Make WordPress Core

Opened 7 years ago

Last modified 6 years ago

#42986 reopened enhancement

Insert default filters to wp_delete_file to don't delete core files.

Reported by: lenon's profile lenon Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.9.1
Component: Media Keywords:
Focuses: Cc:

Description

I am see many plugins that don't use wordpress method to delete files ( are using unink ) and exist wp_delete_file. Really you can insert filter, but I think that if didn't have filter by default you can use method to remove anything, including core files.

If all agree and approve this ticket I can implement.

Attachments (3)

implement.diff (3.0 KB) - added by lenon 7 years ago.
diff with new idea to help security on remove files
implement.2.diff (3.0 KB) - added by lenon 7 years ago.
sorry correctly diff with new idea to help security on remove files
implement.3.diff (2.3 KB) - added by lenon 7 years ago.
Sorry by two last errors of file. This really diff that I believe to help security on remove files

Download all attachments as: .zip

Change History (6)

@lenon
7 years ago

diff with new idea to help security on remove files

@lenon
7 years ago

sorry correctly diff with new idea to help security on remove files

@lenon
7 years ago

Sorry by two last errors of file. This really diff that I believe to help security on remove files

#1 @dd32
7 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Hey @lenon and welcome to Trac.

Thanks for submitting this, however, this doesn't seem like something which is needed in WordPress.

My issues with this is:

  • Plugins could bypass this by using unlink() directly
  • We can't enforce plugins to use wp_delete_file()
  • We can't prevent plugins from using unlink().
  • Plugins should not allow deletion of arbitrary files, if a plugin allows for wp_delete_file() to be passed ABSPATH it's not sanitizing it's input correctly.

I'm going to close this as wontfix, however, you can still reply and we can re-open it if you can explain the benefits of adding this.

#2 @lenon
7 years ago

  • Resolution wontfix deleted
  • Status changed from closed to reopened

The recently vulnerability published by ripstech ( https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/ ) could have been avoided if had accept implementation and use wp_delete_file. I belive yet that wordpress need of option more security to delete files.

#3 @SergeyBiryukov
6 years ago

  • Milestone set to Awaiting Review
Note: See TracTickets for help on using tickets.