On Wed, Oct 20, 2010 at 9:28 AM, Gene Robinson <span dir="ltr"><<a href="mailto:emhr@submersible.me">emhr@submersible.me</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div style="word-wrap:break-word"><div>@Nacin - When you review <a href="http://themes.trac.wordpress.org/ticket/1596" target="_blank">Simply Works Core 1.3.3</a> , I'd appreciate your going-over my <a href="http://themes.trac.wordpress.org/ticket/1566" target="_blank"></a>previous review's <a href="http://themes.trac.wordpress.org/ticket/1566" target="_blank">suggestions</a>.</div>
</div></blockquote><div><br></div><div>I've posted my comments to <a href="http://themes.trac.wordpress.org/ticket/1596">http://themes.trac.wordpress.org/ticket/1596</a>. Better than plenty of other things I've seen, but there's room for improvement.</div>
<div><br></div><div>So... The stuff in Thematic -- which I'm just seeing now, after I left the comment, so I didn't realize how much came from that -- it made me cringe. Should receive a security audit at some point.</div>
<div><br></div><div>On the other hand, Ian's tutorial you linked to looks better than I'm seeing in that theme. Also, I'd like to think that the Settings API should always always be emphasized, with links to the tutorials by Ozh and Otto, over doing it by hand. Especially when the person just copy-pasted from elsewhere with probably limited understanding of what it all did.</div>
<div><br></div><div>Security has to do with basic fundamentals: Watch out for user input, watch out for attributes, watch out for building SQL, watch out for authentication and intention, etc.</div></div>