Hi, On Sunday 28 September 2008, Andrea De Iacovo wrote: > Hi > > Maybe you're right but the problem is still really not critical. > wp-config.php looks for something like /etc/wordpress/config-$host.php > so my question is: if someone has unauthorized and maliciuos access > to /etc/wordpress (or, maybe, to /etc/*?) is it a wordpress problem?
Based on what just happened with the XSS vuln via HTTP_HOST in the RSS feeds
I'd say yes.
Although like I mentioned the other day in IRC, I think it is more a bug on
apache than on wordpress or php itself.
>
> However I'll try to find a better way to look for the correct
> configuration file: maybe reading a local list of authorized config
> files?
> $debian_server = preg_replace('/:.*/', "", $_SERVER['HTTP_HOST']);
> $debian_file =
> '/etc/wordpress/config-'.strtolower($debian_server).'.php';
$allowed_paths = array('/etc/wordpress/');
if (!in_array(dirname(realpath($debian_file)), $allowed_paths))
die("The config file for the specified host is not under an allowed path");
>
> Thank you for reporting.
>
> Cheers.
>
> Andrea De Iacovo
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
