Support » Plugin: Theme Check » Does "$wp_filesystem->append_contents" or something exist?

  • Resolved pinkhare

    (@pinkhare)


    I need to use the function file_put_contents to overwrite a file with whole new content or append contents several times in some cases. But I guess that the function is not allowed to use in WordPress themes.

    So I would like to use $wp_filesystem->put_contents instead, but it seems the WP function does not have the flags argument(FILE_USE_INCLUDE_PATH | FILE_APPEND | LOCK_EX) to choose whether to append content several times into a file or to overwrite a file with new one.

    I need some CSS, which is created lately and dynamically in a widget function(add class names to some elements & calculate CSS according to them) after all the other styles are already loaded. So I cannot use wp_add_inline_style, which is loaded before that. So, I absolutely need an alternative function for file_put_contents which has an argument to choose appending or replacing.

    ThemeCheck does not show any warning about file_put_contents. So can I just use file_put_contents in my theme?

    Please help!

    https://wordpress.org/plugins/theme-check/

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    Generally speaking, themes trying to write files is a pretty bad idea to begin with. There are associated security issues.

    Why do you need to write a file in the first place? There is almost certainly a better way to accomplish your goals.

    pinkhare

    (@pinkhare)

    I need it for two situations.

    First, I have to generate JavaScript dynamically in overrided Walker & Walker Edit classes(as you know, they’re looped files through different menu items), but there is no function like wp_add_inline_script(enqueue all scripts for different IDs of menu items through the Walker loop and render them simultaneously right before footer). So I have to use file_put_contents with argument flags instead to do it. Appending all scripts for different menu IDs to a JS file. (Refreshing flushes the file)

    Second, I have to use wp_add_inline_style in the overrided core function of my extended tag cloud widget, but I cannot do add_action(‘wp_enqueue_script’) for the function that has wp_add_inline_style in the core widget function. So I cannot use wp_add_inline_style. Also, wp_add_inline_style does not work there because my overrided function would be executed too late. That’s because calculating CSS values, class names(tag-1, tag-2, tag-4, etc. Numbers are appearance counts of each tag) and colors of them is done too late after it should have done. So wp_add_inline_style is not rendered when it would be. The problems are timing and place to be run.

    If you have any better way to accomplish above things, let me know it please!

    Plugin Author Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    You can always hook to wp_head with a lower priority, so it runs last.

    Plugin Author Samuel Wood (Otto)

    (@otto42)

    WordPress.org Admin

    Basically, writing files directly from a theme or a plugin is dangerous unless you take special precautions, and writing JS or CSS files which will be included in the page output is a security risk on many types of shared hosting environments.

    The WP_Filesystem code exists to allow you to write files safely, so that the ownership of the files is maintained properly, however in some environments, this means that user credentials are required to do this. There is no safe way to write files in those environments without those credentials, and thus there is no safe way to automate this without user interaction being a part of the process.

    The best thing to do is to avoid writing files. Put your code inline. Minimize the amount of code that you create dynamically as well. It’s relatively easy to only put the “changes” you make into variables and then call upon some static script code to use those variables, instead of dynamically creating script code. That’s the preferred approach, and much friendlier for caching purposes.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Does "$wp_filesystem->append_contents" or something exist?’ is closed to new replies.