Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[create-block] Add ABSPATH check #55533

Merged

Conversation

KevinBatdorf
Copy link
Contributor

@KevinBatdorf KevinBatdorf commented Oct 22, 2023

What?

This PR adds the direct file access call to the create-block stub files. This impacts users that run npx @wordpress/create-block my-plugin

Why?

To prevent direct access to the file by default.

(I was also reminded by the plugin team a recent submission of mine was missing it)

How?

Added the following to the /plugin-name.php stub files

if ( ! defined( 'ABSPATH' ) ) {
	exit; // Exit if accessed directly.
}

I know there are many ways to write this code, so I arbitrarily picked one I've seen in a core project (performance plugin)

(edit) Technically I think defined( 'ABSPATH' ) or exit; would actually be the fastest given the the NOT opcode call is not there, but arguably it's less readable code for newer devs.

Alternatives in core:

https://github.com/WordPress/gutenberg/blob/trunk/lib/demo.php#L8

if ( ! defined( 'ABSPATH' ) ) {
	die( 'Silence is golden.' );
}

https://github.com/WordPress/gutenberg/blob/trunk/lib/demo.php#L8

if ( ! defined( 'ABSPATH' ) ) {
	die();
}

https://github.com/WordPress/WordPress/blob/master/wp-includes/rss-functions.php#L9

if ( ! defined( 'ABSPATH' ) ) {
	exit();
}

https://github.com/WordPress/WordPress/blob/master/wp-admin/admin-footer.php#L10

if ( ! defined( 'ABSPATH' ) ) {
	die( '-1' );
}

Health Check:

https://github.com/WordPress/health-check/blob/trunk/pages/site-status.php#L9

if ( ! defined( 'ABSPATH' ) ) {
	die( 'We\'re sorry, but you can not directly access this file.' );
}

Performance plugin:

https://github.com/WordPress/performance/blob/trunk/modules/images/webp-uploads/can-load.php#L9

if ( ! defined( 'ABSPATH' ) ) {
	exit; // Exit if accessed directly.
}

Some others I've seen in the wild

if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
defined('ABSPATH') or die;
defined( 'ABSPATH' ) || exit;

@github-actions
Copy link

Warning: Type of PR label error

To merge this PR, it requires exactly 1 label indicating the type of PR. Other labels are optional and not being checked here.

  • Type-related labels to choose from: [Type] Automated Testing, [Type] Breaking Change, [Type] Bug, [Type] Build Tooling, [Type] Code Quality, [Type] Copy, [Type] Developer Documentation, [Type] Enhancement, [Type] Experimental, [Type] Feature, [Type] New API, [Type] Task, [Type] Performance, [Type] Project Management, [Type] Regression, [Type] Security, [Type] WP Core Ticket, Backport from WordPress Core.
  • Labels found: .

Read more about Type labels in Gutenberg.

Copy link
Member

@gziolo gziolo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It makes perfect sense. Thank you so much for improving the templates based on your experience to meet best practices ❤️

@gziolo gziolo enabled auto-merge (squash) October 22, 2023 11:43
@gziolo gziolo disabled auto-merge October 22, 2023 21:13
@gziolo gziolo merged commit 2788a9c into WordPress:trunk Oct 22, 2023
47 of 50 checks passed
@github-actions github-actions bot added this to the Gutenberg 17.0 milestone Oct 22, 2023
@KevinBatdorf KevinBatdorf deleted the create-block/add-direct-access-exit branch October 22, 2023 21:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants