Themeforest file_get_contents()

Neblabs · May 3, 2018, 9:44pm

My theme uses file_get_contents() and the filesystem f*() functions quite a bit mainly on commands I use for development and also from third-party components (not plugins, but PHP from Composer), are there exceptions to this?

Currently Theme Check shows about 80 warnings from the usage of these filesystem functions and I am unable to remove every one of them, especially from third party components.

There is no mention of file_get_contents() on the WordPress Theme Submission Requirements page.

I’ve already tested my theme on several different servers, PHP and WordPress versions, and with plugins for compativilty and there have been no problems.

Neblabs · May 4, 2018, 6:56pm

Anyone?

hevada · May 5, 2018, 7:26am

Hi,

Wherever possible, you should use the methods exposed by WP_filesystem class when implementing a WP theme/plugin instead of classic PHP File* methods. Why? Because of compatibility and security.

If you’ll have a look at core WordPress classes that cover the usage of filesystem, you’ll see that they cover many security cases, all kind of file permissions and file ownerships (required in shared hostings) and so on:

class-wp-filesystem-base.php
class-wp-filesystem-direct.php
class-wp-filesystem-ftpext.php
class-wp-filesystem-ftpsockets.php
class-wp-filesystem-ssh2.php

Here is a simple example I wrote for how to use WP_Filesystem to write a file in wp-content/uploads folder:

gist.github.com

https://gist.github.com/ramonamorea/573b6419d0da7746e985eeb949e200ca

WP_Custom_Writer.php

class WP_Custom_Writer {

	/**
	 * Stores the initialized WordPress filesystem.
	 *
	 * @access private
	 * @var WP_Filesystem
	 */
	private $file_system;

This file has been truncated. show original

Neblabs · May 5, 2018, 7:14pm

Thanks for the reply, hevada.

My question was more about the code I don’t control, like third party code included in the theme, which Im unable to modify.

hevada · May 5, 2018, 11:26pm

When you include third party content, I think it’s enough if you put in your item upload comment a link and a description to the official page of that third party component, so that the reviewer can know it’s third party code.

Neblabs · May 6, 2018, 12:57am

Thanks , I’ll do

AthenaStudio · May 8, 2018, 9:28am

You can use Theme Check plugin to solve that issue. If, it’s not written in theme check results, it seems ok.

ewizz · May 8, 2018, 7:37pm

you wont get approved, you should do that kind of code in plugin…also theme needs to fully work without that plugin

Ben-S · May 10, 2018, 10:18am

Hi, Rafrak
you should use wp_remote_get() instead