WordPress.org

Ready to get started?Download WordPress

Forums

How does a Theme's update reconcile user edits to the native code? (7 posts)

  1. 7Vyse
    Member
    Posted 1 year ago #

    I am re-coding parts of the Toolbox theme for this particular WP build. I got the impression that this is what Toolbox was designed for (and maybe I'm wrong here?) I am wondering what will happen when Toolbox sends out an update. Does my code get overwritten? Ignored? Or does something else take place I am not aware of?

  2. Knut Sparhell
    Member
    Posted 1 year ago #

    If you update a theme through the update mechanism of WordPress, all your custom code is lost (overwritten). This goes for any theme, regardless of the intended purpose.

    I understand this theme as being meant as a template for making your own theme. I's not for installation as a theme of it's own. Put your theme in another folder, giving it a name of your choice .. based upon Toolbox. This way you will never get prompted to update it. And always keep a backup of your work.

    If you do install Toolbox as a (parent) theme you can, as always, make a child theme. But I don't think this has been the intention behind it.

  3. 7Vyse
    Member
    Posted 1 year ago #

    Thank you Knut for the answer. That leads me to ask two more questions.

    Just as there is graceful degradation in CSS, is there a 'graceful revision' that I can implement? Someway to use child-themes perhaps?

    And if the answer is no: what types of risks do I, as someone who is still really new to PHP (like beginner level new), take on by creating a theme that will not receive updates any time soon.

  4. Knut Sparhell
    Member
    Posted 1 year ago #

    Using a child theme, you can upgrade "gracefully". When you create a template file in your child theme, the template in the parent is ignored.

    Toolbox is meant as a manual template for making your own parent theme, which will only be updated by you. As long as you don't let any user submit data (a create forms, handle POST data) to be displayed or to update WordPress as files or to save into the database, you are pretty safe. The "template tags" (WordPress functions for theme templates) just receive (read) data from WordPress. Those data are "sanitized" and safe to display.

    Your theme might change the behaviour of WordPress through hooks (actions and filters). Let those actions fire without using anything that comes from a client (browser, user), and you are safe.

  5. 7Vyse
    Member
    Posted 1 year ago #

    I may be mistaken here but if I have any intention of asking for user data, such as through forms, it sounds like you are suggesting I should avoid tweaking Toolbox for my liking? It also sounds like Toolbox is meant to be more of a "Make your own theme" versus child-theme-ready type of affair yes?

    Like I said, I am just beginning to feel comfortable diving into PHP, and that is only to add HTML and not really to edit the PHP. What you're saying is very fuzzy, but it kinda almost sound like I'm putting my build at a security risk by doing this?

  6. Knut Sparhell
    Member
    Posted 1 year ago #

    I'm saying the opposite of what you say you think it sounds like, You are safe, unless you try to be too "clever", doing things you are not supposed to do with a theme.

    To edit a theme, you will be editing PHP files. They are not pure HTML.

    Any (non-child) theme can be used as a parent theme, or as a template for making your own. Your choice.

    I'm just trying to answer your questions, and explain.

  7. 7Vyse
    Member
    Posted 1 year ago #

    I understand now, thank you! I just wanted to make sure I wasn't creating giant security holes or something.

Topic Closed

This topic has been closed to new replies.

About this Topic