Make WordPress Core

Opened 8 years ago

Closed 7 years ago

Last modified 7 years ago

#6170 closed enhancement (wontfix)

Prevent direct loading of files that require WP to be loaded

Reported by: mdawaffe Owned by: ryan
Milestone: Priority: lowest
Severity: trivial Version: 2.5
Component: Security Keywords: has-patch
Focuses: Cc:


There was some talk about this a while back, but I can't find any tickets.

Idea: add if ( !defined( 'ABSPATH' ) ) die(); to all files that should not be directly loaded.

Attached implements this for all files in wp-admin/ (except for the FTP classes).

Attachments (1)

6170.diff (15.0 KB) - added by mdawaffe 8 years ago.

Download all attachments as: .zip

Change History (4)

8 years ago

#1 @Denis-de-Bernardy
7 years ago

  • Component changed from General to Security
  • Owner changed from anonymous to ryan
  • Priority changed from normal to lowest
  • Severity changed from normal to trivial

I personally fail to see the point... But the debate rages on, and on...

#2 @Denis-de-Bernardy
7 years ago

  • Keywords 2nd-opinion removed
  • Resolution set to wontfix
  • Status changed from new to closed

see #9185

#3 @Denis-de-Bernardy
7 years ago

  • Milestone 2.9 deleted

Note: See TracTickets for help on using tickets.