[theme-reviewers] need your opinion
Chandra Maharzan
maharzan at gmail.com
Thu Aug 16 15:13:07 UTC 2012
Well, you can't even check whether those fields work or not. Its
specifically said, if Theme Options are used, each fields need to be
checked and see if they work as advertised. His way of keeping users
to illusion, redirecting users to Theme Options page and asking users
to Activate is totally wrong for what .org is made for. Why can't he
just deactivate those options and stop the redirection ? The way it
was implemented is totally wrong to my eyes.
On Thu, Aug 16, 2012 at 8:41 PM, Kirk Wight <kwight at kwight.ca> wrote:
> So including options that are not functional until activation is not
> allowed, but having a basic theme that points to a more functional version
> for sale is allowed? Just want to make sure I understand what the guy did
> wrong (I thought it was fine because he was clear about what worked and what
> didn't).
>
>
> On 16 August 2012 10:28, Chandra Maharzan <maharzan at gmail.com> wrote:
>>
>> Thanks Otto for explaining. Now, I get it. I have been looking into
>> Mark Jaquith's video too. :)
>>
>> And thanks for taking action on the themes. I don't even want to
>> mention what I have been through with this guy.
>>
>> On Thu, Aug 16, 2012 at 8:09 PM, Otto <otto at ottodestruct.com> wrote:
>> > No, he does escape, just not using esc_html.
>> >
>> > Use the right function for the right case. If it's inside a <textarea>
>> > then you must use esc_textarea. If it's in an HTML tag as an
>> > attribute, then you must use esc_attr. If it's a URL of any sort to be
>> > printed out, then you must use esc_url.
>> >
>> > All these are valid, but they handle different cases. The problem
>> > isn't to "use esc_html", it's to use the proper sanitization function
>> > for the way that the output is being used.
>> >
>> > Oh, and his crippleware technique is definitely not allowed.
>> >
>> > I've suspended these themes for the same basic behaviors:
>> > http://wordpress.org/extend/themes/adventure
>> > http://wordpress.org/extend/themes/adventure-bound-basic
>> >
>> > -Otto
>> >
>> >
>> > On Thu, Aug 16, 2012 at 9:19 AM, Chandra Maharzan <maharzan at gmail.com>
>> > wrote:
>> >> Thanks for chiming in Otto. It doesn't escape HTML (which aren't
>> >> needed in his case). Doesn't that allow injecting ? And he is using
>> >> textarea for which textbox could have been used such as URL, or
>> >> activation code.
>> >>
>> >> On Thu, Aug 16, 2012 at 8:01 PM, Otto <otto at ottodestruct.com> wrote:
>> >>> On Thu, Aug 16, 2012 at 1:27 AM, Chandra Maharzan <maharzan at gmail.com>
>> >>> wrote:
>> >>>> He has Theme options but it doesn't work unless people activate (pay)
>> >>>> the author. And then he is arguing about sanitation of data fields,
>> >>>> which Theme Review clearly says to do them (esc_html, esc_attr,etc).
>> >>>> Someone please enlighten me here.
>> >>>
>> >>> He's right about the escaping, for the most part. Text areas should
>> >>> use esc_textarea for sanitization, not esc_html. Similarly, a URL
>> >>> should use esc_url. Use the correct escape function for the correct
>> >>> purpose.
>> >>>
>> >>>
>> >>> -Otto
>> >>> _______________________________________________
>> >>> theme-reviewers mailing list
>> >>> theme-reviewers at lists.wordpress.org
>> >>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> >>
>> >>
>> >>
>> >> --
>> >> cmans
>> >> _______________________________________________
>> >> theme-reviewers mailing list
>> >> theme-reviewers at lists.wordpress.org
>> >> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> > _______________________________________________
>> > theme-reviewers mailing list
>> > theme-reviewers at lists.wordpress.org
>> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>>
>> --
>> cmans
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
--
cmans
More information about the theme-reviewers
mailing list