[theme-reviewers] Exposing admin urls

Edward Caissie edward.caissie at gmail.com
Fri May 17 23:22:17 UTC 2013


As a *recommendation* for Theme Authors to check, sure ... especially if
there are relevant links to the codex and/or examples on how to avoid the
issue.

Edward Caissie
aka Cais.


On Fri, May 17, 2013 at 8:39 AM, Chip Bennett <chip at chipbennett.net> wrote:

> Is this an opportunity for clarification/elaboration in the Theme Security
> section of the Guidelines?
>
>
> On Fri, May 17, 2013 at 8:26 AM, Edward Caissie <edward.caissie at gmail.com>wrote:
>
>> A recommendation for the next release would likely suffice ... it may
>> have just been an over-sight on the Theme-Authors part to not wrap the link
>> in a conditional.
>>
>> Edward Caissie
>> aka Cais.
>>
>>
>> On Fri, May 17, 2013 at 7:46 AM, esmi at quirm dot net <esmi at quirm.net>wrote:
>>
>>> on 17/05/2013 12:15 Srikanth Koneru said the following:
>>>
>>>    was asked to wrap current_user_can('edit_theme_**options') around an
>>>> admin
>>>> url once, so you are not being picky :)
>>>> You can ask the theme author to display that message only for admin of
>>>> the
>>>> blog.
>>>>
>>>
>>> Thanks. I'll make this a recommended step for a future update unless
>>> anyone else feels it's a show stopper.
>>>
>>>
>>> Mel
>>> --
>>> http://quirm.net
>>> http://blackwidows.co.uk
>>> ______________________________**_________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.**wordpress.org<theme-reviewers at lists.wordpress.org>
>>> http://lists.wordpress.org/**mailman/listinfo/theme-**reviewers<http://lists.wordpress.org/mailman/listinfo/theme-reviewers>
>>>
>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20130517/2755c4a2/attachment.html>


More information about the theme-reviewers mailing list