WordPress.org

Making WordPress.org

Opened 6 weeks ago

Closed 6 weeks ago

Last modified 6 weeks ago

#4801 closed defect (maybelater)

Template partials should not be publicly accessible

Reported by: jonoaldersonwp Owned by:
Milestone: Priority: low
Component: General Keywords: seo analytics
Cc:

Description (last modified by jonoaldersonwp)

Requests to https://wordpress.org/ URLs ending in header.php or footer.php return template partials.

E.g., https://wordpress.org/plugins/classic-editor/header.php.

These types of requests should return normal behaviour for these URLs (usually a 404 response).

Change History (6)

#1 @jonoaldersonwp
6 weeks ago

  • Description modified (diff)

#2 @jonoaldersonwp
6 weeks ago

  • Description modified (diff)
  • Priority changed from lowest to low

#3 @dd32
6 weeks ago

This functionality is actually intentional in many parts of WordPress.org, it's expected that header.php is accessible directly due to the mismatch of systems we run.

#4 @jonoaldersonwp
6 weeks ago

That's terrifying ;)

Can we prevent direct browser access to it, and force/return a 404?

#5 @Otto42
6 weeks ago

  • Resolution set to wontfix
  • Status changed from new to closed

Unfortunately, no. Not without breaking the way that trac and the codex work.

I'm going to mark this as wontfix for now, but maybe in the future when we have a different type of integration with these systems then we will be able to not have these accessible from outside, as it were.

#6 @SergeyBiryukov
6 weeks ago

  • Resolution changed from wontfix to maybelater
Note: See TracTickets for help on using tickets.