[theme-reviewers] Sanitize Custom Css in Theme Options

Chip Bennett chip at chipbennett.net
Mon Feb 4 14:03:57 UTC 2013 

The rules regarding allowable functions are different for Themes and
Plugins. Plugins can use read/write functions such as file_get_contents(),
etc.; Themes cannot. So, csstidy() may be appropriate for the JetPack
Plugin, but it won't be for Themes.

That said, you don't need anything that bulky anyway. All you *have* to do
is to ensure that it's not unsafe. For that, you could probably use one of
the WordPress KSES
functions<http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/kses.php#L0>,
such as wp_filter_kses()<http://codex.wordpress.org/Function_Reference/wp_filter_kses>,
inside your register_setting() validation callback.

Also, be sure your stand-alone Theme is approved prior to submitting any
Child Themes for it. One of the guidelines for Child Themes is that its
parent Theme must already be approved in the repository.

Regards,
Chip


On Mon, Feb 4, 2013 at 8:04 AM, Ünsal Korkmaz <unsalkorkmaz at gmail.com>wrote:

> Hi,
> I released 1 parent <http://themes.trac.wordpress.org/ticket/10967>, 1
> child theme <http://themes.trac.wordpress.org/ticket/11003> this week.
> These are my first theme contribution to WordPress community so its my
> first time i am submitting themes to directory. When i upload parent theme
> from http://wordpress.org/extend/themes/upload/   i got
> *WARNING: file_get_contents in class.csstidy_print.php* error and system
> denied my theme automatically. I got csstidy codes from Jetpack plugin's
> Custom Css <http://jetpack.me/support/custom-css/> module but still
> system didnt accept it. Basically custom css sanitizing is an important
> subject in my opinion and there is no default wordpress function like
> esc_attr() <http://codex.wordpress.org/Function_Reference/esc_attr>.
> Probably csstidy class is not best solution but it was best option i had
> and it seems its not accepting in theme directory. So what is best
> sanitizing custom css way for themes?
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20130204/ad58413c/attachment.htm>

More information about the theme-reviewers mailing list