[wp-hackers] Wordpress File Inclusion

Ryan Boren ryan at boren.nu
Mon Nov 13 17:58:40 GMT 2006

Bas Bosman wrote:
> Has anybody seen this post on the BugTraq mailing list?
> (Also on: http://www.securityfocus.com/archive/1/451311/30/0/threaded)
> I'm at work and don't have access to my Wordpress test box, so I haven't
> verified it yet.

That code is in load_template().

"file" is not a default query var so it should never be in 
$wp_query->query_vars unless a plugin adds it.  We can use a different 
variable name in load_template() for extra safety, I suppose. 
$template_file instead of $file.

I cannot reproduce.


More information about the wp-hackers mailing list