Don't rely on include_path to include files.

Always use dirname() or, once available, ABSPATH.

props ketwaroo, hakre.
fixes #17092.

Built from https://develop.svn.wordpress.org/trunk@25616


git-svn-id: http://core.svn.wordpress.org/trunk@25533 1a063a9b-81f0-0310-95a4-ce76da25c4cd

index.php

@@ -14,4 +14,4 @@
 define('WP_USE_THEMES', true);
 
 /** Loads the WordPress Environment and Template */
-require('./wp-blog-header.php');
+require( dirname( __FILE__ ) . '/wp-blog-header.php' );

wp-activate.php

@@ -11,7 +11,7 @@
 /** Sets up the WordPress Environment. */
 require( dirname(__FILE__) . '/wp-load.php' );
 
-require( './wp-blog-header.php' );
+require( dirname( __FILE__ ) . '/wp-blog-header.php' );
 
 if ( !is_multisite() ) {
 	wp_redirect( site_url( '/wp-login.php?action=register' ) );
@@ -126,4 +126,4 @@ function wpmu_activate_stylesheet() {
 	var key_input = document.getElementById('key');
 	key_input && key_input.focus();
 </script>
-<?php get_footer(); ?>
+<?php get_footer(); ?>

wp-admin/about.php

@@ -7,7 +7,7 @@
  */
 
 /** WordPress Administration Bootstrap */
-require_once( './admin.php' );
+require_once( dirname( __FILE__ ) . '/admin.php' );
 
 $title = __( 'About' );
 

wp-admin/admin-header.php

@@ -8,7 +8,7 @@
 
 @header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
 if ( ! defined( 'WP_ADMIN' ) )
-	require_once( './admin.php' );
+	require_once( dirname( __FILE__ ) . '/admin.php' );
 
 // In case admin-header.php is included in a function.
 global $title, $hook_suffix, $current_screen, $wp_locale, $pagenow, $wp_version,

wp-admin/admin-post.php

@@ -14,7 +14,7 @@
 if ( defined('ABSPATH') )
 	require_once(ABSPATH . 'wp-load.php');
 else
-	require_once('../wp-load.php');
+	require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
 
 /** Allow for cross-domain requests (from the frontend). */
 send_origin_headers();

wp-admin/async-upload.php

@@ -11,7 +11,7 @@
 if ( defined('ABSPATH') )
 	require_once(ABSPATH . 'wp-load.php');
 else
-	require_once('../wp-load.php');
+	require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
 
 if ( ! ( isset( $_REQUEST['action'] ) && 'upload-attachment' == $_REQUEST['action'] ) ) {
 	// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
@@ -24,7 +24,7 @@
 	unset($current_user);
 }
 
-require_once('./admin.php');
+require_once( ABSPATH . 'wp-admin/admin.php' );
 
 if ( !current_user_can('upload_files') )
 	wp_die(__('You do not have permission to upload files.'));

wp-admin/comment.php

@@ -7,7 +7,7 @@
  */
 
 /** Load WordPress Bootstrap */
-require_once('./admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
 
 $parent_file = 'edit-comments.php';
 $submenu_file = 'edit-comments.php';
@@ -36,7 +36,7 @@
  */
 function comment_footer_die( $msg ) {
 	echo "<div class='wrap'><p>$msg</p></div>";
-	include('./admin-footer.php');
+	include( ABSPATH . 'wp-admin/admin-footer.php' );
 	die;
 }
 
@@ -60,7 +60,7 @@ function comment_footer_die( $msg ) {
 	);
 
 	wp_enqueue_script('comment');
-	require_once('./admin-header.php');
+	require_once( ABSPATH . 'wp-admin/admin-header.php' );
 
 	$comment_id = absint( $_GET['c'] );
 
@@ -75,7 +75,7 @@ function comment_footer_die( $msg ) {
 
 	$comment = get_comment_to_edit( $comment_id );
 
-	include('./edit-form-comment.php');
+	include( ABSPATH . 'wp-admin/edit-form-comment.php' );
 
 	break;
 
@@ -104,7 +104,7 @@ function comment_footer_die( $msg ) {
 		die();
  	}
 
-	require_once('./admin-header.php');
+	require_once( ABSPATH . 'wp-admin/admin-header.php' );
 
 	$formaction    = $action . 'comment';
 	$nonce_action  = 'approve' == $action ? 'approve-comment_' : 'delete-comment_';
@@ -300,4 +300,4 @@ function comment_footer_die( $msg ) {
 
 } // end switch
 
-include('./admin-footer.php');
+include( ABSPATH . 'wp-admin/admin-footer.php' );

wp-admin/credits.php

@@ -7,7 +7,7 @@
  */
 
 /** WordPress Administration Bootstrap */
-require_once( './admin.php' );
+require_once( dirname( __FILE__ ) . '/admin.php' );
 
 $title = __( 'Credits' );
 

wp-admin/customize.php

@@ -9,7 +9,7 @@
 
 define( 'IFRAME_REQUEST', true );
 
-require_once( './admin.php' );
+require_once( dirname( __FILE__ ) . '/admin.php' );
 if ( ! current_user_can( 'edit_theme_options' ) )
 	wp_die( __( 'Cheatin’ uh?' ) );
 

wp-admin/edit-comments.php

@@ -7,7 +7,7 @@
  */
 
 /** WordPress Administration Bootstrap */
-require_once('./admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
 if ( !current_user_can('edit_posts') )
 	wp_die(__('Cheatin’ uh?'));
 
@@ -136,7 +136,7 @@
 	'<p>' . __( '<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'
 );
 
-require_once('./admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 ?>
 
 <div class="wrap">
@@ -252,4 +252,4 @@
 <?php
 wp_comment_reply('-1', true, 'detail');
 wp_comment_trashnotice();
-include('./admin-footer.php'); ?>
+include( ABSPATH . 'wp-admin/admin-footer.php' ); ?>

wp-admin/edit-form-advanced.php

@@ -107,7 +107,7 @@
 $post_type_object = get_post_type_object($post_type);
 
 // All meta boxes should be defined and added before the first do_meta_boxes() call (or potentially during the do_meta_boxes action).
-require_once('./includes/meta-boxes.php');
+require_once( ABSPATH . 'wp-admin/includes/meta-boxes.php' );
 
 
 $publish_callback_args = null;
@@ -309,7 +309,7 @@
 	) );
 }
 
-require_once('./admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 ?>
 
 <div class="wrap">

wp-admin/edit-link-form.php

@@ -22,7 +22,7 @@
 	$nonce_action = 'add-bookmark';
 }
 
-require_once('./includes/meta-boxes.php');
+require_once( ABSPATH . 'wp-admin/includes/meta-boxes.php' );
 
 add_meta_box('linksubmitdiv', __('Save'), 'link_submit_meta_box', null, 'side', 'core');
 add_meta_box('linkcategorydiv', __('Categories'), 'link_categories_meta_box', null, 'normal', 'core');
@@ -54,7 +54,7 @@
 	'<p>' . __( '<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'
 );
 
-require_once ('admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 ?>
 
 <div class="wrap">

wp-admin/edit-tags.php

@@ -7,7 +7,7 @@
  */
 
 /** WordPress Administration Bootstrap */
-require_once('./admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
 
 if ( ! $taxnow )
 	wp_die( __( 'Invalid taxonomy' ) );
@@ -126,8 +126,8 @@
 	$tag = get_term( $tag_ID, $taxonomy, OBJECT, 'edit' );
 	if ( ! $tag )
 		wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) );
-	require_once ( 'admin-header.php' );
-	include( './edit-tag-form.php' );
+	require_once( ABSPATH . 'wp-admin/admin-header.php' );
+	include( ABSPATH . 'wp-admin/edit-tag-form.php' );
 
 break;
 
@@ -247,7 +247,7 @@
 	unset( $help );
 }
 
-require_once ('admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 
 if ( !current_user_can($tax->cap->edit_terms) )
 	wp_die( __('You are not allowed to edit this item.') );
@@ -462,4 +462,4 @@
 break;
 }
 
-include('./admin-footer.php');
+include( ABSPATH . 'wp-admin/admin-footer.php' );

wp-admin/edit.php

@@ -7,7 +7,7 @@
  */
 
 /** WordPress Administration Bootstrap */
-require_once( './admin.php' );
+require_once( dirname( __FILE__ ) . '/admin.php' );
 
 if ( ! $typenow )
 	wp_die( __( 'Invalid post type' ) );
@@ -262,7 +262,7 @@
 $bulk_messages = apply_filters( 'bulk_post_updated_messages', $bulk_messages, $bulk_counts );
 $bulk_counts = array_filter( $bulk_counts );
 
-require_once('./admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 ?>
 <div class="wrap">
 <?php screen_icon(); ?>
@@ -322,4 +322,4 @@
 </div>
 
 <?php
-include('./admin-footer.php');
+include( ABSPATH . 'wp-admin/admin-footer.php' );

wp-admin/export.php

@@ -7,13 +7,13 @@
  */
 
 /** Load WordPress Bootstrap */
-require_once ('admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
 
 if ( !current_user_can('export') )
 	wp_die(__('You do not have sufficient permissions to export the content of this site.'));
 
 /** Load WordPress export API */
-require_once('./includes/export.php');
+require_once( ABSPATH . 'wp-admin/includes/export.php' );
 $title = __('Export');
 
 /**
@@ -107,7 +107,7 @@ function export_add_js() {
 	die();
 }
 
-require_once ('admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 
 /**
  * Create the date options fields for exporting a given post type.
@@ -241,4 +241,4 @@ function export_date_options( $post_type = 'post' ) {
 </form>
 </div>
 
-<?php include('admin-footer.php'); ?>
+<?php include( ABSPATH . 'wp-admin/admin-footer.php' ); ?>

wp-admin/freedoms.php

@@ -7,7 +7,7 @@
  */
 
 /** WordPress Administration Bootstrap */
-require_once( './admin.php' );
+require_once( dirname( __FILE__ ) . '/admin.php' );
 
 $title = __( 'Freedoms' );
 

wp-admin/import.php

@@ -9,7 +9,7 @@
 define('WP_LOAD_IMPORTERS', true);
 
 /** Load WordPress Bootstrap */
-require_once ('admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
 
 if ( !current_user_can('import') )
 	wp_die(__('You do not have sufficient permissions to import content in this site.'));
@@ -47,7 +47,7 @@
 add_thickbox();
 wp_enqueue_script( 'plugin-install' );
 
-require_once ('admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 $parent_file = 'tools.php';
 ?>
 
@@ -130,4 +130,4 @@
 
 <?php
 
-include ('admin-footer.php');
+include( ABSPATH . 'wp-admin/admin-footer.php' );

wp-admin/index.php

@@ -7,7 +7,7 @@
  */
 
 /** Load WordPress Bootstrap */
-require_once('./admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
 
 /** Load WordPress dashboard API */
 require_once(ABSPATH . 'wp-admin/includes/dashboard.php');

wp-admin/install.php

@@ -36,10 +36,10 @@
 require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
 
 /** Load WordPress Administration Upgrade API */
-require_once( dirname( __FILE__ ) . '/includes/upgrade.php' );
+require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
 
 /** Load wpdb */
-require_once(dirname(dirname(__FILE__)) . '/wp-includes/wp-db.php');
+require_once( ABSPATH . 'wp-includes/wp-db.php' );
 
 $step = isset( $_GET['step'] ) ? (int) $_GET['step'] : 0;
 

wp-admin/link-add.php

@@ -7,7 +7,7 @@
  */
 
 /** Load WordPress Administration Bootstrap */
-require_once('./admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
 
 if ( ! current_user_can('manage_links') )
 	wp_die(__('You do not have sufficient permissions to add links to this site.'));
@@ -24,6 +24,6 @@
 	wp_enqueue_script( 'jquery-touch-punch' );
 
 $link = get_default_link_to_edit();
-include('./edit-link-form.php');
+include( ABSPATH . 'wp-admin/edit-link-form.php' );
 
-require('./admin-footer.php');
+require( ABSPATH . 'wp-admin/admin-footer.php' );

wp-admin/link-manager.php

@@ -7,7 +7,7 @@
  */
 
 /** Load WordPress Administration Bootstrap */
-require_once ('admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
 if ( ! current_user_can( 'manage_links' ) )
 	wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) );
 
@@ -61,7 +61,7 @@
 	'<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
 );
 
-include_once ('./admin-header.php');
+include_once( ABSPATH . 'wp-admin/admin-header.php' );
 
 if ( ! current_user_can('manage_links') )
 	wp_die(__("You do not have sufficient permissions to edit the links for this site."));
@@ -97,4 +97,4 @@
 </div>
 
 <?php
-include('./admin-footer.php');
+include( ABSPATH . 'wp-admin/admin-footer.php' );