Do not include wp-load.php directly

Supertext / polylang-supertext

Supertext Plugin for the Wordpress Polylang Multilingual Add-On

7 stars 3 forks source link

Do not include wp-load.php directly #2

Closed swissspidy closed 8 years ago

swissspidy commented 8 years ago

The file resources/scripts/api/callback.php references the wp-load.php directly, which doesn't work at all cases, e.g. when WordPress is installed in a sub folder (i.e. http://example.com/wp/, but still called via http://example.com/. Using ../../../../../../wp-load.php is a wrong assumption.

Code in question: https://github.com/Supertext/polylang-supertext/blob/08f235e3e4ca41de644ee785196a208482cadadb/resources/scripts/api/callback.php#L3

More information about this:

Both posts demonstrate some alternatives, but a quick glance at the code seems to show that using admin-ajax.php or the REST API might be the better approach here.

rblaettler commented 8 years ago

Hey swisspidy We'll fix this as soon as possible. Thanks a lot for the hints. We'll keep you posted about the changes.

grappler commented 8 years ago

The loading of wp-admin/admin.php is affected in the same way in polylang-supertext/resources/scripts/api/ajax.php and polylang-supertext/views/backend/offer.php. A better way would be require_once(ABSPATH . 'wp-admin/admin.php');

swissspidy commented 8 years ago

I do not see any polylang-supertext/resources/scripts/api/ajax.php file here in the repository, but doing require_once(ABSPATH . 'wp-admin/admin.php'); to create a custom Ajax endpoint shouldn't be done either.

grappler commented 8 years ago

Maybe it was not deleted when committing the latest code on w.org https://plugins.svn.wordpress.org/polylang-supertext/trunk/resources/scripts/api/ajax.php

hmuralt commented 8 years ago

We’ve fixed the issue. We are using admin-ajax.php as callback URL now.

93a40c11f53874e2d85fbc836940383e47f970c8

polylang-supertext/resources/scripts/api/ajax.php and polylang-supertext/views/backend/offer.php have been removed. But apparently, it didn’t sync correctly with the WordPress SVN. Thanks for the feedbacks.

swissspidy commented 8 years ago

Thank you very much for resolving this so quickly!

Is there any ETA for a new release on WordPress.org?

hmuralt commented 8 years ago

You're welcome. The release is now available on WordPress.org.