Description
PHP files that contain only a class definition and require_once statements (to load parent/dependency classes) are incorrectly flagged with missing_direct_file_access_protection. These files have no top-level executable code and are genuinely safe for direct access, so the error is a false positive.
Steps to reproduce
Create a PHP file in a plugin with only a require_once statement and a class definition:
<?php
require_once __DIR__ . '/class-parent.php';
class My_Class extends Parent_Class {
// ...
}
Run wp plugin check <slug> — the file is flagged with missing_direct_file_access_protection.
Expected behaviour
No error. The file contains no executable code and is safe for direct access.
Actual behaviour
missing_direct_file_access_protection error is reported at line 0.
Disclaimer: Claude was used to investigate this and write the issue. I verified its outputs.
Description
PHP files that contain only a class definition and
require_oncestatements (to load parent/dependency classes) are incorrectly flagged withmissing_direct_file_access_protection. These files have no top-level executable code and are genuinely safe for direct access, so the error is a false positive.Steps to reproduce
Create a PHP file in a plugin with only a
require_oncestatement and a class definition:Run
wp plugin check <slug>— the file is flagged withmissing_direct_file_access_protection.Expected behaviour
No error. The file contains no executable code and is safe for direct access.
Actual behaviour
missing_direct_file_access_protectionerror is reported at line 0.Disclaimer: Claude was used to investigate this and write the issue. I verified its outputs.