General: Stop direct loading of files in /wp-includes that should only be included.

This changeset restricts direct access call in `/wp-includes` and its sub directories. Follow-up to [11768], [59678]. Props deepakrohilla. Fixes #61314. Built from https://develop.svn.wordpress.org/trunk@59688 git-svn-id: http://core.svn.wordpress.org/trunk@59030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2025-02-15 03:51:43 +01:00 · 2025-01-22 19:48:25 +00:00 · 2025-01-22 19:48:25 +00:00 · 692f6d4b9e
commit 692f6d4b9e
parent 67b029cbc1
19 changed files with 91 additions and 1 deletions
--- a/wp-includes/class-IXR.php
+++ b/wp-includes/class-IXR.php
@ -39,6 +39,11 @@
 * @license    http://www.opensource.org/licenses/bsd-license.php BSD
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 require_once ABSPATH . WPINC . '/IXR/class-IXR-server.php';

 require_once ABSPATH . WPINC . '/IXR/class-IXR-base64.php';
--- a/wp-includes/class-wp-customize-control.php
+++ b/wp-includes/class-wp-customize-control.php
@ -7,6 +7,11 @@
 * @since 3.4.0
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
 * Customize Control class.
 *
--- a/wp-includes/class-wp-customize-panel.php
+++ b/wp-includes/class-wp-customize-panel.php
@ -7,6 +7,11 @@
 * @since 4.0.0
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
 * Customize Panel class.
 *
--- a/wp-includes/class-wp-customize-setting.php
+++ b/wp-includes/class-wp-customize-setting.php
@ -7,6 +7,11 @@
 * @since 3.4.0
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
 * Customize Setting class.
 *
--- a/wp-includes/class-wp-http.php
+++ b/wp-includes/class-wp-http.php
@ -7,6 +7,11 @@
 * @since 2.7.0
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 if ( ! class_exists( 'WpOrg\Requests\Autoload' ) ) {
 	require ABSPATH . WPINC . '/Requests/src/Autoload.php';

--- a/wp-includes/class-wp-simplepie-sanitize-kses.php
+++ b/wp-includes/class-wp-simplepie-sanitize-kses.php
@ -7,6 +7,11 @@
 * @since 4.7.0
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
 * Core class used to implement SimplePie feed sanitization.
 *
--- a/wp-includes/class-wp-text-diff-renderer-table.php
+++ b/wp-includes/class-wp-text-diff-renderer-table.php
@ -7,6 +7,11 @@
 * @since 4.7.0
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
 * Table renderer to display the diff lines.
 *
--- a/wp-includes/default-filters.php
+++ b/wp-includes/default-filters.php
@ -23,6 +23,11 @@
 * @package WordPress
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 // Strip, trim, kses, special chars for string saves.
 foreach ( array( 'pre_term_name', 'pre_comment_author_name', 'pre_link_name', 'pre_link_target', 'pre_link_rel', 'pre_user_display_name', 'pre_user_first_name', 'pre_user_last_name', 'pre_user_nickname' ) as $filter ) {
 	add_filter( $filter, 'sanitize_text_field' );
--- a/wp-includes/default-widgets.php
+++ b/wp-includes/default-widgets.php
@ -7,6 +7,11 @@
 * @since 2.8.0
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /** WP_Widget_Pages class */
 require_once ABSPATH . WPINC . '/widgets/class-wp-widget-pages.php';

--- a/wp-includes/feed-atom.php
+++ b/wp-includes/feed-atom.php
@ -5,6 +5,11 @@
 * @package WordPress
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 header( 'Content-Type: ' . feed_content_type( 'atom' ) . '; charset=' . get_option( 'blog_charset' ), true );
 $more = 1;

--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@ -5,6 +5,11 @@
 * @package WordPress
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 require ABSPATH . WPINC . '/option.php';

 /**
--- a/wp-includes/media.php
+++ b/wp-includes/media.php
@ -6,6 +6,11 @@
 * @subpackage Media
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
 * Retrieves additional image sizes.
 *
--- a/wp-includes/ms-blogs.php
+++ b/wp-includes/ms-blogs.php
@ -8,6 +8,11 @@
 * @since MU (3.0.0)
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 require_once ABSPATH . WPINC . '/ms-site.php';
 require_once ABSPATH . WPINC . '/ms-network.php';

--- a/wp-includes/ms-settings.php
+++ b/wp-includes/ms-settings.php
@ -10,6 +10,11 @@
 * @since 3.0.0
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
 * Objects representing the current network and current site.
 *
--- a/wp-includes/nav-menu-template.php
+++ b/wp-includes/nav-menu-template.php
@ -7,6 +7,11 @@
 * @since 3.0.0
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /** Walker_Nav_Menu class */
 require_once ABSPATH . WPINC . '/class-walker-nav-menu.php';

--- a/wp-includes/update.php
+++ b/wp-includes/update.php
@ -6,6 +6,11 @@
 * @since 2.3.0
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 /**
 * Checks WordPress version against the newest version.
 *
--- a/wp-includes/vars.php
+++ b/wp-includes/vars.php
@ -15,6 +15,11 @@
 * @package WordPress
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 global $pagenow,
 	$is_lynx, $is_gecko, $is_winIE, $is_macIE, $is_opera, $is_NS4, $is_safari, $is_chrome, $is_iphone, $is_IE, $is_edge,
 	$is_apache, $is_IIS, $is_iis7, $is_nginx, $is_caddy;
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -16,7 +16,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '6.8-alpha-59687';
+$wp_version = '6.8-alpha-59688';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
--- a/wp-includes/wp-diff.php
+++ b/wp-includes/wp-diff.php
@ -8,6 +8,11 @@
 * @subpackage Diff
 */

+// Don't load directly.
+if ( ! defined( 'ABSPATH' ) ) {
+	die( '-1' );
+}
+
 if ( ! class_exists( 'Text_Diff', false ) ) {
 	/** Text_Diff class */
 	require ABSPATH . WPINC . '/Text/Diff.php';