[theme-reviewers] what are the rules for file access in themes?

Simon Prosser pross at pross.org.uk
Thu Jan 10 19:56:21 UTC 2013 

Well Doug, we use the lessc plugin in PageLines. We store the compiled
less in a db option and use the custom file_get_contents function
instead. Means editing the less plugin, but its only 1 small edit, and
just remove the file_put_contents function if your not going to use
it.

On 10 January 2013 19:39, Doug Stewart <zamoose at gmail.com> wrote:
> So here's a question that leads from this discussion: what about third party
> libraries?
>
> I have a very personal interest in this -- in the course of
> redesigning/refactoring my current theme, I went a bit LESS-happy. I've got
> some (IMHO) awesome LESS compilation going on behind-the-scenes using
> WP-LESS/lessphp, allowing for both configurability/flexibility AND lessened
> load times. Again, my opinion: awesome.
>
> Then I saw this post
> (http://wordpress.org/support/topic/plugin-theme-check-theme-check-gives-warning-for-file_put_contents?replies=4#post-2969266)
> which led to Rarst sending this email, and I thought "Crap. Never even
> thought to check."
>
> Turns out that lessphp is pretty well file_put/file_get'd up.
>
> 1) So my options are: reimplement lessphp/lessc using only WP-friendly
> functions
> 2) Drop functionality from theme entirely
> 3) Remove theme from repo and distribute entirely on my site and my site
> only
>
> I'm not liking any of those options. Is there a fourth (or fifth, or sixth,
> or...)?
>
>
> On Thu, Jan 10, 2013 at 1:45 PM, Simon Prosser <pross at pross.org.uk> wrote:
>>
>> There is no need to use either of those functions ever.
>>
>> if you have to read in a file, use the file() command:
>> file( $filename, FILE_SKIP_EMPTY_LINES );
>>
>> If you absolutely have to write a file to the filesystem, wordpress
>> has an API for that already, but temporary data is best stored in the
>> database.
>>
>> On 10 January 2013 18:14, Andrey "Rarst" Savchenko <contact at rarst.net>
>> wrote:
>> > Theme Check plugin lists presence of most of PHP file access functions
>> > as
>> > warning. In code it's under MalwareCheck which suggest issue with how
>> > they
>> > might be used rather than with their presence in general.
>> >
>> > However I had found mentions on forum alike "Themes submitted to the
>> > Theme
>> > Repository are not allowed to open or write to files - hence the warning
>> > in
>> > the Theme Check plugin."
>> >
>> > http://wordpress.org/support/topic/plugin-theme-check-theme-check-gives-warning-for-file_put_contents?replies=4
>> > and no mention at all in Codex.
>> >
>> > What are the repository rules on:
>> >
>> > 1. Reading files in theme.
>> > 2. Writing files in theme.
>> > 3. [Not] using filesystem APIs to do either (if applicable).
>> >
>> > TIA
>> > --
>> > http://www.Rarst.net/
>> >
>> > _______________________________________________
>> > theme-reviewers mailing list
>> > theme-reviewers at lists.wordpress.org
>> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> >
>>
>>
>>
>> --
>> My Blog: http://pross.org.uk/
>> Plugins : http://pross.org.uk/plugins/
>> Themes: http://wordpress.org/extend/themes/profile/pross
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
>
>
> --
> -Doug
>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>



-- 
My Blog: http://pross.org.uk/
Plugins : http://pross.org.uk/plugins/
Themes: http://wordpress.org/extend/themes/profile/pross

More information about the theme-reviewers mailing list