[theme-reviewers] Guidance on theme security

Edward Caissie edward.caissie at gmail.com
Tue Oct 19 18:39:33 UTC 2010

This should be added to the
http://codex.wordpress.org/Theme_Review#Template_Tags_and_Hooks section ...
still currently in "draft" status.


On Tue, Oct 19, 2010 at 12:53 PM, Lance Willett <nanobar at gmail.com> wrote:

> > get_option('home') and get_option('siteurl') should *not* be used in
> themes.
> > I believe the guidelines say so.
> I don't see this anywhere in the guidelines (nor in any of the Theme
> Standards docs). Thanks for bringing it up though—I had missed
> http://core.trac.wordpress.org/ticket/9008 somehow. :)
> I know there are lots of instances of both of get_option('home') in
> header.php across many themes, and get_option('siteurl') in
> comments.php. Also get_settings('home') which is in older themes
> should be moved to home_url(). I'll be doing a big cleanup for all of
> these for our WordPress.com themes.
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101019/a000377d/attachment.htm>

More information about the theme-reviewers mailing list