WordPress repository forbids me call wp-load.php in non-WordPress file

2 Views

I have made a WordPress Plugin that is a kind of Download Manager. I have a external file download.php that is responsible for making downloads. This file is away of environment WordPress, for this reason I must called: 

$wp_root = dirname(dirname(dirname(dirname(__FILE__))));
require_once $wp_root.'/wp-load.php';

and I can use $wpdb for my sql query.

Read More

Note: This file must be external because I use functions “headers()” for force the download. 

header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Content-Type: ".$ctype);
header("Content-Length: ".$size);
header("Content-Disposition: attachment; filename=".$info->url_file);
header("Content-Transfer-Encoding: binary");

My plugin works great!, But when I want to publish it on the WordPress repository, they answered me that it is forbidden to directly call wp-load.php or wp-config.php

Including wp-config.php and / or wp-load.php is not a good idea and we
cannot approve a plugin that does so unless it has a very good reason
to load the file(s). It is prone to failure since not all WordPress
installs have the exact same file structure.

I don’t know that use for I can use $wpbd

This is my plugin -> http://demo.gopymes.pe/social-godownload/

Post Views: 2

Related posts

Leave a Reply

1 comment

  1. Yes, the Plugin approval team is more than right, this is not the way to do it.

    First a couple of articles from a core developer and an excellent plugin developer, where you’ll get to know why not to use wp-load.php:

    When initiating your plugin, you can define the plugin’s URL as follows:
    $plugin_url = plugins_url( '/', __FILE__ );

    And when calling your download script, you can pass the needed information in a query var, e.g., $plugin_url . 'download.php?file=FILE-URL' and $_GET it in your script.

    This is just a general outline, more details on your plugin’s logic would need to be provided if this outline is not enough. And, yes, as @AJHenderson points out, WordPress Answers is the place where you’ll find lots of developers, including Otto and Pippin.

    Security notice

    You need to have your download script tightly secured, as one could do the following:

    http://example.com/path/to/plugin/download.php?file=http://example.com/wp-config.php