[wp-trac] [WordPress Trac] #63454: Aikido security: Backticks (``) in PHP are very dangerous and counter-intuitive
WordPress Trac
noreply at wordpress.org
Fri May 16 09:25:17 UTC 2025
#63454: Aikido security: Backticks (``) in PHP are very dangerous and counter-
intuitive
--------------------------+----------------------
Reporter: Websonica | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 6.7.2
Severity: normal | Resolution: invalid
Keywords: | Focuses:
--------------------------+----------------------
Changes (by johnbillion):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
The use of backticks within ID3 is intentional. It's important to double
check automated code reviews for validity, a cursory glance at the lines
of code in question would reveal that all four instance of variables
encased in backticks within ID3 are system commands that are intended to
be executed.
While we appreciate your interest in the security of WordPress, please be
more careful with your reports in the future. This is a public bug tracker
and you had to check a checkbox that said "I am not reporting a security
issue" when submitting this. Further details can be found here:
https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/ .
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63454#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list