<div dir="ltr">Yes. There's no need to worry about that. We don't need to talk suspensions since this is not a security, spam, or copyright issue. I just wanted to bring this up so that we can deal with it going forward.</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 20, 2014 at 2:49 PM, Srikanth Koneru <span dir="ltr"><<a href="mailto:tskk79@gmail.com" target="_blank">tskk79@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Current themes already live in directory will get time till Devin issues a fix correct?<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 21, 2014 at 1:05 AM, Edward Caissie <span dir="ltr"><<a href="mailto:edward.caissie@gmail.com" target="_blank">edward.caissie@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Nice catch, Justin!</div><div class="gmail_extra"><span><font color="#888888"><br clear="all"><div>Edward Caissie<br>aka Cais.</div></font></span><div><div>
<br><div class="gmail_quote">On Mon, Oct 20, 2014 at 1:54 PM, Justin Tadlock <span dir="ltr"><<a href="mailto:justin@justintadlock.com" target="_blank">justin@justintadlock.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I've just been helping with a review of a theme and taking a closer look at the Options Framework. It appears that it saves an option to the database instead of using defaults. Here's the relevant code, which is run on the `admin_init` hook:</div><div><a href="https://github.com/devinsays/options-framework-plugin/blob/master/includes/class-options-framework.php#L37" target="_blank">https://github.com/devinsays/options-framework-plugin/blob/master/includes/class-options-framework.php#L37</a></div><div><br></div><div>We've implemented a requirement of sane defaults and not writing default options to the database since WP 3.9:</div><div><a href="https://make.wordpress.org/themes/2014/07/09/using-sane-defaults-in-themes/" target="_blank">https://make.wordpress.org/themes/2014/07/09/using-sane-defaults-in-themes/</a></div><div><br></div><div>This is going to be problematic for any theme in the directory using the Options Framework. I've opened a ticket on GitHub to see if we can get this changed:</div><div><a href="https://github.com/devinsays/options-framework-plugin/issues/200" target="_blank">https://github.com/devinsays/options-framework-plugin/issues/200</a></div><div><br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 20, 2014 at 11:15 AM, Edward Caissie <span dir="ltr"><<a href="mailto:edward.caissie@gmail.com" target="_blank">edward.caissie@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I would have concerns with an "approved framework" list as it implies it is fully vetted and maintained ... which would be by whom?<div><br></div><div>Also, the "approved" part should also include the "approved implementation" of the framework as well ... again who will be ensuring that is kept up to date and accurate?</div><div><br></div><div>Granted it is very time-consuming to review a theme *and* any bundled frameworks but that is simply the nature of reviewing. Themes are to stand on their own merits, which means every time a theme is submitted for review it should technically be reviewed in its entirety (although exceptions are made for previously approved themes to allow for "diff" reviews even those should be fully checked from time to time to ensure "old" code is still correct and up to current standards).</div></div><div class="gmail_extra"><span><font color="#888888"><br clear="all"><div>Edward Caissie<br>aka Cais.</div></font></span><div><div>
<br><div class="gmail_quote">On Mon, Oct 20, 2014 at 11:39 AM, Ulrich Pogson <span dir="ltr"><<a href="mailto:grapplerulrich@gmail.com" target="_blank">grapplerulrich@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">The plugin review is normally done just once when you submit a plugin. The themes are reviewed for each update to make sure the guildlines are followed. </p>
<p dir="ltr">If you are having trouble with a review you can always ask for a mentor. The current place to ask for a mentor is here <a href="https://make.wordpress.org/themes/2014/10/09/hey-mentors-and-mentees-how-are-things-weve/" target="_blank">https://make.wordpress.org/themes/2014/10/09/hey-mentors-and-mentees-how-are-things-weve/</a></p>
<p dir="ltr">I think it might be an idea to have a list of approved framework versions. </p><div><div>
<div class="gmail_quote">On 20 Oct 2014 17:22, "Venkat Raj" <<a href="mailto:venkat@webulous.in" target="_blank">venkat@webulous.in</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
It is options framework, but it doesn't matter. I meant to say any
"bundled resource"<br>
Checking everything makes sense and we should.<br>
<br>
My concern is that, say we have 2 embedded resource then 1 theme
review = 1 theme code + 2 plug-in code review?<br>
I think admins can make a rule for this, because<br>
1) We're already atleast 6 week behind <br>
2) New comers like me, don't have much experience in reviewing
plugin code and security issues.<br>
<br>
<br>
<div>On Monday 20 October 2014 08:34 PM,
Emil Uzelac wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif">If you are
referring to <a href="http://wptheming.com/options-framework-plugin/" target="_blank">http://wptheming.com/options-framework-plugin/</a>
I don't think that phoning home is involved.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Now, it does
not matter if the code was integrated as-is, or has been
modified, we still need to check everything :)</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Oct 20, 2014 at 8:59 AM, Jasin
S. <span dir="ltr"><<a href="mailto:jasins@wphoot.com" target="_blank">jasins@wphoot.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>
<div>^ what tskk said.<br>
<br>
</div>
A good starting point would be using diff to check if
the Options framework has been inserted "as-is" in the
theme, or if its a modified version (maybe even
malicious code)<br>
<br>
</div>
I find Sublimerge to be an awesome tool for this
(available on Sublime Text editor)<br>
<div>
<div>
<div>
<div>
<div class="gmail_extra"><br clear="all">
<div>
<div dir="ltr"><span><font color="#888888"><span style="color:rgb(0,0,0)"></span></font></span><span style="color:rgb(0,0,0)"><span style="font-family:courier new,monospace">cheers,<br>
</span></span><span><font color="#888888">
<div dir="ltr"><span style="font-family:courier new,monospace"><span style="color:rgb(0,0,0)">Jasin S.</span><br>
</span><span style="font-family:courier new,monospace"><span style="color:rgb(153,153,153)"></span></span></div>
</font></span></div>
</div>
<div>
<div><br>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Is that
framework included in the theme zip? If
it is then you have to review it.<br>
Sent from BlackBerry® on Airtel<br>
<div>
<div><br>
-----Original Message-----<br>
From: Venkat Raj <<a href="mailto:venkat@webulous.in" target="_blank">venkat@webulous.in</a>><br>
Sender: "theme-reviewers" <<a href="mailto:theme-reviewers-bounces@lists.wordpress.org" target="_blank">theme-reviewers-bounces@lists.wordpress.org</a>>Date:
Mon, 20 Oct 2014 11:55:24<br>
To: theme >> Discussion list
for WordPress theme reviewers.<<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>><br>
Reply-To: "Discussion list for
WordPress theme reviewers."<br>
<<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>><br>
Subject: [theme-reviewers] Embedded
theme options frameworks and/or
resources<br>
<br>
I'm reviewing a theme which embeds
options framework.<br>
My question is, since it is bundled
resource, I don't need to go through<br>
it line by line, right?<br>
Plugin reviewer can take care of
that. But how can I make sure, it is<br>
not modified version of original<br>
and/or not containing any malicious
code such as dialling home which we<br>
encountered few days back!<br>
<br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
theme-reviewers mailing list
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div>
</div></div><br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div></div></div>
<br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org" target="_blank">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
theme-reviewers mailing list<br>
<a href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>
<a href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers" target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>
<br></blockquote></div><br></div>