[theme-reviewers] Why themes should not use fopen?

Otto otto at ottodestruct.com
Wed May 18 16:29:43 UTC 2011

On Wed, May 18, 2011 at 10:44 AM, Satish Gandham <satish.iitg at gmail.com> wrote:
> How the server impact is the lowest? CSS has to be generated dynamically
> every time the page is loaded.

You don't have to generate it every time. Generate the CSS only at the
time it changes, then store the generated CSS in an option.

> Bandwidth is wasted as the CSS cannot be
> cached.

Have you seen Google's mod_pagespeed for Apache? It has this
interesting tendency to take CSS and move it from external files to
inline, for certain smaller CSS files. Inline CSS is faster to both
load and render. The overhead of making an extra HTTP request is
somewhat large.

> My theme allows user to customize every element of the site and some styles
> are loaded only when the user enables a particular option.
> So, my dynamic CSS is around 30kb on average.

Firstly, if you're "generating" 30k of CSS then I feel perfectly
justified in saying that you're very likely doing it wrong. Call an
average line of CSS 30 characters (being generous). Are you suggesting
that your theme has something on the order of 1000 individual options?

Only the CSS that is *actually* dynamic should be generated. Colors,
for example. Font sizes, perhaps. Most realistic options for making
display adjustments should be a matter of choosing amongst pre-made
classes. If you're generating a giant block of CSS based on a small
number of choices, then you should be including all those various
choices in a static CSS file (or files) and shifting the classes
around in the HTML instead.

> In what way the above method is the BEST?

It's faster, by far, if you design your options system correctly. If
you're generating 30k of CSS, then you have not done that.

Or maybe I'm wrong. Show me the code. Show me how you can generate 30k
of CSS dynamically, in a legitimate way, because frankly, I don't
think so.

> Whats wrong with having a theme file outside the theme folder?
> What is confusing and Confusing to whom?

Having theme files outside the theme folder makes it confusing to end
users trying to modify their files directly instead of using your
options pages, and it often creates security vulnerabilities if you do
it in the most obvious way (like using fopen).

> An extra http request if far better than adding 30kb of weight to every
> page.

Bandwidth is cheap. Seriously. Sending an extra 30k is often quicker
than making an extra HTTP request.

> Also considering the number of images loaded by theme and the number
> of stylesheets loaded the by plugins, the ONE additional http request is
> insignificant.

Talk to Google, who says it is quite significant and dings your site
if you have too many of extra requests going on. Use their webmaster
tools some time.

> PS: I'm pretty sure that I wont win this like all arguments, but I couldn't
> just put 100kb of CSS and javaScript on every page and waste the bandwidth
> of the blog owner and the reader.

With regards to the theme directory, you definitely won't win this
one. Using direct file writing operations in themes creates known
security issues on many web hosts and that is the end of it.

With regards to your own theme and support forum, do whatever you
like. I'm happy to try to explain to you why you shouldn't do this
sort of thing though.


More information about the theme-reviewers mailing list