[theme-reviewers] Direct access prevention in comments.php - required or recommended?
Tyler Cunningham
seizedpropaganda at gmail.com
Mon Sep 26 21:10:21 UTC 2011
Sorry to resurrect this thread but is the consensus now that this line does not need to be removed? I apologize if I submitted faulty information before, I was simply going off what I witnessed another reviewer marking as required in their reviews (which is when I started doing it myself). I am getting the impression that this line does not need to be removed like I originally thought, am I correct in that assumption?
Thanks.
Regards,
Tyler Cunningham | Founder, COO - CyberChimps LLC (http://CyberChimps.com/)
@tylerbcunning (http://twitter.com/tylerbcunning)
http://gplus.to/tylercunningham
http://linkedin.com/in/tylerbcunningham
tyler at cyberchimps.com (mailto:tyler at cyberchimps.com)
On Sunday, September 25, 2011 at 2:40 AM, Mike Little wrote:
> Oops, accidently pressed send...
>
> This line has also been in every version of WordPress since 0.7
> Historically, the file wp-comments.php used to be in the root of the WordPress directory (i.e. in the same place as wp-config.php.
>
> And was probably instigated as it was one of the few files that would produce output if requested directly. The line protects against that.
>
> Even when the theme files moved into their own directory in 1.5 the default (Kubrick), copeid the same code. Intrerestingly, classic dropped it.
> In reality we should be cautious of any files that can produce output if requested directly, especially if they might produce errors. As this can be a source of information leak, and thus indirectly a security risk.
>
> Mike--
> Mike Little
> http://zed1.com/
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org (mailto:theme-reviewers at lists.wordpress.org)
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110926/352d32cb/attachment-0001.htm>
More information about the theme-reviewers
mailing list