Maximum depth for theme files

[stklcode]

Side note from a bug report in the WP support forums: https://wordpress.org/support/topic/virus-alert-since-1-4-0/

AntiVirus scans theme files with a maximum depth of 1, i.e. theme base + 1 sublevel:

antivirus/inc/class-antivirus.php

Line 396 in 5341113

$files = $theme->get_files( 'php', 1 );

This behavior is not documented, so as a regular user I would expect that all my theme files are scanned. I can only guess the reason why the limit was explicitly set to 1 here.

There are themes that contain PHP files in a deeper hierarchy, like inc/admin/getting-started/getting-started.php (3)

There a several potential changes to apply in this case:

1. Don't change the behavior and document it.
2. Raise the limit to a higher value (3, 5, 10, ...)
3. Make it configurable in plugin options or via hook.

[patrickrobrecht]

I'd suggest a 4th option: just scan all levels. -1 is for infinite levels (see Code Reference for WP_Theme::get_files()).

[stklcode]

I’d call it “option 2a“, but that’s not the point here.

There are some potential pitfalls when scanning directory structures recursively without restrictions (e.g. infinite loops through links on certain filesystems). But I don’t see any real drawbacks here, so I merged the corresponding PR.