WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 4 years ago

#19921 closed defect (bug) (wontfix)

always use require_once for wp-load.php (fixes "ABSPATH defined multiple times")

Reported by: convissor Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.3.1
Component: Bootstrap/Load Keywords: has-patch needs-refresh
Focuses: Cc:
PR Number:

Description

The wp-load.php file should always be included via require_once. This allows developers to include files when necessary with having to run into the "ABSPATH defined multiple times" notice (let alone waste time processing the file).

In trunk, require_once is already used in the majority of cases for wp-load.php:

  • 24 require_once
  • 8 require
  • 1 include

This has come up because of a situation in a plugin where it is necessary to manually include the wp-login.php. But then wp-login.php calls require wp-load.php and the constant re-declaration notice arises.

In two cases, the patch changes relative paths (eg ./ to dirname(__FILE__)) to avoid safe mode problems and improve the ability to run files from anywhere(1), which is helpful for testing from the command line.

(1) Paths in PHP are relative to the present working directory, not the directory the file is in.

Attachments (1)

wp-load-require-once.diff (3.7 KB) - added by convissor 8 years ago.

Download all attachments as: .zip

Change History (5)

#1 @nacin
8 years ago

I am all for dirname() over relative paths, but I'm not sure I see the benefit to switching to require_once. Once we patch this, we end up requiring ourselves to stick to a convention in the future. Including an entry file is dirty, and I would rather switch across the board to require().

What's the situation exactly? There are functions in wp-login.php that should be in an include file -- we should move them, rather than patching a symptom.

#2 @convissor
8 years ago

Nacin: you are right that moving the login_header() and login_footer() some place else (such as wp-includes/functions.php) is a good idea.

The move would not obviate the fact that wp-load.php can only be cleanly loaded once. require_once is the most direct approach to ensure that.

If you are trying to protect certain files from being directly included by plugins or other WP code, other means are available.

#3 @nacin
6 years ago

  • Component changed from General to Bootstrap/Load

#4 @chriscct7
4 years ago

  • Keywords has-patch needs-refresh added; require_once require wp-load.php removed
  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Closing as wontfix. Complete lack of interest on the ticket over the last 4 years. Feel free to reopen when more interest re-emerges (particularly if there's a patch)

Note: See TracTickets for help on using tickets.