[theme-reviewers] Direct access prevention in comments.php - required or recommended?

Tyler Cunningham seizedpropaganda at gmail.com
Sat Sep 24 01:24:59 UTC 2011

 You are correct in requiring this. It is actually now a security risk as pointed out by Mark Jaquith in a blog post. You can link to this post if you like: 



Tyler Cunningham | Founder, COO - CyberChimps LLC (http://CyberChimps.com/)

@tylerbcunning (http://twitter.com/tylerbcunning)
tyler at cyberchimps.com (mailto:tyler at cyberchimps.com)

On Friday, September 23, 2011 at 6:23 PM, Vicky Arulsingam wrote:

> I'm seeking clarification regarding the use of:
> if ( 'comments.php' == basename($_SERVER['SCRIPT_FILENAME']) )
> die ( 'Please do not load this page directly. Thanks.' );
> I've been requiring that themes not include this. Am I correct in doing so or is the removal merely a recommendation?
> -----
> Vicky Arulsingam
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org (mailto:theme-reviewers at lists.wordpress.org)
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110923/76fb6334/attachment.htm>

More information about the theme-reviewers mailing list