My theme uses file_get_contents() and the filesystem f*() functions quite a bit mainly on commands I use for development and also from third-party components (not plugins, but PHP from Composer), are there exceptions to this?
Currently Theme Check shows about 80 warnings from the usage of these filesystem functions and I am unable to remove every one of them, especially from third party components.
There is no mention of file_get_contents() on the WordPress Theme Submission Requirements page.
I’ve already tested my theme on several different servers, PHP and WordPress versions, and with plugins for compativilty and there have been no problems.
Wherever possible, you should use the methods exposed by WP_filesystem class when implementing a WP theme/plugin instead of classic PHP File* methods. Why? Because of compatibility and security.
If you’ll have a look at core WordPress classes that cover the usage of filesystem, you’ll see that they cover many security cases, all kind of file permissions and file ownerships (required in shared hostings) and so on:
Here is a simple example I wrote for how to use WP_Filesystem to write a file in wp-content/uploads folder:
Thanks for the reply, hevada.
My question was more about the code I don’t control, like third party code included in the theme, which Im unable to modify.
When you include third party content, I think it’s enough if you put in your item upload comment a link and a description to the official page of that third party component, so that the reviewer can know it’s third party code.
You can use Theme Check plugin to solve that issue. If, it’s not written in theme check results, it seems ok.
you wont get approved, you should do that kind of code in plugin…also theme needs to fully work without that plugin
you should use wp_remote_get() instead