Opened 2 years ago
Last modified 4 months ago
#55944 new enhancement
Few wp-admin files need to exit if directly loaded
Reported by: | superpoincare | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 6.0 |
Component: | Administration | Keywords: | has-patch |
Focuses: | Cc: |
Description
Some files in wp-admin don't have a check to see if they're being loaded directly, although some others make sure.
The files are:
/wp-admin/network/menu.php
/wp-admin/user/menu.php
/wp-admin/admin-header.php
/wp-admin/menu-header.php
/wp-admin/menu.php
/wp-admin/options-head.php
Change History (3)
#2
@
6 months ago
- Keywords has-patch added
@SergeyBiryukov I have cover maximum number of files of wp-includes & wp-admin directory and raised in https://core.trac.wordpress.org/ticket/61314#ticket with patch
#3
@
4 months ago
Tracking down some fatal errors in the logs, a (third-party scan) direct request to
GET /wp-admin/options-head.php
will result in 500 and a stack trace:
PHP Fatal error: Uncaught Error: Call to undefined function wp_reset_vars() in /var/www/html/wp-admin/options-head.php:11 Stack trace: #0 {main} thrown in /var/www/html/wp-admin/options-head.php on line 11
also seeing stack traces resulting from direct calls to
/wp-admin/network/menu.php
/wp-admin/user/menu.php
/wp-admin/upgrade-functions.php
/wp-admin/menu.php
/wp-admin/menu-header.php
/wp-admin/custom-header.php
/wp-admin/custom-background.php
/wp-admin/admin-header.php
/wp-admin/admin-functions.php
Note: See
TracTickets for help on using
tickets.
Related: #51806