php - Is it needed to use wordpress filesystem in creating files and directories inside a plugin?
Get the solution ↓↓↓I'm currently developing a WordPress plugin which in part of it I need to create directories and save image files that I have got from the front end.
I receive image files inside API endpoint and attempt to save those images inside a safe location.
I know there are two ways of doing this : WordPress Filesystem API and usual PHP file functions.
I think for security reasons I've to use WordPress Filesystem API but I don't know how should work withrequest_filesystem_credentials
function because it needs some parameters like $form_post but I don't know what this parameter exactly is while there is no form. It's all Ajax request and I have the file inside my API endpoint!
Or maybe it is good to go with usual PHP file functions?!
Answer
Solution:
In a perfect world, yes, you should do it that way. In reality, specific to your scenario, it just isn’t feasible because, as you noted, you are a background task. Instead, I would code defensively, log my failures, and provide a UI for admins to audit and/or receive alerts.
I would also call get_filesystem_method() to see if itdirect
. When you call that function, WordPress will actually attempt writing a temporary file, and check the file’s ownership to see if it is optimal. I’d read through the whole function’s code to see what it all does, too, including extra information that it stashes in globals. You don’t need to call this on every write, but I’d do it on activation and I’d have a health check/status area to alert admins, and I think if this doesn’t returndirect
I’d set an "option" that my plugin would check that would disable writing.
Avoid WordPress constants for paths if you can, and instead use official functions such as wp_upload_dir. See the docs for parameters and return values, and you specifically probably don’t want to create the time sub folder, you just want to get the return base directory. That function is great, especially in Multisite, because folders aren’t always where you expect them. Actually,wp_get_upload_dir
might be even better, but it is good to know the deeper one.
WordPress also has a bunch of wrapper functions for PHP core functions such aswp_mkdir_p
, and it is good to know those.
Lastly, be very careful with the file system and what parameters you blindly accept from outside. For instance, a third party/API might say the file should be calledexample.jpg
which is probably okay, but they could also say it is../../../wp-config.php
and you could bork the system. I personally use this in all of my projects. There’s a bunch of methods including safely joining paths without have to worry about extra or missing slashes, and it is also cross platform which is great for me because I dev on Windows. When you write to disk, make sure you are isolated to your folder or it’s children.
Share solution ↓
Additional Information:
Link To Answer People are also looking for solutions of the problem: an exception occurred in the driver: could not find driver
Didn't find the answer?
Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.
Similar questions
Find the answer in similar questions on our website.
Write quick answer
Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.