Make WordPress Core

Opened 5 years ago

Last modified 5 years ago

#47350 new enhancement

Add method to get JSON from a file without using file_get_contents()

Reported by: aristath's profile aristath Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.3
Component: Script Loader Keywords: needs-patch
Focuses: Cc:


This came up on a discussion about the use of file_get_contents() in WP Themes. Right now that function is banned and for good reason on themes since it can be grossly abused and lead to malicious code.
However, recently it became a recommendation in

There was further discussion in the #core-editor slack channel - see for reference.

The suggestion was to add a new method/function to get what is required, without forcing plugin and theme authors to use file_get_contents(), and we could add any security checks required in that function.

Change History (3)

This ticket was mentioned in Slack in #core-editor by aristath. View the logs.

5 years ago

#2 @youknowriad
5 years ago

  • Component changed from Editor to Script Loader

I wonder if this should just be the default behavior of wp_register_script if you omit the "deps" argument. It could go check if there's a dependency file with the same name as the script and load it.

#3 @aristath
5 years ago

Interesting suggestion... And makes perfect sense. If we have a way to register script dependencies outside of wp_register_script, then omitting the deps argument should load the defaults

Note: See TracTickets for help on using tickets.