[wp-hackers] Blank index.php in wp-content/plugins

Computer Guru computerguru at neosmart.net
Mon Mar 3 17:40:20 GMT 2008


On 3/3/08, Ozh <ozh at planetozh.com> wrote:
> >Found out something odd today, if you put a blank index.php in the plugins
>  >folder, the Dashboard link will point to
>  >wp-admin/admin.php?page=index.phpinstead, which is a blank page (with
>  >the usual Admin styling).
>
>
> This is an "old" problem, which is even broader: PHP files in
>  /wp-content/plugins/ take over their /wp-admin/ homonyms (ie a blank
>  themes.php in the plugins directory will take over the "Presentation"
>  page, and so on).

I don't know, but to me this seems more of a potential pro and less of
a con.... I can imagine how it would simplify hacking the wp-admin
center without ever needing to load the WP codebase in the first
place.

It's drawback seems to be pretty minor to me, no reason to put a blank
____.php file there in the first place (as mentioned above, a blank
index.html file should take care of the directory access) and it's
benefits would seem to outweigh the "weirdness" of the issue, but
that's just me :-)


More information about the wp-hackers mailing list