[wp-hackers] xmlrpc.php's location
Mike Little
journalized at gmail.com
Fri Sep 17 19:28:54 UTC 2004
On Fri, 17 Sep 2004 10:46:35 -0500, Matthew Mullenweg <m at mullenweg.com> wrote:
> m at tidakada.com wrote:
>
> > So, what can we do here?
> > a) Just replace xmlrpc.php with the new xmlrpc.php, at the same place.
> > b) Place the new xmlrpc.php right along index.php and so on, but rename it.
>
> I'm sick of stuff in the root, but that's a bad reason to break
> compatibility. (A) I think is the best bet.
>
I know what you mean Matt, but the files which are directly
addressable via http requests have to be in someplace 'public'.
I think at some point we could move all the files that are *not*
required to be addressable into other directories.
A list of the ones which are addressable would be a good starting
point. There are three groups of those files: front-end blog viewing
files, non-php viewing files (css), and admin files.
Everything else should be able to be moved away and included from
anywhere, including outside the document root of the web server.
In WP at the moment the number of addressable files is quite high.
index, comments-post, comments-popup, various feeds, register, login,
trackback, xmlrpc etc.
So for instance the new wp-sidebar, -footer, and -header files could
be in an include directory -- probably wp-content?
Css files and so on still need to be publicaly accessible, of course,
but it is possible to trim most php files.
For instance, the last couple of PHP applications I have written have
ended up with just two php files in the document root. Every other php
file was included from an appropriate directory outside the document
root. Incredibly safe when your hosting service accidentally turns off
PHP parsing and apache delivers raw php source!
Anyway, some thoughts.
Mike
--
Mike Little
http://zed1.com/journalized/
More information about the hackers
mailing list