direct_file_access false positives for template files #1148
Description
Hi, I have the following PHP file in my plugin that is meant to be directly executed:
<?php get_header(); ?>
<?php
if ( ! isUserLoggedIn() ) {
?>
<div class="wp-core-ui" style="text-align: center;">
<a class="button button-primary button-hero button-skautis" href="<?php echo esc_url( getSkautisRegisterUrl() ); ?>">
<?php esc_html_e( 'Log in with skautIS', 'skautis-integration' ); ?>
</a>
</div>
<?php
} else {
?>
<div style="text-align: center;">
<strong>Jste přihlášeni ve skautISu</strong>
<br/>
<a class="button" href="<?php echo esc_url( getSkautisLogoutUrl() ); ?>">
<?php esc_html_e( 'Log out of skautIS', 'skautis-integration' ); ?>
</a>
</div>
<?php
}
?>
<?php get_sidebar(); ?>
<?php get_footer(); ?>This file is quite clearly meant to be directly executed, but it still gets flagged by direct_file_access.
My take would be to mark as OK any files that contain any HTML outside PHP - that only works if you directly access the file...