WordPress.org

Ready to get started?Download WordPress

Forums

My FTP
[resolved] security patch - restrict navigation to wordpress folder (3 posts)

  1. nexus5
    Member
    Posted 2 years ago #

    MyFTP is a high security risk because it allow navigation through the whole webserver. Here is a security patch to restrict navigation to the wordpress folder:

    @@ -154,6 +154,13 @@
    
       $pDir = pathinfo($dir);
       $parentDir = $pDir["dirname"];
    +  /* nexus5 security patch */
    +  function startsWith($haystack, $needle)
    +  {
    +    return strpos($haystack, $needle) === 0;
    +  }
    +  if (!startsWith($parentDir, get_home_path())) $parentDir = get_home_path();
    +  /* nexus5 security patch */ 
    
     ?>
       <div id="subForm">

    http://wordpress.org/extend/plugins/myftp/

  2. Ken Dirschl
    Member
    Posted 2 years ago #

    thanks for this nexus5. This is a great quick fix.

  3. Ken Dirschl
    Member
    Posted 2 years ago #

    another hack is to remove the 'up one level' link, since there is already a 'back one level' link. Not elegant, but another fix.

    line 185

    <li><a href='" . $_SERVER["PHP_SELF"] . "?page=MyFtp&dir=$parentDir'>Up One Level</a></li>&nbsp;&nbsp;&nbsp;

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags