WordPress.org

Make WordPress Core

Opened 22 months ago

Closed 22 months ago

Last modified 22 months ago

#24224 closed defect (bug) (duplicate)

Hello Dolly causing errors, probably hello.php called directly by URL

Reported by: kitchin Owned by:
Milestone: Priority: normal
Severity: minor Version: 3.5.1
Component: Plugins Keywords:
Focuses: Cc:

Description

My error log is filling up with these:

[01-Jan-2013 12:00:00] PHP Fatal error:  Call to undefined function  add_action() in /.../wp-content/plugins/hello.php on line 60

I assume someone is calling the URL directly, and I can reproduce it that way:
http://example.tld/wp-content/plugins/hello.php

To end the annoyance, the plugin should start with:

if (! defined('ABSPATH')) exit;

Or whatever is the standard way to check Wordpress is calling. And the standard way to exit without an error.

Anyone interested in such activity should be checking server logs, not getting errors logged by PHP.

Also it would be setting a good example for plugin authors to keep in mind wp-content/plugins can be called directly via a URL.

Change History (3)

comment:1 @kovshenin22 months ago

That's a good practice. It's also a good practice to simply disallow requests to PHP files in your wp-content directory -- none of the files there should ever be called directly.

comment:2 @SergeyBiryukov22 months ago

  • Milestone Awaiting Review deleted
  • Status changed from new to closed

Duplicate of #17601, #18715, and #23077.

comment:3 @SergeyBiryukov22 months ago

  • Resolution set to duplicate
Note: See TracTickets for help on using tickets.