[wp-trac] [WordPress Trac] #11059: Discourage plugin authors calling wp-config.php directly
WordPress Trac
wp-trac at lists.automattic.com
Thu Nov 5 15:20:33 UTC 2009
#11059: Discourage plugin authors calling wp-config.php directly
-------------------------+--------------------------------------------------
Reporter: strider72 | Owner:
Type: enhancement | Status: reopened
Priority: normal | Milestone:
Component: General | Version: 2.9
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+--------------------------------------------------
Comment(by strider72):
Westi --
Regarding new installs, that's true (to an extent), but such reasoning
precludes a whole lot of improvements that have gone into WP in the past.
We've added security keys, for example, that don't magically add
themselves to existing installs. Personally, I from time to time look at
the new sample config to see if just such things have been added.
As for "only clued-in coders will activate WP_DEBUG": It certainly won't
catch all cases, but...
1) It will catch some. You could argue that clueless coders won't sign up
for wp-hackers either, but how many people on that list didn't know about
not loading these files?
2) Couldn't hurt, since it doesn't run unless someone does exactly what
you say they'll never do. ;-)
3) Even in cases where it doesn't run, a lot of coders will *read* the
message directly in the code and say "Really?" and pursue other info. I'm
strongly for putting a URL in there saying where to go for more info, I
just didn't know what URL to put in.
That's all I really have to say about it. I personally think it's a
decent idea; but if you really hate it, close it again and I won't
argue.... :-\
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11059#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list