[wp-hackers] Wordpress File Inclusion
ryan at boren.nu
Mon Nov 13 17:58:40 GMT 2006
Bas Bosman wrote:
> Has anybody seen this post on the BugTraq mailing list?
> (Also on: http://www.securityfocus.com/archive/1/451311/30/0/threaded)
> I'm at work and don't have access to my Wordpress test box, so I haven't
> verified it yet.
That code is in load_template().
"file" is not a default query var so it should never be in
$wp_query->query_vars unless a plugin adds it. We can use a different
variable name in load_template() for extra safety, I suppose.
$template_file instead of $file.
I cannot reproduce.
More information about the wp-hackers