[wp-trac] [WordPress Trac] #43308: Require authentication for load-scripts.php and load-styles.php

WordPress Trac noreply at wordpress.org
Wed Feb 14 11:14:45 UTC 2018


#43308: Require authentication for load-scripts.php and load-styles.php
---------------------------+------------------------------
 Reporter:  youngcp        |       Owner:
     Type:  enhancement    |      Status:  new
 Priority:  normal         |   Milestone:  Awaiting Review
Component:  Script Loader  |     Version:  4.9.4
 Severity:  normal         |  Resolution:
 Keywords:  has-patch      |     Focuses:
---------------------------+------------------------------

Comment (by azaozz):

 I also don't think loading `admin.php` is a good idea. This basically
 loads all of WordPress. The point of having `load-scripts.php` and `load-
 styles.php` is to '''not''' load WordPress three times on every page load.
 That's why they use a whitelist to process only registered scripts and
 stylesheets.

 As @Clorith points out, there are better ways to prevent malicious use of
 the loading mechanism. Also, loading default scripts and styles has to
 work for non-authenticated users on the front-end.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/43308#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list