[wp-trac] Re: [WordPress Trac] #5262: Theme editor should allow creation of files.

WordPress Trac wp-trac at lists.automattic.com
Sat Oct 27 04:50:39 GMT 2007


#5262: Theme editor should allow creation of files.
--------------------------------------+-------------------------------------
 Reporter:  youngmicroserf            |        Owner:  anonymous
     Type:  enhancement               |       Status:  new      
 Priority:  normal                    |    Milestone:  2.5      
Component:  Administration            |      Version:  2.3      
 Severity:  minor                     |   Resolution:           
 Keywords:  admin theme theme-editor  |  
--------------------------------------+-------------------------------------
Comment (by jaredbangs):

 I think it's probably a bad idea for any directory in the wp install to be
 writable, because of similar issues to those we discussed recently in
 #5174.

 Of course you have to allow the uploads directory to be writable if you
 want to support uploads (from within WP), but even that opens up the
 possibility of weird stuff happening by a misbehaved plugin.

 It's kind of a mute point in most cases, I guess, though, since I suspect
 that for most WP installs the directories are all left writable by the web
 server, and most people probably also don't inspect all the plugin code
 they add to their blogs to make sure they're not doing something nasty.

 I'm actually a bit surprised that I haven't heard of plugins and/or themes
 doing stuff like this, but I guess the whole sponsored theme thing
 recently was similar, in terms of what lengths they were going to to try
 to cover their tracks.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5262#comment:9>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list