[wp-hackers] Any way to bypass $wp->query_posts()?
sojweb at indiana.edu
Thu Apr 9 00:48:02 GMT 2009
> "SoJ Web" <sojweb at indiana.edu> wrote:
>> why not just have the plugin modify the htaccess
>> file and bypass WordPress altogether?
> Because modifying .htaccess should be a last resort, IMO. There are
> too many problems with non-writable .htaccess files for permalinks,
> it would be suboptimal to choose that route for a plugin. Besides,
> code that modifies code is a very hard to fully validate for
> robustness. Better to use plain ole' PHP since PHP works so well.
Generating rewrite statements is hardly difficult, and I don't think
telling Apache to do it is any more difficult or any less robust than
having PHP do it.
>> Anyone who needs this kind of control surely has
>> write permissions to the root.
> That assertion is only true if based on a narrow set of assumptions.
> Let me give a scenario where it would not at all be true. Assume
> that I create a plugin called "CustomUrls" and a themer uses it to
> create "The Ultimate Real Estate Broker Theme" and offers it for
> download. This theme might support URL paths of the following format:
> Now a real estate broker comes along and loves the theme, downloads
> it, and plops it on the most restrictive webhost out there. My
> CustomUrls plugin fails to update .htaccess and after much failed
> effort on the part of the decidedly non-technical real estate broker
> she gives up and vows never to use WordPress again because "it is a
> piece of crap." (We all know better, but that doesn't change her
> newly formed opinion, and one she'll likely speak of to anyone who
> mentions the name "WordPress" to her at any point in the future.)
> Actually, my CustomUrls plugin is designed specifically for themers
> to use (myself included), so I envision my stated scenario is far
> more likely than the scenario you present where the person using it
> would have skills needed to control permissions.
This could be much better accomplished with a custom theme. Why not
just make custom template files for those slugs? Aside from that, if
this hypothetical web host doesn't allow the htaccess file to be
modified, you can't use permalinks, or any sort of URL rewriting,
anyway, so that point is moot.
More information about the wp-hackers