[theme-reviewers] Ping to chipbennett

mail at sven-lehnert.de mail at sven-lehnert.de
Thu May 26 13:38:30 UTC 2011 

Hi chipbennett,

as you have asked me to ping you if I have fixed all and uploaded a new 
version (created a new ticket) I will do so with this mail. Is this the 
correct way to ping you?

The new Ticket can be found here: 
http://themes.trac.wordpress.org/ticket/4074

See my answers below:
*
S**ettings/Security? Review*

    * Themes are not permitted to replace core-bundled scripts such as
      jQuery and jQuery-ui. Theme deregisters core-bundled jQuery and
      jQuery-ui in order to register CDN versions. Doing so in the Admin
      area is especially troublesome, because ALL of Admin relies
      heavily on the specific versions of these scripts that have been
      bundled (and tested heavily) for compatibility.

 >> I have removed all deregisters and CDN versions and use the 
wordpress core-bundled scripts now.

    * Theme Settings Page form does not perform nonce-checking.

 >> I have added nonce-checking to every form

    * Theme does not validate/sanitize user data upon form
      submission/database input

 >> I have added validate/sanitize to every form too. I used your theme 
coraline as example.

    * Theme does not use checked()/selected() where appropriate (e.g.
      post-meta-box.php and page-meta-box.php)

 >> Great functions, I didn't know. I have changed it everywhere.

    * Unless I'm misreading the code, Theme options are still saved to
      the database individually, rather than a single options array.

 >> This is fixed too, I have once more rewritten the cheezcap class and 
changed it to work the WordPress way.
I also created new function to generate a default array and changed all 
similar the way you do it in the coraline theme.

*Previous Ticket Issues*

    * Custom Header Image: if included feature is /Custom Logo/, it is
      acceptable to use custom functionality. If the feature is a
      /Header Image/, then support for the core implementation is
      *required*
    * Custom Background is *required* to support the core
      implementation, if this feature is included. (If you want to add
      more extensive options than what is available in the core
      implementation of a particular feature, then you can either hook
      into the core feature, or offer a Theme option to use the core
      implementation, or the Theme's custom implementation. This is done
      somewhat frequently with, e.g. custom nav menus. It would also
      possibly be appropriate for this Theme's background customization
      options.)

 >> I have added the core implementation for Header and Background too. 
Now the user can decide if he likes to use the WordPress core 
implementation or our theme settings. To be honest, the core is kind of 
limited for some reasons.
In our theme settings, you can decide the header height and do not need 
to crop the image. This makes sense in a lot of cases and gives more 
freedom to the designer.


This ticket was quite a lot of work, but also was a great teacher for us 
too. It is a great feeling to build things exactly the wp way.
I hope the theme is now ready for the repository and gets approved. That 
doesn't mean, we will not love to get more lessons.

Thanks a lot for all

Sven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110526/938f6a92/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mail.vcf
Type: text/x-vcard
Size: 302 bytes
Desc: not available
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110526/938f6a92/attachment.vcf>

More information about the theme-reviewers mailing list