[wp-hackers] Re: Template revisioning system for WordPress

[Ryan Boren]

Those making proposals need to look at trunk.  Some of these
suggestions are already implemented and will be released in 2.8.

Old versions of templates must be saved in the filesystem in such a
way that they are not publicly accessible.  We don't want to expose
vulnerabilities that may be lingering in old versions.  This usually
means adding a hash to file and directory names, preventing directory
listings, and removing the .php extension.

When restoring old versions back into wp-content/themes, WP_Filesystem
should be used so that the proper owner and permissions can be
restored.