[wp-trac] [WordPress Trac] #12988: Modify wp-load.php to search for wp-config.php 2 directories higher
WordPress Trac
wp-trac at lists.automattic.com
Tue Apr 13 21:44:07 UTC 2010
#12988: Modify wp-load.php to search for wp-config.php 2 directories higher
--------------------------------+-------------------------------------------
Reporter: chipbennett | Owner: ryan
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: wontfix
Keywords: wp-load, wp-config |
--------------------------------+-------------------------------------------
Comment(by nacin):
My quotation actually deserves more context, as that's a relatively common
setup.
> Note that if you did this, it would cause an extra file seek on each and
every page load.
It only would if it didn't find one at the root or one level up. Point is,
any blog using two levels up means it will go through two false ==
file_exists checks. We could instead simply keep going one level up in
search of wp-config until we hit a wall or find one.
Actually, double those numbers, as we also need to check for wp-
settings.php to make sure the wp-config a level up isn't part of another
WP install. So two levels up is four file exists checks on every load.
That said, I vote for wontfix. Being on one side of public_html is
generally not where you need to concentrate your security on. And doing
what I've suggested above is just encouraging wasteful performance. If the
user is going to follow a tutorial to move wp-config up two or three or
more directories, then they should instead mow down wp-config.php to just
including a file up a few levels, or use a symlink.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12988#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list