[wp-trac] [WordPress Trac] #55067: Use of undefined constant ABSPATH - assumed 'ABSPATH' as of WP5.9
WordPress Trac
noreply at wordpress.org
Thu Feb 3 20:39:50 UTC 2022
#55067: Use of undefined constant ABSPATH - assumed 'ABSPATH' as of WP5.9
-------------------------+-----------------------------
Reporter: maveloweb | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 5.9
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
Having to sift through unnecessary WP error_log(s). They result from
wannabe-hackers trying to find exploits by requesting various WP files
directly.
One example, though it's occurring in multiple folders, creating
'error_log' files in each directory...
[02-Feb-2022 18:25:07 UTC] PHP Warning: Use of undefined constant ABSPATH
- assumed 'ABSPATH' (this will throw an Error in a future version of PHP)
in wp-includes/class-wp-http.php on line 11
{{{#!php
if ( ! class_exists( 'Requests' ) ) {
require ABSPATH . WPINC . '/class-requests.php';
Requests::register_autoloader();
Requests::set_certificate_path( ABSPATH . WPINC . '/certificates
/ca-bundle.crt' );
}
}}}
Simple fix...
{{{#!php
if ( defined('ABSPATH') && ! class_exists( 'Requests' ) ) {
}}}
Other files such as 'wp-includes/blocks/index.php' are also adding to the
error logs since ABSPATH is not examined prior to use. Another easy fix,
near the top of the script...
{{{#!php
defined('ABSPATH') || exit;
}}}
While this is not technically a WP bug, it would improve operator ability
to focus on legitimate problems if unnecessary entries were not being
added to error_log in multiple directories.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55067>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list