[theme-reviewers] Simple-Blue-Dashed 1.0

Matt Rude matt at mattrude.com
Fri Jun 11 18:11:00 UTC 2010

I really like the idea of slitting each them into different groups, it
will make the load a lot easier for each person working on them.


On Fri, 11 Jun 2010 18:03:14 +0100, "Gavin Pearce" <GavinP at tbs.uk.com>
> Hi Chip,
> That's not a bad idea at all you know ... Maybe we should split each
> part of the review of each theme into different groups, and each Theme
> review passes from one group to the next.
> 1st) Theme must pass security team review with no major fails, then
> passes onto General;
> 2nd) Theme must pass functionality team with no major fails, then passes
> onto CrossBrowser/HTML/CSS testing;
> 3rd) Theme must pass browser team browser testing to reasonable levels
> (saw Tim Golen mention this a minute ago, personally I think this falls
> under "technical" rather than "design" - there are plenty of standards
> for this already defined).
> 4th) If at this point the total number of "advisories/minors" is below
> X, the theme gets approved.
> If one of the groups finds anything critical along the way the author is
> advised once that groups "checking" is complete, and theme doesn't get
> passed onto the next group. This saves everyone in every group testing
> everything twice, just because of a security fail.
> Then, all the volunteers who've offered here recently can decide what
> team their skills best fit into, and be put to best use. I know some
> people here would prefer to test cross-browser than security, and
> vice-versa of course.
> Gav
> //gavinpearce.com
> -----Original Message-----
> From: theme-reviewers-bounces at lists.wordpress.org
> [mailto:theme-reviewers-bounces at lists.wordpress.org] On Behalf Of
> chip at chipbennett.net
> Sent: 11 June 2010 17:50
> To: theme-reviewers at lists.wordpress.org
> Subject: Re: [theme-reviewers] Simple-Blue-Dashed 1.0
>> Security is a big item, themes mis-use any external data ($_GET,
>> $_POST, $_REQUEST, $_COOKIE, $_SERVER) must be addressed, no two ways
>> about it.  Direct DB queries must properly escape data in the query
>> (and if there is a WP function to do the same thing the direct DB
>> query should be replaced with the function call).  Those are the
>> basic, *minimum* things that every theme needs to address security
>> wise.
> For those of us who are less-than-expert in the SQL aspects of theme
> reviewing, can those who are more adept create a reasonably
> easy-to-follow
> security checklist?
> Or, maybe we should have some security-ninja theme reviewers, who can
> focus on the security aspects of themes? If so, we could divy up the
> review work, such that security concerns are handled separately - after
> the theme is initially reviewed (and cleaned up, if necessary) based on
> the "normal" criteria?
>> Sometimes the theme author just isn't aware of specific functions or
>> services in WordPress, so some hints and reference URLs for more info
>> are helpful there.
> Agreed. I tried to add in Codex references, where appropriate, in my
> first
> review.
> Speaking of which: the Theme Development Checklist entry in the Codex is
> sorely in need of cross-referencing to Codex entries for functions,
> template tags, and hooks/filters.
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers

Matt Rude
matt at mattrude.com

More information about the theme-reviewers mailing list