[wp-trac] [WordPress Trac] #53183: Recommending "defined( 'ABSPATH' ) or die; " in the Plugin Dev Handbook
WordPress Trac
noreply at wordpress.org
Tue May 11 15:22:38 UTC 2021
#53183: Recommending "defined( 'ABSPATH' ) or die;" in the Plugin Dev Handbook
------------------------------------+-----------------------------
Reporter: tomjdevisser | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Bundled Theme | Version: 5.7.1
Severity: normal | Keywords: dev-feedback
Focuses: docs, coding-standards |
------------------------------------+-----------------------------
I think it would be a nice addition to the Plugin Developers Handbook to
add a small recommendation to the Plugin Security section. Basically
adding the next snippet to all executable files:
{{{#!php
<?php
// Make sure no one can call this file directly
defined( 'ABSPATH' ) or die;
}}}
I think most plugin devs will already use this, and it's something that
comes up a lot, so I wondered why it was not yet in the documentation.
@themiked thought there might be ramifications unknown to us about doing
this, so he asked me to make a ticket here. Please share your thoughts.
Some more information on using this:
https://stackoverflow.com/questions/43212340/what-is-meant-by-if-defined-
abspath
https://wordpress.stackexchange.com/questions/108418/what-are-the-
differences-between-wpinc-and-abspath
PS: This is my first ticket, and I don't know exactly what
focuses/type/keywords would fit. If anything needs changing, constructive
feedback is highly appreciated.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53183>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list