KamiCasi
commented
3 weeks ago bei allen php files außer den templates an den Anfang gepackt 617432bbe64f0f75b1f74e851fc16af16a9ea0f1
Closed JonathanPultz closed 1 week ago
KamiCasi
commented
3 weeks ago bei allen php files außer den templates an den Anfang gepackt 617432bbe64f0f75b1f74e851fc16af16a9ea0f1
Direct file access is when someone directly queries your file. This can be done by simply entering the complete path to the file in the URL bar of the browser but can also be done by doing a POST request directly to the file. For files that only contain a PHP class the risk of something funky happening when directly accessed is pretty small. For files that contain procedural code, functions and function calls, the chance of security risks is a lot bigger.
You can avoid this by putting this code at the top of all PHP files that could potentially execute code if accessed directly : if ( ! defined( 'ABSPATH' ) ) exit; // Exit if accessed directly
Example(s) from your plugin:
ticket-hub/shortcodes/th-ticket-sc.php:3 ticket-hub/shortcodes/th-faqs-sc.php:3 ticket-hub/post-types/th-document-pt.php:3 ticket-hub/includes/th-page-settings.php:181 ticket-hub/shortcodes/th-profile-sc.php:3 ticket-hub/post-types/th-change-pt.php:3 ticket-hub/shortcodes/th-form-sc.php:3 ticket-hub/shortcodes/th-documentation-sc.php:3
... out of a total of 15 incidences.