<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="Content-Type">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
Hi chipbennett,<br>
<br>
as you have asked me to ping you if I have fixed all and uploaded a
new version (created a new ticket) I will do so with this mail. Is
this the correct way to ping you?<br>
<br>
The new Ticket can be found here: <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://themes.trac.wordpress.org/ticket/4074">http://themes.trac.wordpress.org/ticket/4074</a><br>
<br>
See my answers below:<br>
<strong><br>
S</strong><strong><a moz-do-not-send="true" class="missing wiki">ettings/Security?</a>
Review</strong><br>
<ul>
<li>Themes are not permitted to replace core-bundled scripts such
as jQuery and jQuery-ui. Theme deregisters core-bundled jQuery
and jQuery-ui in order to register CDN versions. Doing so in the
Admin area is especially troublesome, because ALL of Admin
relies heavily on the specific versions of these scripts that
have been bundled (and tested heavily) for compatibility. </li>
</ul>
>> I have removed all deregisters and CDN versions and use the
wordpress core-bundled scripts now.<br>
<ul>
<li>Theme Settings Page form does not perform nonce-checking. </li>
</ul>
>> I have added nonce-checking to every form<br>
<ul>
<li>Theme does not validate/sanitize user data upon form
submission/database input </li>
</ul>
>> I have added validate/sanitize to every form too. I used
your theme coraline as example.<br>
<ul>
<li>Theme does not use <tt>checked()</tt>/<tt>selected()</tt>
where appropriate (e.g. <tt>post-meta-box.php</tt> and <tt>page-meta-box.php</tt>)
</li>
</ul>
>> Great functions, I didn't know. I have changed it
everywhere. <br>
<ul>
<li>Unless I'm misreading the code, Theme options are still saved
to the database individually, rather than a single options
array. </li>
</ul>
>> This is fixed too, I have once more rewritten the cheezcap
class and changed it to work the WordPress way.<br>
I also created new function to generate a default array and changed
all similar the way you do it in the coraline theme.<br>
<p> <strong>Previous Ticket Issues</strong><br>
</p>
<ul>
<li>Custom Header Image: if included feature is <em>Custom Logo</em>,
it is acceptable to use custom functionality. If the feature is
a <em>Header Image</em>, then support for the core
implementation is <strong>required</strong> </li>
<li>Custom Background is <strong>required</strong> to support the
core implementation, if this feature is included. (If you want
to add more extensive options than what is available in the core
implementation of a particular feature, then you can either hook
into the core feature, or offer a Theme option to use the core
implementation, or the Theme's custom implementation. This is
done somewhat frequently with, e.g. custom nav menus. It would
also possibly be appropriate for this Theme's background
customization options.) </li>
</ul>
>> I have added the core implementation for Header and
Background too. Now the user can decide if he likes to use the
WordPress core implementation or our theme settings. To be honest,
the core is kind of limited for some reasons.<br>
In our theme settings, you can decide the header height and do not
need to crop the image. This makes sense in a lot of cases and gives
more freedom to the designer. <br>
<br>
<br>
This ticket was quite a lot of work, but also was a great teacher
for us too. It is a great feeling to build things exactly the wp
way.<br>
I hope the theme is now ready for the repository and gets approved.
That doesn't mean, we will not love to get more lessons.<br>
<br>
Thanks a lot for all<br>
<br>
Sven
</body>
</html>