[theme-reviewers] Guidance on theme security

Edward Caissie edward.caissie at gmail.com
Tue Oct 19 19:01:33 UTC 2010

A quick draft item has been added to the Theme Review ...


IF there are additional get_option() URLs that should be addressed similarly
please list them here so they can be added to the Theme Review page.


On Tue, Oct 19, 2010 at 2:39 PM, Edward Caissie <edward.caissie at gmail.com>wrote:

> This should be added to the
> http://codex.wordpress.org/Theme_Review#Template_Tags_and_Hooks section
> ... still currently in "draft" status.
> Cais.
> On Tue, Oct 19, 2010 at 12:53 PM, Lance Willett <nanobar at gmail.com> wrote:
>> > get_option('home') and get_option('siteurl') should *not* be used in
>> themes.
>> > I believe the guidelines say so.
>> I don't see this anywhere in the guidelines (nor in any of the Theme
>> Standards docs). Thanks for bringing it up though—I had missed
>> http://core.trac.wordpress.org/ticket/9008 somehow. :)
>> I know there are lots of instances of both of get_option('home') in
>> header.php across many themes, and get_option('siteurl') in
>> comments.php. Also get_settings('home') which is in older themes
>> should be moved to home_url(). I'll be doing a big cleanup for all of
>> these for our WordPress.com themes.
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20101019/c4be0b2f/attachment-0001.htm>

More information about the theme-reviewers mailing list