[wp-hackers] Using wp-content/uploads to store dynamically created js and CSS

Brian Fegter brian at fegter.com
Wed Jan 8 22:35:35 UTC 2014


Nicola,

Instead of generating an actual static file, why not use a rewrite? You
won't have to deal with the file system at all and any quirks that come
with your setup.

Heres a gist with the setup I use for this type of thing. This allows you
to use object caching and your CDN sees this as a static file as well.
https://gist.github.com/inspectorfegter/8325711

Let me know if you have any question on this approach. Just another way to
skin a cat.

Thanks!
Brian





On Wed, Jan 8, 2014 at 4:02 PM, Nicola Peluchetti <
nicola.peluchetti at gmail.com> wrote:

> Yes all the CSS for the plugin ( including bootstrap3 ) is generated
> dynamically and it's quite big. Of course it's not generated on every
> request, it's stored and regenerated only if needed. Js is just built from
> pieces at the moment.
>
> We've had a folder under wp-content for a long time where we stored themes
> but that has always been a pain, one time out of three there was no write
> access. In fact we are deprecating that in 2.0.
>
> I thought about wp-content/uploads because i guess that, if there is just
> one folder which is writable,  it must be that.
>
> Why do you say it's unsafe?Is there some possibility that malitious users
> could exploit that?I mean is it a safety risk?Because obviously i don't
> care if anyone can access my CSS and JS code.
>
>
> *Nicola Peluchetti - Senior PHP Developer @ Timely*
> Twitter: @nik_peluchetti <https://twitter.com/#!/nik_peluchetti>
> Facebook: nicola.peluchetti <https://www.facebook.com/nicola.peluchetti>
> Stackoverflow: Stackoverflow<
> http://stackoverflow.com/users/397861/nicola-peluchetti>
> Mobile: +39 339 7507235
>
>
> On Wed, Jan 8, 2014 at 10:33 PM, Otto <otto at ottodestruct.com> wrote:
>
> > On Wed, Jan 8, 2014 at 2:39 PM, Nicola Peluchetti
> > <nicola.peluchetti at gmail.com> wrote:
> > > I've read this article
> > > http://ottopress.com/2011/tutorial-using-the-wp_filesystem/ where Otto
> > says
> > > to inline, but if i inline my js / css is not cached by the browser
> > > right?And we are talking about 500kb so it's not trivial.
> >
> >
> > First, are you seriously dynamically generating over 500kb of CSS/JS
> > files? Or are you really only generating some of the pieces of those
> > files while the rest of them is relatively static? What is the
> > "static" to "dynamic" ratio?
> >
> > I ask because it's perfectly possible to make the static parts static,
> > and the dynamic parts inline. JS variables, inline CSS, etc. Just
> > because you have it all clumped together currently doesn't mean that
> > that is the only possible way.
> >
> > Secondly, if you do generate a ton of content for whatever reasons,
> > you should not store any CSS or JS content in the /uploads directory.
> > Instead, make your own directory under /wp-content and store the files
> > there instead. The WP_Filesystem object has a function called
> > wp_content_dir() that will return the content directory on the
> > "remote" filesystem. Using this and the mkdir() function in that same
> > object, you can create your own directory to store the files in, write
> > them, and then use those URLs instead.
> >
> > Storing content that will be included into the page in the uploads
> > folder is generally unsafe, due to some configurations of shared
> > hosting. It's relatively safe for inline media images, video, etc),
> > but it is not safe for CSS or JS content.
> >
> > -Otto
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list