Editor style url access?

  • Excuse me for my lack of time to get into the codex and find it out by myself (I’m not a formal programmer so it’d take me forever to decypher it), but is the editor-style.css file url-accessable for non-registered visitors?

    In other words: is my wysiwig editor scripts processing a stylesheet whose location was easy to guess (and thus, to hack) ?

    Thanks.

Viewing 2 replies - 1 through 2 (of 2 total)

  • No, that file isn’t loaded on the frontend, so its address wont be visible to the outside world. If you name it a randomly generated code – that will make it very difficult for a bad guy to access it from the frontend. That said, unless you’re using SSL for the admin – I wouldn’t consider this a secure method of hiding data.

    I’m also not sure why you’re concerned – I can’t see how a malicious user would be able to use a typical editor-styles.css to do any harm

    cheers,
    Bryan

    Thread Starter gallantfish

    (@gallantfish)

    Oh, I didn’t know I can name it anything.
    I followed WP codex and anyone is told to name it editor-style.css.

    Well, the css loads directly in a logged in browser, in an environment that proccess it by JS TinyMCE. I can’t predict that far but I guess it’s not an obvious place where security has been reinforced.

    Good to know that someone else has the certainty ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Editor style url access?’ is closed to new replies.