Support » Plugin: Media Library Assistant » Filter to protect core files.

  • File: media-library-assistant/includes/class-mla-main.php
    Line: 756 – 779

    With parameter $_REQUEST[‘mla_download_file’] / $_REQUEST[‘mla_download_type’] / $_REQUEST[‘mla_download_disposition’]. I can work and change parameter to make download and delete of core files ( wp-config.php, for example )

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author David Lingren

    (@dglingren)

    Thank you for your detective work and for alerting me to this issue.

    The code you cited is in a private function that is called from just one place in the MLA plugin. The function that calls it first checks for a proper “admin NONCE”, which must also be present in the $_REQUEST array. This additional check provides a level of security, but I agree that the code you cite is a problem.

    I have just released MLA v2.70, which contains a fix. The new version does an additional check to make sure that only files in the site’s “uploads” directory tree can be accessed for download or deletion. The new check will protect all the WordPress Core, Plugin and Theme files.

    I am marking this topic resolved, but please update it if you have any problems or further questions regarding the fix or the new version. Thanks again for your help and for your interest in the plugin.

    Thread Starter Lenon Leite

    (@lenon)

    David,
    Yeah, You’re right, it was pretty fast. Congratulations. I just commented because this point also had access for authors and editors.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Filter to protect core files.’ is closed to new replies.