Summary
The WordPress.WP.AlternativeFunctions.file_system_operations_fopen and WordPress.WP.AlternativeFunctions.file_system_operations_fclose checks report an error when using php://output for streaming a CSV download.
In this case, the warning appears to be a false positive because php://output is an output stream rather than a filesystem path, and there is no equivalent WordPress API (WP_Filesystem) for writing streamed CSV responses.
Minimal Reproduction
header( 'Content-Type: text/csv; charset=utf-8' );
header( 'Content-Disposition: attachment; filename=test.csv' );
$output = fopen( 'php://output', 'w' );
foreach ( $rows as $row ) {
fputcsv( $output, $row );
}
fclose( $output );
exit;
Current Result
Plugin Check reports:
WordPress.WP.AlternativeFunctions.file_system_operations_fopen
WordPress.WP.AlternativeFunctions.file_system_operations_fclose
Expected Result
The check should not report an error for php://output, since:
php://output is not a filesystem path.
WP_Filesystem cannot be used to replace this functionality.
- Streaming CSV responses using
fopen( 'php://output', 'w' ) and fputcsv() is a common PHP pattern, and there is currently no WordPress-native alternative.
If this usage is intentionally unsupported, it would be helpful for the documentation to explain the recommended approach.
Disclaimer: Claude was used to help investigate and draft this issue. I verified the behavior and confirmed the reproduction before submitting.
Summary
The
WordPress.WP.AlternativeFunctions.file_system_operations_fopenandWordPress.WP.AlternativeFunctions.file_system_operations_fclosechecks report an error when usingphp://outputfor streaming a CSV download.In this case, the warning appears to be a false positive because
php://outputis an output stream rather than a filesystem path, and there is no equivalent WordPress API (WP_Filesystem) for writing streamed CSV responses.Minimal Reproduction
Current Result
Plugin Check reports:
WordPress.WP.AlternativeFunctions.file_system_operations_fopenWordPress.WP.AlternativeFunctions.file_system_operations_fcloseExpected Result
The check should not report an error for
php://output, since:php://outputis not a filesystem path.WP_Filesystemcannot be used to replace this functionality.fopen( 'php://output', 'w' )andfputcsv()is a common PHP pattern, and there is currently no WordPress-native alternative.If this usage is intentionally unsupported, it would be helpful for the documentation to explain the recommended approach.
Disclaimer: Claude was used to help investigate and draft this issue. I verified the behavior and confirmed the reproduction before submitting.