This code is for a microsite where the client wants their twitter feed to be displayed. The site is completely static other than this element so I’ve decided to use a cache file instead of a database.
The twitter class in use is here: http://github.com/j7mbo/twitter-api-php
$content = null;
if(file_exists(dirname(__FILE__).'/cache/twitter.json')) {
$content = json_decode(file_get_contents(dirname(__FILE__).'/cache/twitter.json'));
$content = ($content->checktime + 1200 > time() ) ? $content->tweets : null;
}
if (is_null($content)) {
$twitter = new TwitterAPIExchange(array(
'oauth_access_token' => 'redacted',
'oauth_access_token_secret' => 'redacted',
'consumer_key' => 'redacted',
'consumer_secret' => 'redacted'
));
$content = array(
'tweets' => json_decode($twitter->setGetfield('redacted')
->buildOauth('https://api.twitter.com/1.1/statuses/user_timeline.json', 'GET')
->performRequest()
),
'checktime' => time()
);
file_put_contents(dirname(__FILE__).'/cache/twitter.json', json_encode($content));
$content = $content['tweets'];
}
The goal is to hit the API only once an hour and pull the most recent tweet. Presuming the cache directory permissions are strict as possible (webserver will be able to write) is there any security implications I’m overlooking?
The only hardening I can think of is to position the cache directory outside the webserver browse scope.