The Codex documentation for threaded comments actually includes this script, hence a majority of the themes have it. See <a href="http://codex.wordpress.org/Migrating_Plugins_and_Themes_to_2.7/Enhanced_Comment_Display">http://codex.wordpress.org/Migrating_Plugins_and_Themes_to_2.7/Enhanced_Comment_Display</a>. <br>
<br><div class="gmail_quote">On Sat, Sep 24, 2011 at 10:04 AM, Edward Caissie <span dir="ltr">&lt;<a href="mailto:edward.caissie@gmail.com">edward.caissie@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Perhaps, interesting to note the snippet is used in about a dozen themes:<br><br>-- Google ... site:<a href="http://themes.trac.wordpress.org/" target="_blank">http://themes.trac.wordpress.org/</a> &quot;&#39;comments.php&#39; == basename($_SERVER[&#39;SCRIPT_FILENAME&#39;])&quot;<br>


<br><br clear="all">Cais.<div><div></div><div class="h5"><br>
<br><br><div class="gmail_quote">On Sat, Sep 24, 2011 at 11:06 PM, Justin Tadlock <span dir="ltr">&lt;<a href="mailto:justin@justintadlock.com" target="_blank">justin@justintadlock.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<u></u>

  
    
    
  
  <div bgcolor="#ffffff" text="#000000">
    Basically, the code is ultimately irrelevant.  There&#39;s no security
    issue though.<br>
    <br>
    It&#39;s good to point it out to theme devs that they don&#39;t need it.<div><div></div><div><br>
    <br>
    On 9/23/2011 9:52 PM, Dion Hulse (dd32) wrote:
    <blockquote type="cite">
      <div>The use-case mentioned is completely different from what
        Mark&#39;s post is about. the snippet mentioned prevents direct
        access to the comments template, Marks post is about using
        $_SERVER vars in theme output.. so you can ignore that posting<br>
      </div>
      <div><br>
      </div>
      <div>Speaking from a technical point of view (and not one of
        knowing what the exact theme review guidelines are):</div>
      <div>Having that in there is pointless, but having it in there is
        not a problem either. It&#39;s just extra code being run, it&#39;s never
        going to prevent a problem, nor create one (Well, unless the
        theme is doing strange things in the comments template - like
        writing files or something - things that that file should never
        do). </div>
      <div>So the guidelines are suggesting removal of a useless piece
        of code. No need to require it&#39;s removal, it&#39;s something like
        doing this: if ( false ) {run_some_code();} - it&#39;s code thats
        never going to be of use.. Only thing removing it does it make
        people more aware of what the PHP is actually doing..</div>
      <div><br>
      </div>
      <div>As for using $pagenow/wp_die(), it&#39;s not needed, nor would it
        be available in that case either (direct access of the file). If
        the comments template is included, the theme is asking/WordPress
        is asking to output the comments... bit of a no-brainer that it
        wouldn&#39;t need to check the current templating action.</div>
      <br>
      <br>
      <div class="gmail_quote">On 24 September 2011 11:37, Chip Bennett
        <span dir="ltr">&lt;<a href="mailto:chip@chipbennett.net" target="_blank">chip@chipbennett.net</a>&gt;</span>
        wrote:<br>
        <blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
          I can&#39;t say that I agree that it&#39;s a security risk; it&#39;s a
          conditional, not an input/output.
          <div><br>
          </div>
          <div>However, I&#39;m not sure it&#39;s really *needed*. What is the
            inherent risk of loading comments.php directly?</div>
          <div><br>
          </div>
          <div>If it *is* needed, what about using $pagenow instead (I
            assume it&#39;s available in the front-end)? e.g.:</div>
          <div><br>
          </div>
          <blockquote style="margin:0pt 0pt 0pt 40px;border:medium none;padding:0px">
            <div>global $pagenow;</div>
            <div>if ( &#39;comments.php&#39; = $pagenow ) {}</div>
          </blockquote>
          <div><br>
          </div>
          <div>Also, might it be worthwhile to use wp_die() instead of
            die()?</div>
          <div><br>
          </div>
          <div><font color="#888888">Chip</font>
            <div>
              <div>
                <br>
                <br>
                <div class="gmail_quote">On Fri, Sep 23, 2011 at 8:24
                  PM, Tyler Cunningham <span dir="ltr">&lt;<a href="mailto:seizedpropaganda@gmail.com" target="_blank">seizedpropaganda@gmail.com</a>&gt;</span>
                  wrote:<br>
                  <blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
                    <div> You are correct in requiring this. It is
                      actually now a security risk as pointed out by
                      Mark Jaquith in a blog post. You can link to this
                      post if you like:  </div>
                    <div><br>
                    </div>
                    <div><a href="http://markjaquith.wordpress.com/2009/09/21/php-server-vars-not-safe-in-forms-or-links/" target="_blank">http://markjaquith.wordpress.com/2009/09/21/php-server-vars-not-safe-in-forms-or-links/</a></div>



                    <div><br>
                      <span style="font-family:Arial"><span style="border-collapse:separate;color:rgb(0, 0, 0);font-family:Times;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><span style="font-family:Helvetica;font-size:13px"><span>Regards,</span><span><br>



                              <br>
                            </span></span></span></span>
                      <div style="font-size:medium;font-family:Arial"><span>Tyler Cunningham  |  Founder, COO
                          - <a href="http://CyberChimps.com/" style="color:rgb(0, 58, 138)" target="_blank">CyberChimps
                            LLC</a></span></div>
                      <div style="font-size:medium;font-family:Arial"><span><br>
                        </span></div>
                      <div style="font-size:medium;font-family:Arial"><span><a href="http://twitter.com/tylerbcunning" target="_blank">@tylerbcunning</a></span></div>
                      <div style="font-size:medium;font-family:Arial">
                        <span><a href="http://gplus.to/tylercunningham" target="_blank">http://gplus.to/tylercunningham</a></span></div>
                      <div style="font-size:medium;font-family:Arial"><span><a href="http://linkedin.com/in/tylerbcunningham" style="color:rgb(0, 58, 138)" target="_blank">http://linkedin.com/in/tylerbcunningham</a> </span></div>



                      <div style="font-size:medium;font-family:Arial"><span><a href="mailto:tyler@cyberchimps.com" style="color:rgb(0, 58, 138)" target="_blank">tyler@cyberchimps.com</a></span></div>
                      <br>
                    </div>
                    <div>
                      <div>
                        <p style="color:rgb(160, 160, 168)">On Friday,
                          September 23, 2011 at 6:23 PM, Vicky
                          Arulsingam wrote:</p>
                      </div>
                    </div>
                    <blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px"> <span>
                        <div>
                          <div>
                            <div>
                              <div>I&#39;m seeking clarification regarding
                                the use of:
                                <div><br>
                                </div>
                                <div>
                                  <div>if ( &#39;comments.php&#39; ==
                                    basename($_SERVER[&#39;SCRIPT_FILENAME&#39;])
                                    )</div>
                                  <div><span style="white-space:pre-wrap"> </span>die ( &#39;Please
                                    do not load this page directly.
                                    Thanks.&#39; );</div>
                                  <div><br>
                                  </div>
                                  <div>I&#39;ve been requiring that themes
                                    not include this. Am I correct in
                                    doing so or is the removal merely a
                                    recommendation?</div>
                                  <div><br>
                                  </div>
                                  -----
                                  <div>Vicky Arulsingam</div>
                                  <br>
                                </div>
                              </div>
                            </div>
                          </div>
                          <div>_______________________________________________<br>
                            theme-reviewers mailing list<br>
                            <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
                            <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
                          </div>
                        </div>
                      </span> </blockquote>
                    <div> <br>
                    </div>
                    <br>
                    _______________________________________________<br>
                    theme-reviewers mailing list<br>
                    <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
                    <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
                    <br>
                  </blockquote>
                </div>
                <br>
              </div>
            </div>
          </div>
          <br>
          _______________________________________________<br>
          theme-reviewers mailing list<br>
          <a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
          <a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
          <br>
        </blockquote>
      </div>
      <br>
      <pre><fieldset></fieldset>
_______________________________________________
theme-reviewers mailing list
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a>
</pre>
    </blockquote>
  </div></div></div>

<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br>
</div></div><br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Sayontan Sinha<br><a href="http://mynethome.net" target="_blank">http://mynethome.net</a> | <a href="http://mynethome.net/blog" target="_blank">http://mynethome.net/blog</a><br>
--<br>Beating Australia in Cricket is like killing a celebrity. The death gets more coverage than the crime.<br><br>