[wp-trac] [WordPress Trac] #19330: Information disclosure in wp-app.php
WordPress Trac
wp-trac at lists.automattic.com
Tue Nov 22 13:39:05 UTC 2011
#19330: Information disclosure in wp-app.php
--------------------------+-----------------------------
Reporter: Ov3rfly | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.2.1
Severity: normal | Keywords:
--------------------------+-----------------------------
/wp-app.php discloses the full url to admin-interface if AtomPub is
disabled, line 285:
{{{
// check to see if AtomPub is enabled
if ( !get_option( 'enable_app' ) )
$this->forbidden( sprintf( __( 'AtomPub services are disabled on
this site. An admin user can enable them at %s' ), admin_url('options-
writing.php') ) );
}}}
Suggested fix: Do not print output of admin_url('options-writing.php')
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19330>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list