Opened 4 years ago
Closed 4 years ago
#52980 closed defect (bug) (fixed)
PHP notice on login page (without login)
Reported by: | satrancali | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 5.8 | Priority: | normal |
Severity: | normal | Version: | 2.9 |
Component: | Login and Registration | Keywords: | |
Focuses: | Cc: |
Description
Steps
1- you just enter the admin login page
2- https://www.example.com/wp-login.php?redirect_to=https%3A%2F%2Fwww.example.com%2Fwp-admin%2F&reauth=1
3- You add the this parameter " &key=zwrtxqvag3j2 "
4- page will show you directory of website
If it is a bug, I want to just add my name your website thank you page, my name is " Ali Kaan BAŞHAN "
Attachments (1)
Change History (3)
Note: See
TracTickets for help on using
tickets.
Hi there, welcome to WordPress Trac! Thanks for the report.
Just to clarify, path disclosure is considered a server configuration issue in WordPress, and not a security issue.
We should fix the PHP notice, though. This is not new in 5.7 and appears to be originally introduced in [11801] and further adjusted in [15710] and [29327], changing the Version field accordingly.