[wp-trac] [WordPress Trac] #53271: How to stop direct access wp-includes files

WordPress Trac noreply at wordpress.org
Tue May 25 05:37:49 UTC 2021


#53271: How to stop direct access wp-includes files
----------------------------+-----------------------------
 Reporter:  classicalrehan  |      Owner:  (none)
     Type:  defect (bug)    |     Status:  new
 Priority:  normal          |  Milestone:  Awaiting Review
Component:  I18N            |    Version:  5.7.1
 Severity:  critical        |   Keywords:
  Focuses:                  |
----------------------------+-----------------------------
 Hi Team,

 I am getting 500 error due to WordPress loopholes,
 if someone trying to access directly this file then it's generating 500
 error because in these below file wp extend another class "Walker" without
 checking ABSPATH

 if ( ! defined( 'ABSPATH' ) ) {
         exit; // Exit if accessed directly
     }

 File: wp-includes/class-walker-nav-menu.php
 File: wp-includes/class-walker-comment.php
 File: wp-includes/class-walker-category-dropdown.php

 The walker class include in wp via wp-settings.php but in my case user are
 directly access file

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/53271>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list