wporg-mu-plugins icon indicating copy to clipboard operation
wporg-mu-plugins copied to clipboard

Published 20 hours ago verified publisher icon WordPress

Add check to avoid fatals on direct file access

Open pkevan opened this issue 11 months ago • 4 comments

Avoids fatal errors when these files are accessed directly e.g.

ja.wordpress.org 198.143.164.10 - [07/Mar/2024:09:04:13 +0000] "GET /cba94a84/wp-content/mu-plugins/pub-sync/blocks/time/ HTTP/1.1"

pkevan avatar Mar 07 '24 12:03 pkevan

@pkevan Need a review for this?

StevenDufresne avatar May 10 '24 05:05 StevenDufresne

sure - can't remember doing this!

pkevan avatar May 10 '24 06:05 pkevan

Looks good to me, but added @dd32 and @ryelle seeing that they have more WP experience than myself :)

StevenDufresne avatar May 12 '24 21:05 StevenDufresne

Originally I suggested renaming these, or disabling direct PHP access at the server level, but that ran into issues (mostly, that the allow list is outdated).

I have no concerns about merging this, other than me not feeling it's warranted to have a check at the top of every .php file.

dd32 avatar May 13 '24 01:05 dd32