Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allowing Direct File Access to plugin files #9

Closed
emanuellopess opened this issue Jan 2, 2024 · 0 comments · Fixed by #10
Closed

Allowing Direct File Access to plugin files #9

emanuellopess opened this issue Jan 2, 2024 · 0 comments · Fixed by #10
Assignees
@emanuellopess
Labels
bug Something isn't working

Comments

@emanuellopess
Copy link
Collaborator

Direct file access is when someone directly queries your file. This can be done by simply entering the complete path to the file in the URL bar of the browser but can also be done by doing a POST request directly to the file. For files that only contain a PHP class the risk of something funky happening when directly accessed is pretty small. For files that contain procedural code, functions and function calls, the chance of security risks is a lot bigger.

You can avoid this by putting this code at the top of all PHP files that could potentially execute code if accessed

if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly

fee-recovery-for-givewp/public/partials/fee-recovery-for-givewp-public-display.php:14
@emanuellopess emanuellopess added the bug Something isn't working label Jan 2, 2024
@emanuellopess emanuellopess self-assigned this Jan 2, 2024
emanuellopess added a commit that referenced this issue Jan 2, 2024
@emanuellopess
fix: Avoid direct access to PHP files #9
91a0f3a
@emanuellopess emanuellopess linked a pull request Jan 2, 2024 that will close this issue
1.1.2 Fix security issues and plugin refactor #10
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emanuellopess emanuellopess

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

1.1.2 Fix security issues and plugin refactor LinkNacional/fee-recovery-for-givewp
1 participant
@emanuellopess