defined ;)
    1111
     12{{{
    1213/**
    1314* We dont want a file path disclose vulnerability on certain servers.
     
    1617    exit();
    1718}
     19}}}
    1820
    1921
     22