[wp-trac] [WordPress Trac] #43308: Require authentication for load-scripts.php and load-styles.php
WordPress Trac
noreply at wordpress.org
Wed Feb 14 11:14:45 UTC 2018
#43308: Require authentication for load-scripts.php and load-styles.php
---------------------------+------------------------------
Reporter: youngcp | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Script Loader | Version: 4.9.4
Severity: normal | Resolution:
Keywords: has-patch | Focuses:
---------------------------+------------------------------
Comment (by azaozz):
I also don't think loading `admin.php` is a good idea. This basically
loads all of WordPress. The point of having `load-scripts.php` and `load-
styles.php` is to '''not''' load WordPress three times on every page load.
That's why they use a whitelist to process only registered scripts and
stylesheets.
As @Clorith points out, there are better ways to prevent malicious use of
the loading mechanism. Also, loading default scripts and styles has to
work for non-authenticated users on the front-end.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43308#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list