Download the PHP package parisek/timber-kit without Composer

On this page you can find all versions of the php package parisek/timber-kit. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of parisek/timber-kit

Informations about the package timber-kit

timber-kit

WordPress/Timber starter kit — configurable base class, ACF helpers, image resizer, dev media proxy, WPForms config bridge, ACF block renderer.

Installation

What's Included

StarterBase

Extends Timber\Site with 25 configurable properties. Handles theme setup, Twig extensions, security hardening, Gutenberg blocks, media processing, and admin cleanup — all opt-in via boolean flags.

Helpers

Static methods for formatting ACF data into clean arrays for Twig templates:

Resizer

Image resizing via Spatie/Image. AVIF output, responsive variants with breakpoints, crop positions, and cache management. Exposed as a single polymorphic Twig filter, |resizer, that detects its argument shape and routes to one of two underlying methods.

Tuples mode (positional, variadic)

Caller passes the variant tuples directly, in order. Each tuple is [width, height, media-min-width, image_style, quality?] — same shape Resizer::resizer() consumes:

Orientation-aware mode (single map arg)

When the single argument is an associative array carrying at least one of landscape / portrait / square keys, the filter classifies the source image's aspect (±10 % tolerance band around 1:1, overridable via the timber_kit_resizer_aspect_tolerance WP filter) and dispatches the matching tuple set to the standard resize pipeline:

Lets templates drop the inline image.width >= image.height branch.

Fallbacks. Missing-metadata / non-numeric / zero-dimension sources classify as landscape (preserves the historical wide-crop default for legacy assets). When the matched bucket has no tuples (empty array or absent key), the helper falls through to the landscape bucket; if that's also empty / absent, the source passes through unchanged rather than crashing with an empty <picture>.

Detection (how the two shapes coexist). The dispatch lives in Resizer::isOrientationMap(): a single arg that's an associative array with at least one recognised key flips into orientation mode. Tuples have integer keys (width / height / media / image_style / quality), so the two shapes can't realistically collide. PHP callers wanting the bucket without the resize step can call Resizer::classifyAspect() directly.

DevMediaProxy

Development-only media proxy for projects that do not keep wp-content/uploads synchronized locally. When TIMBERKIT_MEDIA_ORIGIN is configured, missing local media URLs are rewritten to the upstream origin for common WordPress media surfaces and Media Library payloads.

It also integrates with Resizer through the timber_kit_resizer_missing_source_variants filter, so missing local source images can fall back to already-generated remote variants before returning the original image URL.

WPFormsConfigBridge

Bridges wp-config.php constants to entries of the wpforms_settings option, so per-environment values such as Cloudflare Turnstile test keys can be stored in environment config rather than the WordPress database.

A setting key turnstile-site-key is overridden by a constant WPFORMS_TURNSTILE_SITE_KEY (hyphens become underscores, the whole name uppercased). The bridge is activated automatically by StarterBase when WPForms is loaded.

BlockRenderer

Render callback for ACF Gutenberg blocks defined via block.json. Migrated from per-theme functions.php so projects derived from portadesign/wordpress-base carry one versioned source of truth instead of duplicating ~140 lines per theme.

Wire as block.json renderCallback:

Or call from a wrapper in your theme's functions.php for backwards-compatible block.json files:

What it does:

The class is final with three public static methods: render(), isInserterPreview(), flushPostBlockCache().

Filters

Package-level filters (stable across versions, prefixed timber_kit/):

Filter Args Purpose
timber_kit/block_renderer/cache_key (string $key, array $cache_data, string $block_name) Override the cache key composition (e.g. add user role / segment to the variation vectors). Default: 'acf_block_' . md5(wp_json_encode($cache_data)) with $cache_data = [name, data, anchor, className, post_id, lang, paged].
timber_kit/block_renderer/use_cache (bool $enabled, string $block_name, array $attributes) Override the cache-enabled decision per block. Default: true when the block has no registered block_<name>_content filter and the site uses an external object cache with flush_group support.
timber_kit/block_renderer/content_data (?array $content_data, int|string $post_id, bool $is_preview, array $attributes) Override the content data ACF would have hydrated. Return a non-null array to short-circuit Helpers::formatFields() — useful for tests, storybook-style block fixtures, or projects that don't use ACF. Returning null (default) preserves the ACF code path.
timber_kit/block_renderer/context (array $context, string $block_name, bool $is_preview) Last-chance Twig context modification before Timber::compile() runs.
timber_kit/block_renderer/empty_alert_html (string $html, string $block_name, array $attributes) Replace the empty-block warning HTML entirely. Themes can return their own Twig render here (see migration example below).

Per-block legacy filters (preserved from the original timber_block_render_callback for backwards compatibility — <slug> is the block name with acf/ stripped and dashes converted to underscores, e.g. acf/article-featuredarticle_featured):

Filter Args Purpose
block_<slug>_content (array $content_data) Per-block content transform (legacy hook preserved for backwards compatibility). Skipped during inserter-library previews so example data isn't enriched with derived values that would distort thumbnails.
block_<slug>_template (string $template_path, array $content_data) Per-block template path override (legacy hook). Runs in all modes including inserter previews. Default path: @component/<slug>/<slug>.twig.

Twig template

empty-alert.twig is shipped under the @timber-kit/ Twig namespace, registered automatically by StarterBase at priority 20 (so theme paths under the same namespace take precedence). It uses Gutenberg's .block-editor-warning classes for native editor styling and exposes a stable .timber-kit-block-empty class + data-block attribute for theme overrides.

Cache invalidation

BlockRenderer::flushPostBlockCache($post_id) is the handler StarterBase wires to acf/save_post at priority 20. When ACF saves a post, the cache group acf_block_{$post_id} is flushed — invalidating exactly the cached blocks tied to that post without touching others. The handler guards against non-numeric ids (ACF options-page strings, opaque block_* ids) and against environments without wp_cache_supports('flush_group').

Usage

Create a Base class in your theme that extends StarterBase:

Configuration

Override these properties in your child constructor before calling parent::__construct():

Theme

Property Type Default Description
$menus array [] Registered navigation menus
$font_stylesheets array [] CSS files to enqueue on the frontend. Also forwarded into the Gutenberg editor canvas (both iframed and non-iframed) via block_editor_settings_all, so custom @font-face declarations render in the editor without falling back to system fonts. Relative paths are resolved under static/ and cache-busted with filemtime; absolute URLs pass through
$preload_fonts array [] Font files to preload
$search_post_types array ['post'] Post types for search
$article_post_types array ['post'] Post types treated as articles
$block_category array ['slug' => 'custom', 'title' => 'Custom'] Custom block category
$favicon_path string 'images/touch/favicon.svg' Favicon path

Security & Cleanup

Property Type Default Description
$cleanup_wp_head bool true Remove unnecessary wp_head output
$disable_xmlrpc bool true Disable XML-RPC
$disable_emojis bool true Remove emoji scripts/styles
$disable_feeds bool true Disable RSS feeds
$disable_comments bool true Disable comments site-wide: removes comments/trackbacks support from every registered post type (including those registered later via registered_post_type); closes comments_open/pings_open; redirects the Edit Comments admin page and Discussion Settings to the dashboard; unregisters the WP_Widget_Recent_Comments sidebar widget; removes /wp/v2/comments REST routes; rejects REST comment insertion with 403 even if a route is re-registered; removes comment + pingback XML-RPC methods; drops the X-Pingback header; and forces default_comment_status/default_ping_status to closed. Removal of the admin-bar comments node and the dashboard_recent_comments admin widget is controlled separately by $cleanup_admin_bar and $cleanup_dashboard.
$disable_search bool true Disable search
$cleanup_dashboard bool true Remove dashboard widgets
$cleanup_admin_bar bool true Clean up admin bar
$editor_role_enhancements bool true Enhanced editor role caps
$disable_self_pingbacks bool true Disable self-pingbacks
$restrict_rest_users bool true Protect REST API users endpoint
$disable_application_passwords bool true Disable WordPress application passwords so the application-passwords REST endpoint cannot issue long-lived API credentials
$block_author_enumeration bool true Turn numeric ?author=N requests into a 404 on template_redirect (before redirect_canonical), so the /?author=1/author/{username}/ username-disclosure attack is blocked. Path-based /author/{slug}/ URLs, admin author filters, and alphanumeric slugs are left alone
$disable_file_editing bool true Define DISALLOW_FILE_EDIT so the Theme Editor and Plugin Editor screens are removed from wp-admin
$remove_wp_generator bool true Strip the WordPress version from the the_generator filter (covers both <meta name="generator"> and RSS/Atom feed generators)

Media Processing

Property Type Default Description
$clean_image_filenames bool true Sanitize uploaded filenames
$max_upload_width int 2560 Max upload image width (px)
$max_upload_height int 2560 Max upload image height (px)

Dev Media Proxy

Configure the proxy in environment config such as VPConfig:

Behavior:

Available hooks:

WPForms Config Bridge

Define overrides in wp-config.php:

Bridged keys:

The Cloudflare always-pass test sitekey/secret pair above (1x000…AA / 1x000…AA) is recommended for staging/CI to avoid headless detection blocking the challenge widget.

When any override is active, an admin notice on WPForms admin screens lists which setting keys are read from wp-config.php, so values saved through the WP admin do not silently disappear at runtime without explanation.

Gutenberg

Property Type Default Description
$gutenberg_align_wide bool true Enable wide/full alignment
$gutenberg_responsive_embeds bool true Responsive video embeds
$gutenberg_editor_styles bool true Load editor stylesheet
$gutenberg_disable_core_patterns bool true Remove core block patterns

Breadcrumbs

Breadcrumb data ($context['breadcrumb']) is auto-populated by StarterBase::timber_context() from the properties below — projects only override these to customise behaviour. A legacy compatibility guard (class_exists('\Breadcrumb', false)) skips auto-populate when a project still ships the pre-1.7 global \Breadcrumb class.

Property Type Default Description
$breadcrumb_labels array<string, string> ['home' => 'Home', '404' => 'Page not found', 'search' => 'Search: %s', 'pagination' => 'Page %d', 'author' => 'Author: %s'] Pre-translated labels for typed items. Defaults are English raw strings — override via setup_breadcrumb_labels() (not __construct()), see below.
$breadcrumb_menu_name string 'main-menu' Nav-menu location slug for the menu-trail strategy (by_menu_trail). Set to a different menu's location slug if breadcrumbs should follow a non-main navigation.
$breadcrumb_list_page_map array<string, string> [] Post type → ACF option key for "listing page" injection between Home and a single post of that type. Example: ['post' => 'article_list'] injects links.article_list (from the ACF Global Options Page) as the parent crumb on every single post.
$breadcrumb_menu_trail_post_types ?array null Post types eligible for menu-trail. null = auto-detect via is_post_type_hierarchical(). Pass an explicit list to opt-in / opt-out specific CPTs regardless of hierarchy.
$breadcrumb_include_pagination bool false Append a "Page N" item on paginated archive views. Off by default — opt in per project.

Localising labels — override setup_breadcrumb_labels(), not __construct()

Calling _x() from Base::__construct() to populate $breadcrumb_labels triggers WordPress 6.7+'s _load_textdomain_just_in_time notice — the constructor runs before init, but the theme's textdomain has not loaded yet. StarterBase registers setup_breadcrumb_labels() on init (priority 1) as the project-side hook for translated labels:

$this->theme_name in both _x() slots is intentional — it doubles as the translation context and the textdomain, so a single project identifier scopes everything. Substitute the source strings with the project's locale (Czech, German, …) and the WPML / Polylang stack picks the right translation at render time.

Projects that don't need translated labels (single-locale English sites) can skip the override entirely — the English defaults declared on $breadcrumb_labels apply unchanged.

Performance

Replaces the standalone Speculation Rules plugin. After upgrading, downstream projects can wp plugin deactivate speculation-rules && wp plugin delete speculation-rules — the same prerender / moderate / logged-out behaviour ships from the theme.

Property Type Default Description
$speculation_rules ?array ['mode' => 'prerender', 'eagerness' => 'moderate', 'authentication' => 'logged_out'] Hooks configure_speculation_rules() onto the WP 6.8+ wp_speculation_rules_configuration filter. Defaults mirror the standalone plugin's defaults — faster than WP core's prefetch / conservative, with rules emitted only for logged-out visitors so editors browsing the frontend from wp-admin don't trigger prerender-driven double-fires of GA / GTM / Productive page-views. Override individual keys per project (e.g. drop to prefetch if Consent Mode v2 is configured for imperative tracking), or set the whole property to null to fall back to WP core defaults (no override, no auth gate).
$warn_speculation_rules_plugin_redundant bool true Registers a Site Health test (Tools > Site Healthtimber_kit_speculation_rules_redundant). Returns status: 'good' when the standalone plugin is inactive; returns status: 'recommended' with a "Manage plugin" link when both code paths are running and would duplicate the wp_speculation_rules_configuration filter. Passive signal only — no admin-notice banner, no auto-deactivation.

The companion wp_speculation_rules_href_exclude_paths filter is intentionally not wrapped — WP 6.8+ core already excludes /wp-login.php, /wp-admin/*, query-string action URLs, etc., and the standalone plugin only re-emitted a legacy plsr_… filter for backwards compatibility. Downstream projects can still hook the WordPress core filter directly when a project-specific URL needs to be excluded.

Block renderer migration guide

If you're upgrading from a theme that carried timber_block_render_callback() inline in functions.php:

  1. Bump the Composer constraint to ^1.5:

  2. Replace the inline timber_block_render_callback() body with a wrapper:

    block.json files referencing the old function name keep working.

  3. Remove the freestanding add_action( 'acf/save_post', … 'acf_block_…' flush ) hook from functions.php — the package now owns it: StarterBase::__construct() wires BlockRenderer::flushPostBlockCache() to acf/save_post at priority 20.

  4. (Optional) If you want to keep your existing Tailwind alert template for the empty-block warning, register an override:

    Without this filter the package renders its own Twig template (@timber-kit/empty-alert.twig) using Gutenberg's native .block-editor-warning classes — no theme styling required.

Testing

The property suite (tests/Property/, powered by giorgiosironi/eris) targets pure functions only and runs under its own phpunit.property.xml config to stay isolated from Brain\Monkey's Patchwork hooks. CI pins ERIS_SEED to the Actions run ID — reproduce a failing build locally with ERIS_SEED=<run-id> composer test:property.

Releasing

Releases are automated through two GitHub Actions workflows:

Per-PR conventions

Add entries under ## [Unreleased] in CHANGELOG.md with Keep a Changelog categories (### Added, ### Changed, ### Deprecated, ### Removed, ### Fixed, ### Security). Squash-merge PRs into main so the merge commit subject ends with (#N) — the auto-release workflow uses that to assemble the Pull Requests section.

Distribution scope

.gitattributes marks CHANGELOG.md, tests/, .github/, .ddev/, phpunit.xml, phpstan.neon, and other dev-only files as export-ignore, so composer require parisek/timber-kit only pulls src/, composer.json, LICENSE, and README.md into the consumer's vendor/ tree. No Composer-side archive.exclude config is needed — .gitattributes covers both composer archive and GitHub source-zip downloads.

License

GPL-3.0-or-later

All versions of timber-kit with dependencies

PHP Build Version
Package Version
Requires php Version ^8.3
ext-gd Version *
parisek/twig-attribute Version ^1.0
parisek/twig-common Version ^1.0
parisek/twig-typography Version ^1.0
spatie/image Version ^3.8
symfony/twig-bridge Version ^5.4 || ^6.2 || ^7.0
symfony/var-dumper Version ^5.4 || ^6.2 || ^7.0
timber/timber Version ^2.0
twig/string-extra Version ^3.0
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package parisek/timber-kit contains the following files

Loading the files please wait ...