[wp-trac] [WordPress Trac] #7545: gears-manifest.php shouldn't be public accessible.

WordPress Trac wp-trac at lists.automattic.com
Tue Aug 19 06:43:02 GMT 2008 

#7545: gears-manifest.php shouldn't be public accessible.
----------------------------+-----------------------------------------------
 Reporter:  g30rg3x         |       Owner:  anonymous
     Type:  defect          |      Status:  new      
 Priority:  lowest          |   Milestone:  2.7      
Component:  Administration  |     Version:  2.7      
 Severity:  trivial         |    Keywords:           
----------------------------+-----------------------------------------------
 Since version 2.6, WordPress has included support for Gears.[[BR]]
 As stated by the [http://code.google.com/apis/gears/api_localserver.html
 LocalServer API], Gears needs a
 [http://code.google.com/apis/gears/api_localserver.html#manifest_file
 Manifest file] that lists all of the URLs to be captured by a
 ManagedResourceStore and also it contains the version of the contents of
 the manifest.[[BR]]
 [[BR]]
 But this file instead of being accessible just for "logged-in" users (the
 ones that actually will take advantage of gears) is being public
 available, so anyone can enumerate the WordPress version (and style
 version) as well the list of all URLs to be captured by gears with
 easiness...[[BR]]
 Examples:[[BR]]
 http://ma.tt/blog/wp-admin/gears-manifest.php [[BR]]
 http://boren.nu/weblog/wp-admin/gears-manifest.php [[BR]]
 http://markjaquith.wordpress.com/wp-admin/gears-manifest.php [[BR]]
 [[BR]]
 I know ([http://trac.wordpress.org/ticket/4155 from previous attempts to
 promote hiding the version number]), that you don't see this problem as an
 issue/defect or even enhancement, this doesn't bother me at all, since we
 can still hide the version using a dynamic modification to the $wp_version
 that can came from a little plugin, however since gears-manifest.php it
 actually just load the necessary files, it makes my solution (and many
 others out there) totally useless, so the only way we have its to go and
 make a direct modification over the gears-manifest.php file.[[BR]]
 [[BR]]
 So please reconsider your position about this type of issues and at least
 provide some way to work around this problem.[[BR]]
 [[BR]]
 PS: Pardon me for all the grammar issues, m not a truly English writer.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/7545>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list