1294 posts The Last Man Standing
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $75,000+ on Envato Market and is now an Elite Author
  • Has been a beta tester for an Envato feature
  • Sells items exclusively on Envato Market
+7 more
ImanGM says

Hi,

My first theme is almost finished. I’ve installed theme-check plugin and I have a few questions about its report.

1. This is just an info but it makes me a bit unsure if I could include wp-load.php in my shortcode manager

INFO: team-members.php The theme appears to use include or require. If these are being used to include separate sections of a template from independent files, then get_template_part() should be used instead. Line 2: require_once( ’../../../../../../wp-load.php’ );

2. I’ve got some warnings about base64 and file operations which I used them for twitter new API and theme options. Should I ignore these warnings?

WARNING: Found base64_decode in the file OAuth.php. base64_decode() is not allowed. Line 200: $decoded_sig = base64_decode($signature);

Would you please help me with these issues?

Thanks

1484 posts
  • Has referred 1+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Made it to the Authors' Hall of Fame
+3 more
OriginalEXE says

1.) A definite no no, you must never do this. 2.) It’s ok, just explain to the reviewer why you have to use it hwen submitting your item.

1294 posts The Last Man Standing
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $75,000+ on Envato Market and is now an Elite Author
  • Has been a beta tester for an Envato feature
  • Sells items exclusively on Envato Market
+7 more
ImanGM says

1.) A definite no no, you must never do this. 2.) It’s ok, just explain to the reviewer why you have to use it hwen submitting your item.

Thank you OriginalEXE but about (1): what should I do if I want to use wordpress functionality into my theme’s shortcode manager which loads into a popup window? Is there anyway to do it without breaking the standard rules?

(What I need is to get list of categories or using _e() functions…)

1185 posts
  • Has been part of the Envato Community for over 4 years
  • Has sold $40,000+ on Envato Market
  • Has been a beta tester for an Envato feature
  • Has collected 50+ items on Envato Market
+5 more
Smartik says

100% agree with OriginalEXE. 1, Is just a BIG “NO”. 2, OK.

1484 posts
  • Has referred 1+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Made it to the Authors' Hall of Fame
+3 more
OriginalEXE says

Well I have never come to situation in which I would have to do such thing. Maybe you should think about redesigning how things work in the backend?

To solve it, you could use ajax requests, and to do it properly I would suggest reading this: http://www.garyc40.com/2010/03/5-tips-for-using-ajax-in-wordpress/#js-global
1294 posts The Last Man Standing
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $75,000+ on Envato Market and is now an Elite Author
  • Has been a beta tester for an Envato feature
  • Sells items exclusively on Envato Market
+7 more
ImanGM says

thanks for your replies.

I’ve read this article but I think it’s not working in my case :(

Actually I’m loading my shortcode manager in another windows because I think there is no other way to add it to tinyMCE as a button, And if I couldn’t include wp-load.php in my files, then I could not use wp features in my shortcode manager neither…

It’s a very big limit for wordpress if the author is stocked on the main window and could not use wp data/functions in iframes, popups or …

Any ideas?

1484 posts
  • Has referred 1+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Made it to the Authors' Hall of Fame
+3 more
OriginalEXE says

If you need those functions in popups, you either need to prepare data before loading it or use ajax, no other way to properly do it (that I know of).

1294 posts The Last Man Standing
  • Elite Author: Sold more than $75,000 on Envato Market
  • Has sold $75,000+ on Envato Market and is now an Elite Author
  • Has been a beta tester for an Envato feature
  • Sells items exclusively on Envato Market
+7 more
ImanGM says

If you need those functions in popups, you either need to prepare data before loading it or use ajax, no other way to properly do it (that I know of).

Thanks OriginalEXE. I changed the code and I used admin-ajax.php instead of including wp-load.php directly in my php files. This cleans out my theme check INFO result :)

BUT I still don’t understand why it’s not a good idea too include wp-load.php directly in my files? Is it because of performance issues, security or invalid url to include?

For performance: admin-ajax.php loads wp-load.php + some more php files which I think it is a bit slower than including just wp-load.php.

For security: Developer can check for permissions on the next lines after including wp-load.php.

For invalid url to include: Well it’s possible that user change the wp-content folder or theme name or other files but it’s still possible to find the wp-load.php in developer codes.

As I’ve updated my codes with admin-ajax.php which it seems to be the best practice to include wp functions in external files, I’m just asking to understand the reasons why this is the best practice…

Thanks

280 posts
  • Has referred 10+ members
  • Has sold $40,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Sells items exclusively on Envato Market
+1 more
PrimaThemes says

@imangm, you can read this old article for reference,

http://ottopress.com/2010/dont-include-wp-load-please/
1484 posts
  • Has referred 1+ members
  • Has sold $10,000+ on Envato Market
  • Has collected 10+ items on Envato Market
  • Made it to the Authors' Hall of Fame
+3 more
OriginalEXE says

From my url:

What’s wrong with this is that sometimes users set up their folder structure differently, making the relative path declared in the PHP file above invalid. Another downside to this, is if you’re using Object Oriented approach to develop your plugin (wrapping your plugin functions in a class), you won’t have direct access to the necessary properties and private functions of the class.

Along with the PHP file above, another PHP file is necessary to output the javascript that makes the AJAX request. This has to be a PHP file instead of a normal JavaScript file, because (again) it has to include wp-config.php (or wp-load.php), so that it can get the absolute URL to the PHP file that handles the request, or load some additional data from the database. In order to load this “fake” javascript file, the whole WordPress framework needs to be loaded again.

by
by
by
by
by
by