locate_template( string|array $template_names, bool $load = false, bool $require_once = true )

Retrieve the name of the highest priority template file that exists.

Contents

Description Description

Searches in the STYLESHEETPATH before TEMPLATEPATH and wp-includes/theme-compat so that themes which inherit from a parent theme can just overload one file.

Parameters Parameters

$template_names

(string|array) (Required) Template file(s) to search for, in order.

$load

(bool) (Optional) If true the template file will be loaded if it is found.

Default value: false

$require_once

(bool) (Optional) Whether to require_once or require. Has no effect if $load is false.

Default value: true

Top ↑

Return Return

(string) The template filename if one is located.

Top ↑

Source Source

File: wp-includes/template.php 

function locate_template( $template_names, $load = false, $require_once = true ) {
	$located = '';
	foreach ( (array) $template_names as $template_name ) {
		if ( ! $template_name ) {
			continue;
		}
		if ( file_exists( STYLESHEETPATH . '/' . $template_name ) ) {
			$located = STYLESHEETPATH . '/' . $template_name;
			break;
		} elseif ( file_exists( TEMPLATEPATH . '/' . $template_name ) ) {
			$located = TEMPLATEPATH . '/' . $template_name;
			break;
		} elseif ( file_exists( ABSPATH . WPINC . '/theme-compat/' . $template_name ) ) {
			$located = ABSPATH . WPINC . '/theme-compat/' . $template_name;
			break;
		}
	}

	if ( $load && '' != $located ) {
		load_template( $located, $require_once );
	}

	return $located;
}

Expand full source code Collapse full source code View on Trac

Top ↑

Changelog Changelog

Changelog
Version Description
2.7.0 Introduced.

Top ↑

Top ↑

Uses Uses

Uses
Uses Description
wp-includes/template.php: load_template()

Require the template file with WordPress environment.

Top ↑

Used By Used By

Used By
Used By Description
wp-includes/general-template.php: get_header()

Load header template.
wp-includes/general-template.php: get_footer()

Load footer template.
wp-includes/general-template.php: get_sidebar()

Load sidebar template.
wp-includes/general-template.php: get_template_part()

Loads a template part into a template.
wp-includes/general-template.php: get_search_form()

Display search form.
wp-includes/template.php: get_query_template()

Retrieve path to a template
Show 1 more used by Hide more used by

Top ↑

User Contributed Notes User Contributed Notes

  1. Skip to note 1 content
    You must log in to vote on the helpfulness of this noteVote results for this note: 5You must log in to vote on the helpfulness of this note
    Contributed by Paul Ryan

    Note that locate_template() does not prevent directory traversal attacks, so if you’re passing a user-provided template name to the function, be sure to verify that it’s from one of the three appropriate locations (active theme directory, parent theme directory, or /wp-includes/theme-compat/ directory).

    Example:

    $template = locate_template( $template_filename_from_unsanitized_user_input );

// Only allow templates that are in the active theme directory, parent theme
// directory, or the /wp-includes/theme-compat/ directory (prevent directory 
// traversal attacks).
$template_in_theme_or_parent_theme_or_compat = (
	// Template is in current theme folder.
	0 === strpos( realpath( $template ), realpath( STYLESHEETPATH ) ) ||
	// Template is in current or parent theme folder.
	0 === strpos( realpath( $template ), realpath( TEMPLATEPATH ) ) ||
	// Template is in theme-compat folder.
	0 === strpos( realpath( $template ), realpath( ABSPATH . WPINC . '/theme-compat/' ) )
);

if ( $template_in_theme_or_parent_theme_or_compat ) {
	require_once( $template );
}

    Expand full source codeCollapse full source code

You must log in before being able to contribute a note or feedback.