#58046 closed defect (bug) (fixed)
Replace include_once with require_once in wp-includes/comment.php
Reported by: | wpfy | Owned by: | |
---|---|---|---|
Milestone: | 6.3 | Priority: | normal |
Severity: | normal | Version: | 6.3 |
Component: | Comments | Keywords: | has-patch |
Focuses: | coding-standards | Cc: |
Description
The WordPress PHP coding standards recommend using require[_once] for unconditional includes rather than include[_once]. This is because if the file being included is not found, include[_once] will throw a warning but continue execution, potentially leading to other errors or security issues if the file is needed for the application.
However, in the WordPress core file wp-includes/comment.php, on lines 3046 and 3047, the function pingback() includes two files using include_once. To ensure consistency with the WordPress coding standards and improve the security and stability of the code, I propose replacing include_once with require_once on these lines.
I will create a pull request to the WordPress core repository with this change.
Change History (3)
This ticket was mentioned in PR #4280 on WordPress/wordpress-develop by @wpfy.
19 months ago
#1
- Keywords has-patch added; needs-patch removed
#2
@
18 months ago
- Component changed from General to Comments
- Milestone changed from Awaiting Review to 6.3
- Resolution set to fixed
- Status changed from new to closed
Hi there, thanks for the ticket!
It looks like this was resolved in [55641] / #57839 as part of a few other similar changes.
I have updated the props for that commit in the Core Props tool on make/core to include the props from this ticket too, so that the contribution is properly counted for you as well :)
@SergeyBiryukov commented on PR #4280:
18 months ago
#3
Thanks for the PR! Merged in r55641 as part of a few other similar changes.
The WordPress PHP coding standards recommend using require[_once] for unconditional includes rather than include[_once]. This is because if the file being included is not found, include[_once] will throw a warning but continue execution, potentially leading to other errors or security issues if the file is needed for the application.
However, in the WordPress core file wp-includes/comment.php, on lines 3046 and 3047, the function pingback() includes two files using include_once. To ensure consistency with the WordPress coding standards and improve the security and stability of the code, I propose replacing include_once with require_once on these lines.
I will create a pull request to the WordPress core repository with this change.
Trac ticket: https://core.trac.wordpress.org/ticket/58046