[wp-hackers] Security question

g30rg3_x g30rg3x at gmail.com
Thu Oct 23 18:09:21 GMT 2008


Hi Mario,

Well if that piece of code is for avoiding direct calls to the files
(instead via wordpress) then imho you are wasting a lot of code cause
its better to do this...

if ( !defined('ABSPATH') )
	die();

Since ABSPATH is a constant defined in wp-load.php (or at
wp-config.php), making sure that the constant is defined its a better
way to tell if the file is being request directly or included in
wordpress.
But of course please tell us what exactly is your intention with that
piece of code (is it for the main index.php or for a plugin/theme
script file?)
As far of security... i don't see any pitfall just (as previously say)
a really waste of code to do a simple thing.

Regards

2008/10/22 Mário Gamito <gamito at gmail.com>:
> Hi,
>
> Is it safe to put this code in the very top of the index.php WP file ?
> Is there any pitfall I can't see ?
>
> Warm regards,
> Mário Gamito
> --
>
> $request_filename = $_SERVER['DOCUMENT_ROOT'].$_SERVER['REQUEST_URI'];
> $this_dir = dirname(__FILE__).'/';
> if($request_filename!=$this_dir && $request_filename!=__FILE__ &&
> (is_file($request_filename) || is_dir($request_filename))) {
>  die;
> }
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



-- 
_________________________
             g30rg3_x


More information about the wp-hackers mailing list