[theme-reviewers] Custom Theme Widgets: Treat as Theme Settings

Justin Tadlock justin at justintadlock.com
Sat Apr 30 16:51:32 UTC 2011

Yes, everyone should definitely be doing this.  I have a few notes for 
this too.


Widgets should be registered using the register_widget() function like so:

register_widget( 'Theme_Widget_Class_Name' );


Widgets should be coded by extending the WP_Widget class.  So, the first 
line of the widget code should be something like:

class Theme_Widget_Class_Name extends WP_Widget {


For validating/sanitizing on input, you should look in the "update()" 
method, which would begin like so:

function update( $new_instance, $old_instance ) {


For escaping on output, you should look in the "form()" method, which 
would begin like so:

function form( $instance ) {


You should also make sure that "$before_widget" and "$after_widget" are 
used for outputting the sidebar's HTML within the "widget()" method.  
And, make sure widget titles look something like this on display:

if ( !empty( $instance['title'] ) )
             echo $before_title . apply_filters( 'widget_title',  
$instance['title'], $instance, $this->id_base ) . $after_title;

On 4/29/2011 11:12 AM, Chip Bennett wrote:
> Good morning, Reviewers!
> Just a quick note: when reviewing Themes that include custom Widgets, 
> treat such Widgets as if they are Theme Settings. That is, primarily, 
> ensure that any user input is properly validated/sanitized on input, 
> and escaped upon output.
> This is something that most of us (including me) may not have been 
> explicitly looking at...
> Chip
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110430/26e29d25/attachment.htm>

More information about the theme-reviewers mailing list