WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 6 years ago

Last modified 6 years ago

#6170 closed enhancement (wontfix)

Prevent direct loading of files that require WP to be loaded

Reported by: mdawaffe Owned by: ryan
Milestone: Priority: lowest
Severity: trivial Version: 2.5
Component: Security Keywords: has-patch
Focuses: Cc:

Description

There was some talk about this a while back, but I can't find any tickets.

Idea: add if ( !defined( 'ABSPATH' ) ) die(); to all files that should not be directly loaded.

Attached implements this for all files in wp-admin/ (except for the FTP classes).

Attachments (1)

6170.diff (15.0 KB) - added by mdawaffe 7 years ago.

Download all attachments as: .zip

Change History (4)

@mdawaffe7 years ago

comment:1 @Denis-de-Bernardy6 years ago

  • Component changed from General to Security
  • Owner changed from anonymous to ryan
  • Priority changed from normal to lowest
  • Severity changed from normal to trivial

I personally fail to see the point... But the debate rages on, and on...

comment:2 @Denis-de-Bernardy6 years ago

  • Keywords 2nd-opinion removed
  • Resolution set to wontfix
  • Status changed from new to closed

see #9185

comment:3 @Denis-de-Bernardy6 years ago

  • Milestone 2.9 deleted


Note: See TracTickets for help on using tickets.