Make WordPress Core

Opened 3 years ago

Last modified 12 months ago

#28364 new defect (bug)

WordPress Entry Points (wp-load.php occurrences)

Reported by: szepe.viktor Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 3.9.1
Component: Bootstrap/Load Keywords:
Focuses: Cc:

Description (last modified by SergeyBiryukov)

I was looking for entry point by searching for wp-load.php for plugin refactoring. I mean conditionally use require().

  1. There are easy to identify entry points like admin-ajax.php but there are no defines e.g in async-upload.php, wp-loging.php or wp-comments-post.php
  1. wp-trackback.php uses a strange way to detect the core if (empty($wp))
  1. xmlrpc.php uses alone include() all others require()
  1. How to distinguish between admin.php and admin-post.php?


  • There should be a uniform way requiring wp-load.
  • All entry point should be distinguished by different defines

List of entry points and ways to detect them

  1. frontend: wp-blog-header.php:12 !is_admin()
  2. admin GET request: wp-admin/admin.php:30 is_admin()
  3. admin POST request: wp-admin/admin-post.php:15 is_admin()
  4. admin upload: wp-admin/async-upload.php:16 @$_SERVER['SCRIPT_FILENAME'] === ABSPATH . 'wp-admin/async-upload.php'
  5. AJAX call: wp-admin/admin-ajax.php:20 defined('DOING_AJAX') && DOING_AJAX
  6. WordPress cron webserver/CLI: wp-cron.php:26 defined('DOING_CRON') && DOING_CRON php_sapi_name() === 'cli'
  7. XML-RPC protocol: xmlrpc.php:29 defined('XMLRPC_REQUEST') && XMLRPC_REQUEST

Frontend low priority

  1. wp-comments-post.php:16 @$_SERVER['SCRIPT_FILENAME'] === ABSPATH . 'wp-comments-post.php'
  2. wp-trackback.php:12 1 === get_query_var('tb')

Dashboard low priority

  1. wp-login.php:12
  2. wp-signup.php:4
  3. wp-activate.php:12
  4. wp-mail.php:11

Exclude from profiling

  1. wp-links-opml.php:15
  2. wp-includes/ms-files.php:12
  3. wp-includes/js/tinymce/wp-mce-help.php:9
  4. wp-admin/install.php:36
  5. wp-admin/install-helper.php:39
  6. wp-admin/upgrade.php:18
  7. wp-admin/maint/repair.php:10
  8. wp-admin/moderation.php:10

Total: 21 entry points as of version 3.9.1

from WPHW

Change History (7)

#1 @SergeyBiryukov
3 years ago

  • Component changed from General to Bootstrap/Load
  • Description modified (diff)

#2 @szepe.viktor
3 years ago

Any opinions, suggestions?

#3 in reply to: ↑ description ; follow-up: @jeremyfelt
3 years ago

  • Keywords reporter-feedback added

Hi @szepe.viktor, can you provide some more detail on the problem you're looking at solving? Thanks!

  • All entry point should be distinguished by different defines

I guess my key misunderstanding is around this item. An example scenario of how current core code is not working or providing enough data would be great.

#4 in reply to: ↑ 3 @Denis-de-Bernardy
3 years ago

  • Keywords reporter-feedback removed

Replying to jeremyfelt:

I guess my key misunderstanding is around this item. An example scenario of how current core code is not working or providing enough data would be great.

It's "working." His complaint is that it's inconsistent and clunky.

It's sometimes not obvious where to find the documentation, for instance OP doesn't seem to be aware of is_trackback(). (Perhaps there could be note in the file's header? Or indeed a file-specific define, or some kind of $wp_context global.)

Last but not least, it occasionally breaks down to:

$_SERVER['SCRIPT_FILENAME'] === ABSPATH . $file_to_check

(I'm quite sure I've used a less buggy version of the above idiom over the years to detect in what precise context WP was being loaded.)

Again, it works... It's just not very convenient -- or change proof, for that matter.

Last edited 3 years ago by Denis-de-Bernardy (previous) (diff)

#5 @szepe.viktor
3 years ago

As Denis pointed out the nicest solution is a wp_context global - or better: a function - that would return one of the 21 distinct entry points.

Last edited 3 years ago by szepe.viktor (previous) (diff)

#6 @szepe.viktor
3 years ago

@Denis-de-Bernardy Thank you for is_trackback()!

#7 @drzraf
12 months ago

If not reducing entry points, at least documenting the (growing number of?) entry points would still be useful so that WP installation can be secured.
Some guidance for plugins authors about how to documents/annotate the entry points they provide would be very useful too.

Note: See TracTickets for help on using tickets.