[theme-reviewers] Theme upload failed

Dion Hulse (dd32) wordpress at dd32.id.au
Thu Feb 9 22:31:02 UTC 2012


The contents of the download.php is ridiculous anyway.
Firstly, You can't use ../../../ to refer to the base, as
WP_CONTENT_DIR may be different than what you expect
Secondly, you should never use a file outside of WordPress to serve any content
Finally, If you must log downloads of files, You should use a
WordPress-based endpoint.

On that last step, you could hook in on the init hook (for example)
for a GET param like this:
http://site.com/?download_id=123(attachment_id)
log your details needed, and output the file.

If it was me, i'd be using a proper endpoint through the Rewrite
Endpoint API (which has very sparce documentation btw) which would be
similar to the above:
http://site.com/post-name/attachment-name/download/ -> output the file.

Of course, any PHP serving of files has a huge overhead.. an overhead
that you should avoid if at all possible.. An overhead that atheme
should not impose upon it's users, there's plugins out there for
download tracking.. and that's where this functionality should exist,
within a plugin, not within a theme.

Dion
On 10 February 2012 09:25, Chip Bennett <chip at chipbennett.net> wrote:
> The fopen() call is the only one that is preventing actual submission of
> your Theme. There is no way around that restriction, so you may want to
> investigate using the WordPress File API.
>
> Thanks,
>
> Chip
>
> On Thu, Feb 9, 2012 at 4:06 PM, Mats Birch <birch at birchware.se> wrote:
>>
>> My theme was not approved due to some problem with the name.
>> So I fixed it and tried to upload it again.
>> Since the previous version is a month old now, I of course tried to upload
>> the current version.
>>
>> I get this text (which is almost the same as I get from the Theme-Check
>> plugin):
>>
>> WARNING: fopen was found in the file download.php possible file
>> operations.
>> RECOMMENDED: No reference to add_custom_image_header was found in the
>> theme. It is recommended that the theme implement this functionality if
>> using an image for the header.
>> RECOMMENDED: No reference to add_custom_background() was found in the
>> theme. If the theme uses background images or solid colors for the
>> background, then it is recommended that the theme implement this
>> functionality.
>> INFO: download.php The theme appears to use include or require. If these
>> are being used to include separate sections of a template from independent
>> files, then get_template_part() should be used instead.
>>
>> I use fopen because the theme supports downloading.
>> See: http://birchware.se/wordpress/kiss/kiss-download (that link is for
>> the theme in question)
>> In download.php i got this: require_once('../../../../wp-load.php');
>> It's needed because that file is outside of WordPress' flow.
>>
>> The add_custom_* functions aren't used because I want to have all the
>> config stuff in one place.
>>
>> Anyway, none of these are required, so I can't see why the upload failed.
>> Why did it?
>> And how shall I move on from here?
>>
>> Regards,
>> Mats Birch.
>> Theme name: Kiss
>> Not approved theme name: BirchWare Kiss (ticket #6211)
>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>


More information about the theme-reviewers mailing list