Opened 3 years ago
Last modified 11 months ago
#55944 new enhancement
Few wp-admin files need to exit if directly loaded
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 6.0 |
| Component: | Administration | Keywords: | has-patch |
| Focuses: | Cc: |
Description
Some files in wp-admin don't have a check to see if they're being loaded directly, although some others make sure.
The files are:
/wp-admin/network/menu.php
/wp-admin/user/menu.php
/wp-admin/admin-header.php
/wp-admin/menu-header.php
/wp-admin/menu.php
/wp-admin/options-head.php
Change History (3)
#2
@
12 months ago
- Keywords has-patch added
@SergeyBiryukov I have cover maximum number of files of wp-includes & wp-admin directory and raised in https://core.trac.wordpress.org/ticket/61314#ticket with patch
#3
@
11 months ago
Tracking down some fatal errors in the logs, a (third-party scan) direct request to
GET /wp-admin/options-head.php
will result in 500 and a stack trace:
PHP Fatal error: Uncaught Error: Call to undefined function wp_reset_vars() in /var/www/html/wp-admin/options-head.php:11
Stack trace:
#0 {main}
thrown in /var/www/html/wp-admin/options-head.php on line 11
also seeing stack traces resulting from direct calls to
/wp-admin/network/menu.php/wp-admin/user/menu.php/wp-admin/upgrade-functions.php/wp-admin/menu.php/wp-admin/menu-header.php/wp-admin/custom-header.php/wp-admin/custom-background.php/wp-admin/admin-header.php/wp-admin/admin-functions.php
Note: See
TracTickets for help on using
tickets.
Related: #51806