[theme-reviewers] what are the rules for file access in themes?

Simon Prosser pross at pross.org.uk
Thu Jan 10 19:06:08 UTC 2013


A lot of shared hosting companies block file_get_contents and file_put_contents.

file() reads a file line by line and puts it in an array.

Heres what we use:
function pl_file_get_contents( $filename ) {

	if ( is_file( $filename ) ) {
		
		$file = file( $filename, FILE_SKIP_EMPTY_LINES );
		$out = '';
		if( is_array( $file ) )
			foreach( $file as $contents )
				$out .= $contents;

		if( $out )
			return $out;
		else
			return false;	
	}
}

On 10 January 2013 19:00, Andrey "Rarst" Savchenko <contact at rarst.net> wrote:
>> There is no need to use either of those functions ever.
>
>
> For example I have a need to read package data from bundled libraries in
> form of .json files. I am sure there are plenty more of use cases for
> something so basic as opening/writing a file around.
>
>> if you have to read in a file, use the file() command
>
>
> Could you please elaborate how is this function different from other file
> read functions (PHP manual treats it like synonym to file_get_contents()
> with different output format) and why it seems to be exempt?
>
>> If you absolutely have to write a file to the filesystem, wordpress
>> has an API for that already, but temporary data is best stored in the
>> database.
>
>
> I am well aware of that API and approaches to storage of data. I'd like
> first clarified points (1) and (2) - if theme is allowed by repository rules
> to read and write files at all.
>
> 2013/1/10 Simon Prosser <pross at pross.org.uk>
>>
>> There is no need to use either of those functions ever.
>>
>> if you have to read in a file, use the file() command:
>> file( $filename, FILE_SKIP_EMPTY_LINES );
>>
>> If you absolutely have to write a file to the filesystem, wordpress
>> has an API for that already, but temporary data is best stored in the
>> database.
>>
>> On 10 January 2013 18:14, Andrey "Rarst" Savchenko <contact at rarst.net>
>> wrote:
>> > Theme Check plugin lists presence of most of PHP file access functions
>> > as
>> > warning. In code it's under MalwareCheck which suggest issue with how
>> > they
>> > might be used rather than with their presence in general.
>> >
>> > However I had found mentions on forum alike "Themes submitted to the
>> > Theme
>> > Repository are not allowed to open or write to files - hence the warning
>> > in
>> > the Theme Check plugin."
>> >
>> > http://wordpress.org/support/topic/plugin-theme-check-theme-check-gives-warning-for-file_put_contents?replies=4
>> > and no mention at all in Codex.
>> >
>> > What are the repository rules on:
>> >
>> > 1. Reading files in theme.
>> > 2. Writing files in theme.
>> > 3. [Not] using filesystem APIs to do either (if applicable).
>> >
>> > TIA
>> > --
>> > http://www.Rarst.net/
>> >
>> > _______________________________________________
>> > theme-reviewers mailing list
>> > theme-reviewers at lists.wordpress.org
>> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> >
>>
>>
>>
>> --
>> My Blog: http://pross.org.uk/
>> Plugins : http://pross.org.uk/plugins/
>> Themes: http://wordpress.org/extend/themes/profile/pross
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
>
>
> --
> http://www.Rarst.net/
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>



-- 
My Blog: http://pross.org.uk/
Plugins : http://pross.org.uk/plugins/
Themes: http://wordpress.org/extend/themes/profile/pross


More information about the theme-reviewers mailing list