Make WordPress Core

Opened 2 years ago

Closed 23 months ago

Last modified 23 months ago

#24224 closed defect (bug) (duplicate)

Hello Dolly causing errors, probably hello.php called directly by URL

Reported by: kitchin Owned by:
Milestone: Priority: normal
Severity: minor Version: 3.5.1
Component: Plugins Keywords:
Focuses: Cc:


My error log is filling up with these:

[01-Jan-2013 12:00:00] PHP Fatal error:  Call to undefined function  add_action() in /.../wp-content/plugins/hello.php on line 60

I assume someone is calling the URL directly, and I can reproduce it that way:

To end the annoyance, the plugin should start with:

if (! defined('ABSPATH')) exit;

Or whatever is the standard way to check Wordpress is calling. And the standard way to exit without an error.

Anyone interested in such activity should be checking server logs, not getting errors logged by PHP.

Also it would be setting a good example for plugin authors to keep in mind wp-content/plugins can be called directly via a URL.

Change History (3)

comment:1 @kovshenin2 years ago

That's a good practice. It's also a good practice to simply disallow requests to PHP files in your wp-content directory -- none of the files there should ever be called directly.

comment:2 @SergeyBiryukov23 months ago

  • Milestone Awaiting Review deleted
  • Status changed from new to closed

Duplicate of #17601, #18715, and #23077.

comment:3 @SergeyBiryukov23 months ago

  • Resolution set to duplicate
Note: See TracTickets for help on using tickets.