[theme-reviewers] Guidance on theme security

Lance Willett nanobar at gmail.com
Tue Oct 19 16:53:40 UTC 2010


> get_option('home') and get_option('siteurl') should *not* be used in themes.
> I believe the guidelines say so.

I don't see this anywhere in the guidelines (nor in any of the Theme
Standards docs). Thanks for bringing it up though—I had missed
http://core.trac.wordpress.org/ticket/9008 somehow. :)

I know there are lots of instances of both of get_option('home') in
header.php across many themes, and get_option('siteurl') in
comments.php. Also get_settings('home') which is in older themes
should be moved to home_url(). I'll be doing a big cleanup for all of
these for our WordPress.com themes.


More information about the theme-reviewers mailing list