Prevent direct access to all PHP files#182
Merged
Conversation
|
Test on Playground |
Add ABSPATH check to all PHP files in inc/ and admin/ to prevent direct file access outside of WordPress. Guard is placed after namespace/use statements in namespaced files (PHP requires namespace to be the first statement). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
jdevalk
force-pushed
the
fix/prevent-direct-access
branch
from
6040a84 to
9335924
Compare
🔍 WordPress Plugin Check Report
📊 Report
❌ Errors (1)📁 readme.txt (1 error)
|
| 📍 Line | 🔖 Check | 💬 Message |
|---|---|---|
0 |
textdomain_mismatch | The "Text Domain" header in the plugin file does not match the slug. Found "yoast-comment-hacks", expected "comment-hacks". |
🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check
PHPStan cannot resolve `use` imports in non-namespaced view files, so the `@var` tag needs the FQCN. Removed the now-unused `use Admin` import and added a phpcs:disable for the FQCN rule. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Update composer/installers to ^2.3.0, php-stubs/wordpress-stubs to v6.9.1, and szepeviktor/phpstan-wordpress to v2.0.3 to fix PHP 8.4 deprecation notices. Also add PHPStan requirement to CLAUDE.md. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Composer package changes
|
The WordPress Plugin Check doesn't recognize \defined('ABSPATH') as
a valid direct access guard. Use defined() without the backslash and
add phpcs:ignore for the PHPCS rule that requires fully qualified
global functions. Also move guards before use statements, add guard
to comment-hacks.php, and add CLAUDE.md to .distignore.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
if ( ! defined( 'ABSPATH' ) ) { exit; }guard to all 15 PHP files ininc/andadmin/\defined()(fully qualified) in namespaced files per PHPCS rulesFiles changed
inc/autoload.phpinc/hacks.phpinc/clean-emails.phpinc/forms.phpinc/notifications.phpinc/email-links.phpinc/length.phpinc/progress-planner-tasks.phpinc/progress-planner/comment-moderation.phpinc/progress-planner/comment-policy.phpinc/progress-planner/comment-redirect.phpadmin/admin.phpadmin/comment-parent.phpadmin/views/config-page.phpadmin/views/comment-parent-box.phpTest plan
🤖 Generated with Claude Code