General: Stop direct loading of files in /wp-includes that should only be included.

audrasjb · audrasjb · commit 4210d509599c · 2025-01-22T19:46:16.000Z
This changeset restricts direct access call in `/wp-includes` and its sub directories. Follow-up to [11768], [59678]. Props deepakrohilla. Fixes #61314. git-svn-id: https://develop.svn.wordpress.org/trunk@59688 602fd350-edb4-49c9-b593-d223f7449a82
diff --git a/src/wp-includes/class-IXR.php b/src/wp-includes/class-IXR.php
@@ -39,6 +39,11 @@
  * @license    http://www.opensource.org/licenses/bsd-license.php BSD
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 require_once ABSPATH . WPINC . '/IXR/class-IXR-server.php';
 
 require_once ABSPATH . WPINC . '/IXR/class-IXR-base64.php';
diff --git a/src/wp-includes/class-wp-customize-control.php b/src/wp-includes/class-wp-customize-control.php
@@ -7,6 +7,11 @@
  * @since 3.4.0
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
  * Customize Control class.
  *
diff --git a/src/wp-includes/class-wp-customize-panel.php b/src/wp-includes/class-wp-customize-panel.php
@@ -7,6 +7,11 @@
  * @since 4.0.0
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
  * Customize Panel class.
  *
diff --git a/src/wp-includes/class-wp-customize-setting.php b/src/wp-includes/class-wp-customize-setting.php
@@ -7,6 +7,11 @@
  * @since 3.4.0
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
  * Customize Setting class.
  *
diff --git a/src/wp-includes/class-wp-http.php b/src/wp-includes/class-wp-http.php
@@ -7,6 +7,11 @@
  * @since 2.7.0
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 if ( ! class_exists( 'WpOrg\Requests\Autoload' ) ) {
 	require ABSPATH . WPINC . '/Requests/src/Autoload.php';
 
diff --git a/src/wp-includes/class-wp-simplepie-sanitize-kses.php b/src/wp-includes/class-wp-simplepie-sanitize-kses.php
@@ -7,6 +7,11 @@
  * @since 4.7.0
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
  * Core class used to implement SimplePie feed sanitization.
  *
diff --git a/src/wp-includes/class-wp-text-diff-renderer-table.php b/src/wp-includes/class-wp-text-diff-renderer-table.php
@@ -7,6 +7,11 @@
  * @since 4.7.0
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
  * Table renderer to display the diff lines.
  *
diff --git a/src/wp-includes/default-filters.php b/src/wp-includes/default-filters.php
@@ -23,6 +23,11 @@
  * @package WordPress
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 // Strip, trim, kses, special chars for string saves.
 foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) {
 	add_filter( $filter, 'sanitize_text_field' );
diff --git a/src/wp-includes/default-widgets.php b/src/wp-includes/default-widgets.php
@@ -7,6 +7,11 @@
  * @since 2.8.0
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /** WP_Widget_Pages class */
 require_once ABSPATH . WPINC . '/widgets/class-wp-widget-pages.php';
 
diff --git a/src/wp-includes/feed-atom.php b/src/wp-includes/feed-atom.php
@@ -5,6 +5,11 @@
  * @package WordPress
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 header( 'Content-Type: ' . feed_content_type( 'atom' ) . '; charset=' . get_option( 'blog_charset' ), true );
 $more = 1;
 
diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
@@ -5,6 +5,11 @@
  * @package WordPress
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 require ABSPATH . WPINC . '/option.php';
 
 /**
diff --git a/src/wp-includes/media.php b/src/wp-includes/media.php
@@ -6,6 +6,11 @@
  * @subpackage Media
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
  * Retrieves additional image sizes.
  *
diff --git a/src/wp-includes/ms-blogs.php b/src/wp-includes/ms-blogs.php
@@ -8,6 +8,11 @@
  * @since MU (3.0.0)
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 require_once ABSPATH . WPINC . '/ms-site.php';
 require_once ABSPATH . WPINC . '/ms-network.php';
 
diff --git a/src/wp-includes/ms-settings.php b/src/wp-includes/ms-settings.php
@@ -10,6 +10,11 @@
  * @since 3.0.0
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
  * Objects representing the current network and current site.
  *
diff --git a/src/wp-includes/nav-menu-template.php b/src/wp-includes/nav-menu-template.php
@@ -7,6 +7,11 @@
  * @since 3.0.0
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /** Walker_Nav_Menu class */
 require_once ABSPATH . WPINC . '/class-walker-nav-menu.php';
 
diff --git a/src/wp-includes/update.php b/src/wp-includes/update.php
@@ -6,6 +6,11 @@
  * @since 2.3.0
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
  * Checks WordPress version against the newest version.
  *
diff --git a/src/wp-includes/vars.php b/src/wp-includes/vars.php
@@ -15,6 +15,11 @@
  * @package WordPress
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 global $pagenow,
 	$is_lynx, $is_gecko, $is_winIE, $is_macIE, $is_opera, $is_NS4, $is_safari, $is_chrome, $is_iphone, $is_IE, $is_edge,
 	$is_apache, $is_IIS, $is_iis7, $is_nginx, $is_caddy;
diff --git a/src/wp-includes/wp-diff.php b/src/wp-includes/wp-diff.php
@@ -8,6 +8,11 @@
  * @subpackage Diff
  */
 
+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 if ( ! class_exists( 'Text_Diff', false ) ) {
 	/** Text_Diff class */
 	require ABSPATH . WPINC . '/Text/Diff.php';
