[theme-reviewers] what are the rules for file access in themes?

Doug Stewart zamoose at gmail.com
Thu Jan 10 19:39:33 UTC 2013 

So here's a question that leads from this discussion: what about third
party libraries?

I have a very personal interest in this -- in the course of
redesigning/refactoring my current theme, I went a bit LESS-happy. I've got
some (IMHO) awesome LESS compilation going on behind-the-scenes using
WP-LESS/lessphp, allowing for both configurability/flexibility AND lessened
load times. Again, my opinion: awesome.

Then I saw this post (
http://wordpress.org/support/topic/plugin-theme-check-theme-check-gives-warning-for-file_put_contents?replies=4#post-2969266)
which led to Rarst sending this email, and I thought "Crap. Never even
thought to check."

Turns out that lessphp is pretty well file_put/file_get'd up.

1) So my options are: reimplement lessphp/lessc using only WP-friendly
functions
2) Drop functionality from theme entirely
3) Remove theme from repo and distribute entirely on my site and my site
only

I'm not liking any of those options. Is there a fourth (or fifth, or sixth,
or...)?


On Thu, Jan 10, 2013 at 1:45 PM, Simon Prosser <pross at pross.org.uk> wrote:

> There is no need to use either of those functions ever.
>
> if you have to read in a file, use the file() command:
> file( $filename, FILE_SKIP_EMPTY_LINES );
>
> If you absolutely have to write a file to the filesystem, wordpress
> has an API for that already, but temporary data is best stored in the
> database.
>
> On 10 January 2013 18:14, Andrey "Rarst" Savchenko <contact at rarst.net>
> wrote:
> > Theme Check plugin lists presence of most of PHP file access functions as
> > warning. In code it's under MalwareCheck which suggest issue with how
> they
> > might be used rather than with their presence in general.
> >
> > However I had found mentions on forum alike "Themes submitted to the
> Theme
> > Repository are not allowed to open or write to files - hence the warning
> in
> > the Theme Check plugin."
> >
> http://wordpress.org/support/topic/plugin-theme-check-theme-check-gives-warning-for-file_put_contents?replies=4
> > and no mention at all in Codex.
> >
> > What are the repository rules on:
> >
> > 1. Reading files in theme.
> > 2. Writing files in theme.
> > 3. [Not] using filesystem APIs to do either (if applicable).
> >
> > TIA
> > --
> > http://www.Rarst.net/
> >
> > _______________________________________________
> > theme-reviewers mailing list
> > theme-reviewers at lists.wordpress.org
> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >
>
>
>
> --
> My Blog: http://pross.org.uk/
> Plugins : http://pross.org.uk/plugins/
> Themes: http://wordpress.org/extend/themes/profile/pross
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>



-- 
-Doug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20130110/e4822d67/attachment-0001.htm>

More information about the theme-reviewers mailing list