search

strangerstudios / paid-memberships-pro

WordPress membership plugin to restrict access to content and charge recurring subscriptions using Stripe, PayPal, and more. Fully open source. 100% GPL.
https://www.paidmembershipspro.com
Other
463 stars 358 forks source link

Loading wp-load.php #262

Open kalenjohnson opened 8 years ago

kalenjohnson commented 8 years ago

https://github.com/strangerstudios/paid-memberships-pro/blob/dev/services/stripe-webhook.php#L13-L17

^ This section is running with the webhook that is supposed to be used for Stripe: http://www.paidmembershipspro.com/gateway/stripe/

This is another issue if WP is installed in a sub directory. Either it needs to also check for DOING_AJAX, or if it's not called directly, that whole statement should go, imo.

kalenjohnson commented 8 years ago

For the moment, I've added a hook to admin_init with this code:

if ( ! defined('WP_USE_THEMES')) {
    define('WP_USE_THEMES', false);
}
strangerstudios commented 6 years ago

These lines were removed from the Stripe webhook, but there are still a few other places where we have code like this in case files are accessed directly (which shouldn't be done, but was support for reverse compatibility from when cron jobs/webhooks/etc might have been setup against these.

It has been many years and we can consider getting rid of these wherever they come up. This issue will track that work.

There is another issue to convert Braintree to use admin-ajax.php instead of a direct hit of the php file, but I'm not sure if Braintree will work that way (there was an odd header error). But in other cases we should be able to remove these lines.

ideadude commented 5 years ago

The Stripe and Braintree issues should be fixed now.

I still think the best course of action is to leave the wp-load.php stuff in for backwards compatibility until the v2.0 release, which has no ETA but is the release we plan to do all of our backwards compatibility breaking stuff.

ideadude commented 5 years ago

We didn't remove these lines in version 2.0.

https://github.com/strangerstudios/paid-memberships-pro/blob/dev/services/braintree-webhook.php#L14-L18

If we did, users who setup Braintree before we changed the webhook URL will have their webhooks break. We should have some kind of detection for this in place before we remove the lines.

Stripe has a way through the API to setup their webhook through the API https://github.com/strangerstudios/paid-memberships-pro/issues/922

We're just figuring out the best time/way to do that. We don't want to add an extra API check that runs too often. A generic solution that works for all gateways (at least in how the last of webhook is display) would be useful too.