[wp-trac] [WordPress Trac] #41572: Twenty Seventeen 'Call to undefined function get_template_part()'
WordPress Trac
noreply at wordpress.org
Sun Aug 6 17:33:53 UTC 2017
#41572: Twenty Seventeen 'Call to undefined function get_template_part()'
---------------------------+------------------------------
Reporter: laserjobs | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Bundled Theme | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
---------------------------+------------------------------
Comment (by laserjobs):
Got it, thanks. I was just thinking this could be abused due to the
default naming across all WP sites.
Replying to [comment:2 knutsp]:
> This the expected behaviour if the folder `wp-content` is not protected
from running `.php` files directy. This affects not only these Twenty
Seventeen templates, but all php files in all installed themes and
plugins. WordPress core isn't even loaded.
>
> WordPress could add a protection at the top of all php files in the
standard themes, but has quite deliberately not done so. It wouldn't
eliminate the errors you see in the logs.
>
> A few plugins I know use this at the top of the files:
>
> {{{
> defined( 'ABSPATH' ) || exit;
> }}}
>
>
> I use something like this in a `/wp-content/.htacces` file:
>
> {{{
> Order deny,allow
> Deny from all
> <Files ~
".(xml|css|jpe?g|png|gif|js|eot|ttf|woff|svg|pdf|doc|docx|xls|xlsx)$">
> Allow from all
> }}}
>
> The requirements here will be different from server to server, and from
installation to installation. It's in it's nature a ''server issue'' when
running php applications in general, not a WordPress core issue (IMO). At
least until there is a way to handle this safely for all environments at
installation time.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/41572#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list