[theme-reviewers] Direct access prevention in comments.php - required or recommended?
Tyler Cunningham
seizedpropaganda at gmail.com
Sat Sep 24 01:24:59 UTC 2011
You are correct in requiring this. It is actually now a security risk as pointed out by Mark Jaquith in a blog post. You can link to this post if you like:
http://markjaquith.wordpress.com/2009/09/21/php-server-vars-not-safe-in-forms-or-links/
Regards,
Tyler Cunningham | Founder, COO - CyberChimps LLC (http://CyberChimps.com/)
@tylerbcunning (http://twitter.com/tylerbcunning)
http://gplus.to/tylercunningham
http://linkedin.com/in/tylerbcunningham
tyler at cyberchimps.com (mailto:tyler at cyberchimps.com)
On Friday, September 23, 2011 at 6:23 PM, Vicky Arulsingam wrote:
> I'm seeking clarification regarding the use of:
>
> if ( 'comments.php' == basename($_SERVER['SCRIPT_FILENAME']) )
> die ( 'Please do not load this page directly. Thanks.' );
>
> I've been requiring that themes not include this. Am I correct in doing so or is the removal merely a recommendation?
>
> -----
> Vicky Arulsingam
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org (mailto:theme-reviewers at lists.wordpress.org)
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110923/76fb6334/attachment.htm>
More information about the theme-reviewers
mailing list