Opened 14 months ago
Closed 9 months ago
#62055 closed enhancement (invalid)
Put index.php into Public folder on the root directory
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Security | Keywords: | reporter-feedback |
| Focuses: | Cc: |
Description
Now we are writing ABSPATH constant existence check everywhere to protect files from direct access.
But we can make a public (or any name) folder in the root and put the index.php (/public/index.php) file in the folder. That way only index.php file can be directly accessed. And we'll be able to remove ABSPATH constant existence check from files.
What about backward compatibility?
Well, at the beginning we can keep both /index.php and /public/index.php files for one or more year(s) and keep telling users, and hosting providers to point their servers to the public folder. Then we can remove the index.php and also constant checks from files.
Change History (2)
Note: See
TracTickets for help on using
tickets.
The constant checks within files are there to prevent direct access over HTTP to files that perform side effects. There's no relation to directory listings or index.php.
@sourav926 What problem are you seeing that needs addressing?