[theme-reviewers] Custom Theme Widgets: Treat as Theme Settings
Justin Tadlock
justin at justintadlock.com
Sat Apr 30 16:51:32 UTC 2011
Yes, everyone should definitely be doing this. I have a few notes for
this too.
------
Widgets should be registered using the register_widget() function like so:
register_widget( 'Theme_Widget_Class_Name' );
------
Widgets should be coded by extending the WP_Widget class. So, the first
line of the widget code should be something like:
class Theme_Widget_Class_Name extends WP_Widget {
------
For validating/sanitizing on input, you should look in the "update()"
method, which would begin like so:
function update( $new_instance, $old_instance ) {
------
For escaping on output, you should look in the "form()" method, which
would begin like so:
function form( $instance ) {
------
You should also make sure that "$before_widget" and "$after_widget" are
used for outputting the sidebar's HTML within the "widget()" method.
And, make sure widget titles look something like this on display:
if ( !empty( $instance['title'] ) )
echo $before_title . apply_filters( 'widget_title',
$instance['title'], $instance, $this->id_base ) . $after_title;
On 4/29/2011 11:12 AM, Chip Bennett wrote:
> Good morning, Reviewers!
>
> Just a quick note: when reviewing Themes that include custom Widgets,
> treat such Widgets as if they are Theme Settings. That is, primarily,
> ensure that any user input is properly validated/sanitized on input,
> and escaped upon output.
>
> This is something that most of us (including me) may not have been
> explicitly looking at...
>
> Chip
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110430/26e29d25/attachment.htm>
More information about the theme-reviewers
mailing list