[theme-reviewers] $_SERVER data

Otto otto at ottodestruct.com
Sat Dec 24 15:56:30 UTC 2011

On Sat, Dec 24, 2011 at 7:53 AM, Chip Bennett <chip at chipbennett.net> wrote:
> Lately, I've been seeing quite a few review comments indicating to remove
> this code, due to security issues:
> if ( !empty( $_SERVERSCRIPT_FILENAME? ) && 'comments.php' == basename(
> die ( 'Please do not load this page directly. Thanks!' );
> I don't believe that $_SERVER data used in this manner (i.e. as a
> conditional query, with no data being saved to the DB or output) is a
> security risk. What are your thoughts?

It's not a threat, but it is unnecessarily silly and complex. Here's a
quicker way to do much the same thing (only without the message):

if ( !defined('ABSPATH') ) die;


More information about the theme-reviewers mailing list