build: Remove outdated sphinx-contentui package#126
Merged
Conversation
✅ WordPress Plugin Check Report
📊 ReportAll checks passed! No errors or warnings found. 🤖 Generated by WordPress Plugin Check Action • Learn more about Plugin Check |
Contributor
Author
|
@feanil trying to remove this package everywhere but I think there's deeper issues here (it's saying I'm upgrading from Py 3.8 -> Py 3.12) - should I just close this until the packages are upgraded? |
Contributor
|
Python is only used for the docs in this repo so it should be safe to upgrade to python 3.12, you just need to also update the |
sarina
force-pushed
the
sarina/remove-scui
branch
from
66bbbb0 to
b766e60
Compare
Contributor
Author
|
wasted some tokens to get validation from claude 🥲 
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Remove sphinx-contentui package
See openedx/docs.openedx.org#1417
This is an outdated package that was included in the docs cookie cutter. It can cause build errors and doesn't seem to be used.
Add php file security
Resolves test failures like this:
This is a WordPress security standard enforced by many plugin review tools (like the WordPress Plugin Checker). Here's what's going on:
The problem
The file
openedx-commerce-public-display.phpis a PHP partial — it's meant to be included by another PHP file, not accessed directly via a URL. But without a guard, someone could potentially navigate to it directly in a browser, like:Accessing a partial directly could expose PHP errors, partial HTML output, or unintended behavior.
What
ABSPATHisABSPATHis a WordPress constant defined early in WordPress's bootstrap process (wp-load.php). It holds the absolute filesystem path to the WordPress installation root.If a file is loaded through the normal WordPress request lifecycle,
ABSPATHwill already be defined. If someone hits the file directly, WordPress never bootstrapped, soABSPATHis not defined.The fix
Add this at the very top of the file (line 1, before any HTML or PHP output):
This says: "If WordPress hasn't loaded yet, stop execution immediately."
Where exactly to add it
Looking at [that file on GitHub](https://github.com/openedx/openedx-wordpress-ecommerce/blob/main/public/partials/openedx-commerce-public-display.php), it likely opens with a PHP tag or HTML. The guard should go at the very top, before anything else renders.
This is a low-effort, high-value security hardening step — it's a best practice for any PHP file in a WordPress plugin that isn't meant to be a standalone entry point.