[theme-reviewers] Formatting functions and parsing

Mario Peshev mario at peshev.net
Thu Aug 11 13:06:17 UTC 2011 

Hi Chip,

The most common example is using stripslashes (sample here
http://themes.svn.wordpress.org/ttblog/1.0.2/header.php), also, the
functions.php of the same theme uses:

$truncate = preg_replace('@<script[^>]*?>.*?</script>@si', '', $truncate);

I think this could also be handled (or maybe not), there are trim,
htmlentities and similar functions used in themes. I am interested in
functions such as wp_kses -
http://codex.wordpress.org/Function_Reference/wp_kses - as they seem
multifunctional to me. I was wondering if any of you has posted the
'formatting and security best practices and top functions' or something like
this compared to plain PHP solutions.

Thanks in advance. :)

Mario Peshev
freelance software developer/trainer
http://www.linkedin.com/in/mpeshev
http://peshev.net/blog



On Thu, Aug 11, 2011 at 3:57 PM, Chip Bennett <chip at chipbennett.net> wrote:

> Mario,
>
> The only "dummy" question is the one that remains unasked. :)
>
> Can you provide a more specific example? Perhaps a ticket or something,
> that uses the function(s) in question?
>
> In general, though, IMHO, it is *always* preferable to use a core WP
> function for content filtering and/or untrusted data
> sanitization/validation.
>
> Chip
>
> On Thu, Aug 11, 2011 at 7:53 AM, Mario Peshev <mario at peshev.net> wrote:
>
>> Hello Reviewers,
>>
>> I'm not that well acquainted with security in PHP and WP so it might be a
>> bit dummy question, but I have tough time following the parsing and
>> formatting practices in WP themes. Since there is a Formatting section in WP
>> function list -
>> http://codex.wordpress.org/Function_Reference#Formatting_Functions , and
>> some of the functions seem pretty similar to the same function names in PHP,
>> what is the rule and is it required for the WP functions to be used instead,
>> are they always better than plain PHPs?
>>
>> Mario Peshev
>> freelance software developer/trainer
>> http://www.linkedin.com/in/mpeshev
>> http://peshev.net/blog
>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110811/4c5cccc2/attachment.htm>

More information about the theme-reviewers mailing list