[wp-hackers] Blank index.php in wp-content/plugins
Computer Guru
computerguru at neosmart.net
Mon Mar 3 17:40:20 GMT 2008
On 3/3/08, Ozh <ozh at planetozh.com> wrote:
> >Found out something odd today, if you put a blank index.php in the plugins
> >folder, the Dashboard link will point to
> >wp-admin/admin.php?page=index.phpinstead, which is a blank page (with
> >the usual Admin styling).
>
>
> This is an "old" problem, which is even broader: PHP files in
> /wp-content/plugins/ take over their /wp-admin/ homonyms (ie a blank
> themes.php in the plugins directory will take over the "Presentation"
> page, and so on).
I don't know, but to me this seems more of a potential pro and less of
a con.... I can imagine how it would simplify hacking the wp-admin
center without ever needing to load the WP codebase in the first
place.
It's drawback seems to be pretty minor to me, no reason to put a blank
____.php file there in the first place (as mentioned above, a blank
index.html file should take care of the directory access) and it's
benefits would seem to outweigh the "weirdness" of the issue, but
that's just me :-)
More information about the wp-hackers
mailing list