[theme-reviewers] Guidance on theme security
Otto
otto at ottodestruct.com
Sun Oct 17 12:59:52 UTC 2010
On Sat, Oct 16, 2010 at 11:08 AM, Gene Robinson <emhr at submersible.me> wrote:
> ... and the lack of wp_nonce_field() and check_admin_referrer() in theme options.
Note that if they use the Settings API to build their option pages,
nonce's happen automatically. Specifically, the call to
settings_fields() will nonce the sucker up. No need to manually check
the nonce in that case either.
More info:
http://ottopress.com/2009/wordpress-settings-api-tutorial/
http://codex.wordpress.org/Settings_API
-Otto
More information about the theme-reviewers
mailing list