Support » Plugin: Contact Form by BestWebSoft » Direct access to contact_form.php triggers a 500 error

  • Resolved HerveRenault

    (@herverenault)


    Hi,

    if someone makes a direct access to GET /wp-content/plugins/contact-form-plugin/contact_form.php

    then you have an error 500 Call to undefined function add_shortcode()

    Best regards

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author bestwebsoft

    (@bestwebsoft)

    Hi,

    Plugin’s files aren’t supposed to be called directly, so this error is normal in such a case.

    Sincerely,
    BestWebSoft Support Team

    I know plugin files are not supposed to be called directly, but they are. There’s an easy fix:

    if (!defined(ABSPATH)) {
        die("No direct access, please.");
    }

    Some references:
    https://wordpress.org/support/topic/preventing-random-access-to-plugin-files/
    http://www.barrykooij.com/prevent-direct-file-access-plugin-files/

    Ooops! Sorry, missing quotes:

    if (!defined('ABSPATH')) {
        die("No direct access, please.");
    }
    Plugin Author bestwebsoft

    (@bestwebsoft)

    Hi,

    Thank you for your offer.

    Adding the checking if (!defined('ABSPATH')) prevents the executing of the code in the file if it isn’t called via WordPress core. We’d like to note that when referring to contact_form.php file, there are attempts to call functions, and they declarations also occur in the WordPress core. As a result of a direct request, you’ll receive a message “undefined function” and the code of the file won’t be executed.
    So we think that adding if (!defined('ABSPATH')) is useless since it provides the one result: the code is not executed. As for the rest, it is an unnecessary condition, executed on every page, which only slows down their work.

    Sincerely,
    BestWebSoft Support Team

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Direct access to contact_form.php triggers a 500 error’ is closed to new replies.