Open kalenjohnson opened 8 years ago
For the moment, I've added a hook to admin_init
with this code:
if ( ! defined('WP_USE_THEMES')) {
define('WP_USE_THEMES', false);
}
These lines were removed from the Stripe webhook, but there are still a few other places where we have code like this in case files are accessed directly (which shouldn't be done, but was support for reverse compatibility from when cron jobs/webhooks/etc might have been setup against these.
It has been many years and we can consider getting rid of these wherever they come up. This issue will track that work.
There is another issue to convert Braintree to use admin-ajax.php instead of a direct hit of the php file, but I'm not sure if Braintree will work that way (there was an odd header error). But in other cases we should be able to remove these lines.
The Stripe and Braintree issues should be fixed now.
I still think the best course of action is to leave the wp-load.php stuff in for backwards compatibility until the v2.0 release, which has no ETA but is the release we plan to do all of our backwards compatibility breaking stuff.
We didn't remove these lines in version 2.0.
If we did, users who setup Braintree before we changed the webhook URL will have their webhooks break. We should have some kind of detection for this in place before we remove the lines.
Stripe has a way through the API to setup their webhook through the API https://github.com/strangerstudios/paid-memberships-pro/issues/922
We're just figuring out the best time/way to do that. We don't want to add an extra API check that runs too often. A generic solution that works for all gateways (at least in how the last of webhook is display) would be useful too.
https://github.com/strangerstudios/paid-memberships-pro/blob/dev/services/stripe-webhook.php#L13-L17
^ This section is running with the webhook that is supposed to be used for Stripe: http://www.paidmembershipspro.com/gateway/stripe/
This is another issue if WP is installed in a sub directory. Either it needs to also check for
DOING_AJAX
, or if it's not called directly, that whole statement should go, imo.