[theme-reviewers] Formatting functions and parsing
Chip Bennett
chip at chipbennett.net
Thu Aug 11 13:21:57 UTC 2011
Mario,
Also: that Google Analytics code needs to be *enqueued* at wp_head (probably
the best place is 'wp_enqueue_scripts'), rather than put directly into the
document head. Just FYI.
Chip
On Thu, Aug 11, 2011 at 8:06 AM, Mario Peshev <mario at peshev.net> wrote:
> Hi Chip,
>
> The most common example is using stripslashes (sample here
> http://themes.svn.wordpress.org/ttblog/1.0.2/header.php), also, the
> functions.php of the same theme uses:
>
> $truncate = preg_replace('@<script[^>]*?>.*?</script>@si', '', $truncate);
>
> I think this could also be handled (or maybe not), there are trim,
> htmlentities and similar functions used in themes. I am interested in
> functions such as wp_kses -
> http://codex.wordpress.org/Function_Reference/wp_kses - as they seem
> multifunctional to me. I was wondering if any of you has posted the
> 'formatting and security best practices and top functions' or something like
> this compared to plain PHP solutions.
>
> Thanks in advance. :)
>
> Mario Peshev
> freelance software developer/trainer
> http://www.linkedin.com/in/mpeshev
> http://peshev.net/blog
>
>
>
> On Thu, Aug 11, 2011 at 3:57 PM, Chip Bennett <chip at chipbennett.net>wrote:
>
>> Mario,
>>
>> The only "dummy" question is the one that remains unasked. :)
>>
>> Can you provide a more specific example? Perhaps a ticket or something,
>> that uses the function(s) in question?
>>
>> In general, though, IMHO, it is *always* preferable to use a core WP
>> function for content filtering and/or untrusted data
>> sanitization/validation.
>>
>> Chip
>>
>> On Thu, Aug 11, 2011 at 7:53 AM, Mario Peshev <mario at peshev.net> wrote:
>>
>>> Hello Reviewers,
>>>
>>> I'm not that well acquainted with security in PHP and WP so it might be a
>>> bit dummy question, but I have tough time following the parsing and
>>> formatting practices in WP themes. Since there is a Formatting section in WP
>>> function list -
>>> http://codex.wordpress.org/Function_Reference#Formatting_Functions , and
>>> some of the functions seem pretty similar to the same function names in PHP,
>>> what is the rule and is it required for the WP functions to be used instead,
>>> are they always better than plain PHPs?
>>>
>>> Mario Peshev
>>> freelance software developer/trainer
>>> http://www.linkedin.com/in/mpeshev
>>> http://peshev.net/blog
>>>
>>>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110811/d0faaae6/attachment.htm>
More information about the theme-reviewers
mailing list