Edit: This post has moved to here: http://ottopress.com/2010/dont-include-wp-load-please/. Take your comments there.
Time for Otto’s general griping: WordPress plugin programming edition.
Here’s a practice I see in plugins far too often:
- Plugin.php file adds something like this to the wp_head:
<script src='http://example.com/wp-content/plugins/my-plugin/script.js.php'>
- Script.js.php has code like the following:
<?php include "../../../wp-load.php"; ?> ... javascript code ...
The reason for this sort of thing is that there’s some option or code or something that the javascript needs from the database or from WordPress or whatever. This PHP file is, basically, generating the javascript on the fly.
Usually, the case for this turns out to be something minor. The code needs the value from an option, or some flag to turn it on or off. Or whatever.
Problem is that finding wp-load.php can be a bit of a chore. I’ve seen extreme efforts to find and load that file in plugins before, including searching for it, examining the directory structure to make decent guesses, etc. This sort of thing has existed even before wp-load.php came around, with people trying to load wp-config.php themselves and such.
But the real problem is simpler: This is always the wrong way to do it.
Continue reading “Don't include wp-load, please.”