[theme-reviewers] Theme standards and obfuscation

Chip Bennett chip at chipbennett.net
Thu Apr 26 15:09:23 UTC 2012


While certainly a "best practice", we do not currently enforce the official
WordPress coding standards.

I can certainly add a reference, as "recommended", though.

Chip

On Thu, Apr 26, 2012 at 10:03 AM, yulian yordanov <yul.yordanov at gmail.com>wrote:

> I just noticed that in Theme Guidelines there is no reference to WordPress
> Coding Standards http://codex.wordpress.org/WordPress_Coding_StandardsMay be a link in section "Code Quality" will be helpful for developers.
>
> Fingli
>
> На 26 април 2012, 17:27, Chip Bennett <chip at chipbennett.net> написа:
>
> Code obfuscation is treated as such a high-level, obvious no-no that it is
>> "assumed without saying". As Jay indicated: Theme Check flags code
>> obfuscation at a WARNING level, and the uploader script will simply fail to
>> upload any Theme with obfuscated code. Anyone who even needs to ask if
>> obfuscated code is acceptable probably isn't someone we even want to
>> associate ourselves with in the first place, so the guidelines aren't
>> tailored to such people. :)
>>
>> Note: "obfuscation" (more properly: minification) of script libraries is
>> perfectly acceptable, provided that a human-readable version is included
>> for reference.
>>
>> Thanks,
>>
>> Chip
>>
>>
>> On Thu, Apr 26, 2012 at 8:41 AM, Andrew McGill <list2010 at lunch.za.net>wrote:
>>
>>> Hi
>>>
>>> I notice that the theme standards do not say anything about code
>>> obfuscation and readability:
>>>
>>>        http://codex.wordpress.org/Theme_Review#Security_and_Privacy
>>>
>>> I suggest the following guidelines:
>>>
>>>  * No obfuscation: all code must written in human readable format:
>>> measures that reduce readability are not allowed. (e.g. variable name
>>> mangling, stripping indentation)
>>>
>>>  * No hiding: All code must appear in regular .php files. No measures to
>>> obscure the code being run are permitted.
>>>
>>> The reason this would be helpful is that there are a lot of commercial
>>> themes of dubious quality employing various kinds of obfuscation - 85
>>> levels of base64_decode and gzip hiding the closing div tags, wp_footer and
>>> the 'if $posts>20 (advertise())'.  It is also pretty hard to distinguish
>>> "legitimate" obfuscation from a hacked site.
>>>
>>> It would make the world a happier place if wordpress.org said that code
>>> obfuscation is not-so-cool.
>>>
>>> Something should also be said about code obfuscation in javascript files
>>> too ... (e.g. the compressed version of jquery).  I reckon it should be
>>> discouraged (if not prohibited).
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
>
> --
> Yulian Yordanov
> post-scriptum.info
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20120426/ad6e8bfc/attachment-0001.htm>


More information about the theme-reviewers mailing list