Hi Chip, <div><br></div><div>The most common example is using stripslashes (sample here <a href="http://themes.svn.wordpress.org/ttblog/1.0.2/header.php">http://themes.svn.wordpress.org/ttblog/1.0.2/header.php</a>), also, the functions.php of the same theme uses:</div>
<div><br></div><div><span class="Apple-style-span" style="font-family: 'Times New Roman'; font-size: medium; "><pre style="word-wrap: break-word; white-space: pre-wrap; ">$truncate = preg_replace('@<script[^>]*?>.*?</script>@si', '', $truncate);</pre>
</span></div><div>I think this could also be handled (or maybe not), there are trim, htmlentities and similar functions used in themes. I am interested in functions such as wp_kses - <a href="http://codex.wordpress.org/Function_Reference/wp_kses">http://codex.wordpress.org/Function_Reference/wp_kses</a> - as they seem multifunctional to me. I was wondering if any of you has posted the 'formatting and security best practices and top functions' or something like this compared to plain PHP solutions.<br>
<br>Thanks in advance. :)</div><div><br>Mario Peshev<br>freelance software developer/trainer<br><a href="http://www.linkedin.com/in/mpeshev">http://www.linkedin.com/in/mpeshev</a><br><a href="http://peshev.net/blog">http://peshev.net/blog</a><br>
<br>
<br><br><div class="gmail_quote">On Thu, Aug 11, 2011 at 3:57 PM, Chip Bennett <span dir="ltr"><<a href="mailto:chip@chipbennett.net">chip@chipbennett.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Mario,<div><br></div><div>The only "dummy" question is the one that remains unasked. :)</div><div><br></div><div>Can you provide a more specific example? Perhaps a ticket or something, that uses the function(s) in question?</div>
<div><br></div><div>In general, though, IMHO, it is *always* preferable to use a core WP function for content filtering and/or untrusted data sanitization/validation.</div><div><br></div><div>Chip<br><br><div class="gmail_quote">
<div><div></div><div class="h5">
On Thu, Aug 11, 2011 at 7:53 AM, Mario Peshev <span dir="ltr"><<a href="mailto:mario@peshev.net" target="_blank">mario@peshev.net</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div></div><div class="h5">
Hello Reviewers,<div><br></div><div>I'm not that well acquainted with security in PHP and WP so it might be a bit dummy question, but I have tough time following the parsing and formatting practices in WP themes. Since there is a Formatting section in WP function list - <a href="http://codex.wordpress.org/Function_Reference#Formatting_Functions" target="_blank">http://codex.wordpress.org/Function_Reference#Formatting_Functions</a> , and some of the functions seem pretty similar to the same function names in PHP, what is the rule and is it required for the WP functions to be used instead, are they always better than plain PHPs?<br clear="all">
<font color="#888888">
<br>Mario Peshev<br>freelance software developer/trainer<br><a href="http://www.linkedin.com/in/mpeshev" target="_blank">http://www.linkedin.com/in/mpeshev</a><br><a href="http://peshev.net/blog" target="_blank">http://peshev.net/blog</a><br>
<br>
</font></div>
<br></div></div>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>