[wp-trac] [WordPress Trac] #47350: Add method to get JSON from a file without using file_get_contents()
WordPress Trac
noreply at wordpress.org
Wed May 22 18:39:40 UTC 2019
#47350: Add method to get JSON from a file without using file_get_contents()
-------------------------+-----------------------------
Reporter: aristath | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Editor | Version: trunk
Severity: normal | Keywords: needs-patch
Focuses: |
-------------------------+-----------------------------
This came up on a discussion about the use of `file_get_contents()` in WP
Themes. Right now that function is banned and for good reason on w.org
themes since it can be grossly abused and lead to malicious code.
However, recently it became a recommendation in
https://github.com/WordPress/gutenberg/blob/9ce596cd568d30c76fd4a0257e2872da91d4966a/packages
/dependency-extraction-webpack-plugin/README.md#wordpress
There was further discussion in the #core-editor slack channel - see
https://wordpress.slack.com/archives/C02QB2JS7/p1558546491251400 for
reference.
The suggestion was to add a new method/function to get what is required,
without forcing plugin and theme authors to use `file_get_contents()`, and
we could add any security checks required in that function.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47350>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list