[wp-hackers] Why WP_SITEURL and not $_SERVER['HTTP_HOST']?
mikeschinkel at newclarity.net
Tue Mar 30 08:03:41 UTC 2010
On Mar 30, 2010, at 2:47 AM, Beau Lebens wrote:
>> I've been wondering this for a long time but never asked this. Anyone know why WordPress doesn't just use $_SERVER['HTTP_HOST'] and instead requires setting of WP_SITEURL (and WP_HOME?)
> All of the $_SERVER variables are writeable, so
> plugins/themes/anything could modify what they contain, "corrupting"
> your theoretically "pristine" way of referring the the URL of the
> current site.
> Setting it as a constant is really about the only way of knowing that
> it's set once, never modified, and contains exactly what it's supposed
> to contain.
So a follow up, is it fair to test $_SERVER['HTTP_HOST'] against the expected value as early in the code bootstrap as possible and if different go into a special "switch domain" state similar to how WordPress enters a "database needs to be upgraded" state immediately after upgrading the PHP code? Or would testing $_SERVER['HTTP_HOST'] there still be problematic for some reason?
P.S. Hmm. If we need a constant, is there a reason why WP_SITEURL is not just set in wp-config.php based on the value of $_SERVER['HTTP_HOST']?
More information about the wp-hackers