#4801 closed defect (bug) (maybelater)
Template partials should not be publicly accessible
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | low | |
| Component: | General | Keywords: | seo analytics |
| Cc: |
Description (last modified by )
Requests to https://wordpress.org/ URLs ending in header.php or footer.php return template partials.
E.g., https://wordpress.org/plugins/classic-editor/header.php.
These types of requests should return normal behaviour for these URLs (usually a 404 response).
Change History (6)
#4
@
5 years ago
That's terrifying ;)
Can we prevent direct browser access to it, and force/return a 404?
#5
@
5 years ago
- Resolution set to wontfix
- Status changed from new to closed
Unfortunately, no. Not without breaking the way that trac and the codex work.
I'm going to mark this as wontfix for now, but maybe in the future when we have a different type of integration with these systems then we will be able to not have these accessible from outside, as it were.
Note: See
TracTickets for help on using
tickets.
This functionality is actually intentional in many parts of WordPress.org, it's expected that header.php is accessible directly due to the mismatch of systems we run.