Mario,<div><br></div><div>Also: that Google Analytics code needs to be *enqueued* at wp_head (probably the best place is 'wp_enqueue_scripts'), rather than put directly into the document head. Just FYI.</div><div><br>
</div><div>Chip<br><br><div class="gmail_quote">On Thu, Aug 11, 2011 at 8:06 AM, Mario Peshev <span dir="ltr"><<a href="mailto:mario@peshev.net">mario@peshev.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi Chip, <div><br></div><div>The most common example is using stripslashes (sample here <a href="http://themes.svn.wordpress.org/ttblog/1.0.2/header.php" target="_blank">http://themes.svn.wordpress.org/ttblog/1.0.2/header.php</a>), also, the functions.php of the same theme uses:</div>
<div><br></div><div><span style="font-family:'Times New Roman';font-size:medium"><pre style="word-wrap:break-word;white-space:pre-wrap">$truncate = preg_replace('@<script[^>]*?>.*?</script>@si', '', $truncate);</pre>
</span></div><div>I think this could also be handled (or maybe not), there are trim, htmlentities and similar functions used in themes. I am interested in functions such as wp_kses - <a href="http://codex.wordpress.org/Function_Reference/wp_kses" target="_blank">http://codex.wordpress.org/Function_Reference/wp_kses</a> - as they seem multifunctional to me. I was wondering if any of you has posted the 'formatting and security best practices and top functions' or something like this compared to plain PHP solutions.<br>
<br>Thanks in advance. :)</div><div><div class="im"><br>Mario Peshev<br>freelance software developer/trainer<br><a href="http://www.linkedin.com/in/mpeshev" target="_blank">http://www.linkedin.com/in/mpeshev</a><br><a href="http://peshev.net/blog" target="_blank">http://peshev.net/blog</a><br>
<br>
<br><br></div><div><div></div><div class="h5"><div class="gmail_quote">On Thu, Aug 11, 2011 at 3:57 PM, Chip Bennett <span dir="ltr"><<a href="mailto:chip@chipbennett.net" target="_blank">chip@chipbennett.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Mario,<div><br></div><div>The only "dummy" question is the one that remains unasked. :)</div><div><br></div><div>Can you provide a more specific example? Perhaps a ticket or something, that uses the function(s) in question?</div>
<div><br></div><div>In general, though, IMHO, it is *always* preferable to use a core WP function for content filtering and/or untrusted data sanitization/validation.</div><div><br></div><div>Chip<br><br><div class="gmail_quote">
<div><div></div><div>
On Thu, Aug 11, 2011 at 7:53 AM, Mario Peshev <span dir="ltr"><<a href="mailto:mario@peshev.net" target="_blank">mario@peshev.net</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div></div><div>
Hello Reviewers,<div><br></div><div>I'm not that well acquainted with security in PHP and WP so it might be a bit dummy question, but I have tough time following the parsing and formatting practices in WP themes. Since there is a Formatting section in WP function list - <a href="http://codex.wordpress.org/Function_Reference#Formatting_Functions" target="_blank">http://codex.wordpress.org/Function_Reference#Formatting_Functions</a> , and some of the functions seem pretty similar to the same function names in PHP, what is the rule and is it required for the WP functions to be used instead, are they always better than plain PHPs?<br clear="all">
<font color="#888888">
<br>Mario Peshev<br>freelance software developer/trainer<br><a href="http://www.linkedin.com/in/mpeshev" target="_blank">http://www.linkedin.com/in/mpeshev</a><br><a href="http://peshev.net/blog" target="_blank">http://peshev.net/blog</a><br>
<br>
</font></div>
<br></div></div>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>