Lack of ABSPATH check #103
-
|
Hi Greg,
at the beginning of PHP files to prevent any malicious direct access to the PHP files. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Hi Marco—Great to hear from you again! The simplest explanation here is simply that _tw is based on _s and Varia, and neither of those themes do WordPress/WordPress-Coding-Standards#1850 I'm open to being told that it's necessary after all, but I think the absolute worst case scenario here is some pollution of logs if someone starts trying to load PHP files directly. Please let me know what you think! |
Beta Was this translation helpful? Give feedback.
-
|
Yeah, I guess it's a very edge case like explained in this answer. I will add it in my themes just for the sake of it, but I agree with you to keep things as clean as possible in _tw. |
Beta Was this translation helpful? Give feedback.
-
|
That is a perfect explanation, and I agree with her response to one of the comments:
Nonetheless, as you understand the code's purpose and it won't make your code harder to follow for you, I don't see a harm in you adding it! |
Beta Was this translation helpful? Give feedback.
Hi Marco—Great to hear from you again!
The simplest explanation here is simply that _tw is based on _s and Varia, and neither of those themes do
ABSPATHchecks (to my knowledge). It's not the case that all PHP files need this snippet, so this isn't a red flag to me. See here for more details:WordPress/WordPress-Coding-Standards#1850
I'm open to being told that it's necessary after all, but I think the absolute worst case scenario here is some pollution of logs if someone starts trying to load PHP files directly.
Please let me know what you think!