WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: Dean's FCKEditor For WordPress] Not compatible with security changes (2 posts)

  1. tresero
    Member
    Posted 4 years ago #

    You have a hard coded path to wp_config and if you move your wp_config outside of the html directory, the plugin will fail.

    This is a pretty serious security issue. I fixed mine by changing hardcoding, but there is probably a better solution. No other plugins I have installed use this convention.

    http://wordpress.org/extend/plugins/fckeditor-for-wordpress-plugin/

  2. krimsly
    Member
    Posted 4 years ago #

    Hi Tresero,

    I agree that it's important to move wp-config outside the document root. Could you please point me to where you changed the plug-in code to hardcode the wp-config file location??

    Ideally, the plug-in would use the same function WordPress uses to find its wp-config. That would be cool. I looked at the function reference to see if there was a function for this, but couldn't find one. I wonder how the other plug-ins do it?

    Thanks a lot,

    NorthK

Topic Closed

This topic has been closed to new replies.

About this Topic