Opened 3 months ago
Last modified 3 weeks ago
#62055 assigned enhancement
Put index.php into Public folder on the root directory
Reported by: | sourav926 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Security | Keywords: | reporter-feedback |
Focuses: | Cc: |
Description
Now we are writing ABSPATH
constant existence check everywhere to protect files from direct access.
But we can make a public (or any name) folder in the root and put the index.php (/public/index.php) file in the folder. That way only index.php file can be directly accessed. And we'll be able to remove ABSPATH
constant existence check from files.
What about backward compatibility?
Well, at the beginning we can keep both /index.php and /public/index.php files for one or more year(s) and keep telling users, and hosting providers to point their servers to the public folder. Then we can remove the index.php and also constant checks from files.
Note: See
TracTickets for help on using
tickets.
The constant checks within files are there to prevent direct access over HTTP to files that perform side effects. There's no relation to directory listings or index.php.
@sourav926 What problem are you seeing that needs addressing?