Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid redefining DISALLOW_FILE_EDIT #726

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

joshuafredrickson
Copy link

Some security plugins will automatically edit wp-config.php and then throw an error:

Fatal error: Uncaught Roots\WPConfig\Exceptions\ConstantAlreadyDefinedException:
Aborted trying to redefine constant 'DISALLOW_FILE_EDIT'.
`define('DISALLOW_FILE_EDIT', ...)` has already been occurred elsewhere.

I know this happens with at least two plugins:

  • Solid Security Pro (occurs automatically upon activation)
  • Sucuri Security (occurs when option is activated in settings)

Of course, adding these constants to wp-config.php in Bedrock isn't ideal, but this check at least keeps the fatal error from triggering when working with these plugins.

I'm not sold this is something that Bedrock needs to address... It's just something I've encountered a few times in the wild. I could be convinced either way.

@thedavidthomas
Copy link

+1 - Solid Security Pro (previously called iThemes Security Pro) user here.
I have been doing this programatically immediately after creating a bedrock project since DISALLOW_FILE_EDIT is added automatically to wp-config.php on activation.

@andronocean
Copy link

I don't think I like this idea. The point of throwing the exception is that you ought to know — very quickly — if constants are getting defined in multiple places. if (!defined('DISALLOW_FILE_EDIT')) would also skip the definition if define('DISALLOW_FILE_EDIT', false) was added — in which case one's site is now wide open to admin editing without anyone knowing about it.

It seems to me the security plugins are "doing it wrong", and should be checking whether the constant is already defined before modifying wp-config.php.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants