#53183 closed defect (bug) (duplicate)
Twenty Twenty-One: Check if ABSPATH is defined in each file
Reported by: | tomjdevisser | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 5.7.1 |
Component: | Bundled Theme | Keywords: | dev-feedback |
Focuses: | docs, coding-standards | Cc: |
Description
I think it would be a nice addition to the Plugin Developers Handbook to add a small recommendation to the Plugin Security section. Basically adding the next snippet to all executable files:
<?php // Make sure no one can call this file directly defined( 'ABSPATH' ) or die;
I think most plugin devs will already use this, and it's something that comes up a lot, so I wondered why it was not yet in the documentation. @themiked thought there might be ramifications unknown to us about doing this, so he asked me to make a ticket here. Please share your thoughts.
Some more information on using this:
https://stackoverflow.com/questions/43212340/what-is-meant-by-if-defined-abspath
https://wordpress.stackexchange.com/questions/108418/what-are-the-differences-between-wpinc-and-abspath
PS: This is my first ticket, and I don't know exactly what focuses/type/keywords would fit. If anything needs changing, constructive feedback is highly appreciated.
Change History (8)
This ticket was mentioned in Slack in #docs by tomjdevisser. View the logs.
4 years ago
#2
@
4 years ago
- Summary changed from Recommending "defined( 'ABSPATH' ) or die;" in the Plugin Dev Handbook to Missing code in TwentyTwentyone theme
This ticket was mentioned in Slack in #docs by tomjdevisser. View the logs.
4 years ago
#5
@
4 years ago
- Summary changed from Missing code in TwentyTwentyone theme to Twenty Twenty-One: Check if ABSPATH is defined in each file
#6
follow-up:
↓ 7
@
4 years ago
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
Hi there, welcome to WordPress Trac!
Thanks for the ticket, we're already tracking this enhancement in #47154.
#7
in reply to:
↑ 6
@
4 years ago
Replying to SergeyBiryukov:
Hi there, welcome to WordPress Trac!
Thanks for the ticket, we're already tracking this enhancement in #47154.
Great, thanks!
For added security, I think it would be a nice addition to the theme to add the following code to each file in the theme:
Some more information on using this:
https://stackoverflow.com/questions/43212340/what-is-meant-by-if-defined-abspath
https://wordpress.stackexchange.com/questions/108418/what-are-the-differences-between-wpinc-and-abspath
PS: This is my first ticket, and I don't know exactly what focuses/type/keywords would fit. If anything needs changing, constructive feedback is highly appreciated. Changed the ticket after getting feedback from themiked.