WordPress.org

Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#24224 closed defect (bug) (duplicate)

Hello Dolly causing errors, probably hello.php called directly by URL

Reported by: kitchin Owned by:
Milestone: Priority: normal
Severity: minor Version: 3.5.1
Component: Plugins Keywords:
Focuses: Cc:

Description

My error log is filling up with these:

[01-Jan-2013 12:00:00] PHP Fatal error:  Call to undefined function  add_action() in /.../wp-content/plugins/hello.php on line 60

I assume someone is calling the URL directly, and I can reproduce it that way:
http://example.tld/wp-content/plugins/hello.php

To end the annoyance, the plugin should start with:

if (! defined('ABSPATH')) exit;

Or whatever is the standard way to check Wordpress is calling. And the standard way to exit without an error.

Anyone interested in such activity should be checking server logs, not getting errors logged by PHP.

Also it would be setting a good example for plugin authors to keep in mind wp-content/plugins can be called directly via a URL.

Change History (3)

comment:1 @kovshenin2 years ago

That's a good practice. It's also a good practice to simply disallow requests to PHP files in your wp-content directory -- none of the files there should ever be called directly.

comment:2 @SergeyBiryukov2 years ago

  • Milestone Awaiting Review deleted
  • Status changed from new to closed

Duplicate of #17601, #18715, and #23077.

comment:3 @SergeyBiryukov2 years ago

  • Resolution set to duplicate
Note: See TracTickets for help on using tickets.