[theme-reviewers] Embedded theme options frameworks and/or resources

Srikanth Koneru tskk79 at gmail.com
Mon Oct 20 19:49:34 UTC 2014


Current themes already live in directory will get time till Devin issues a
fix correct?

On Tue, Oct 21, 2014 at 1:05 AM, Edward Caissie <edward.caissie at gmail.com>
wrote:

> Nice catch, Justin!
>
> Edward Caissie
> aka Cais.
>
> On Mon, Oct 20, 2014 at 1:54 PM, Justin Tadlock <justin at justintadlock.com>
> wrote:
>
>> I've just been helping with a review of a theme and taking a closer look
>> at the Options Framework.  It appears that it saves an option to the
>> database instead of using defaults.  Here's the relevant code, which is run
>> on the `admin_init` hook:
>>
>> https://github.com/devinsays/options-framework-plugin/blob/master/includes/class-options-framework.php#L37
>>
>> We've implemented a requirement of sane defaults and not writing default
>> options to the database since WP 3.9:
>>
>> https://make.wordpress.org/themes/2014/07/09/using-sane-defaults-in-themes/
>>
>> This is going to be problematic for any theme in the directory using the
>> Options Framework.  I've opened a ticket on GitHub to see if we can get
>> this changed:
>> https://github.com/devinsays/options-framework-plugin/issues/200
>>
>>
>> On Mon, Oct 20, 2014 at 11:15 AM, Edward Caissie <
>> edward.caissie at gmail.com> wrote:
>>
>>> I would have concerns with an "approved framework" list as it implies it
>>> is fully vetted and maintained ... which would be by whom?
>>>
>>> Also, the "approved" part should also include the "approved
>>> implementation" of the framework as well ... again who will be ensuring
>>> that is kept up to date and accurate?
>>>
>>> Granted it is very time-consuming to review a theme *and* any bundled
>>> frameworks but that is simply the nature of reviewing. Themes are to stand
>>> on their own merits, which means every time a theme is submitted for review
>>> it should technically be reviewed in its entirety (although exceptions are
>>> made for previously approved themes to allow for "diff" reviews even those
>>> should be fully checked from time to time to ensure "old" code is still
>>> correct and up to current standards).
>>>
>>> Edward Caissie
>>> aka Cais.
>>>
>>> On Mon, Oct 20, 2014 at 11:39 AM, Ulrich Pogson <
>>> grapplerulrich at gmail.com> wrote:
>>>
>>>> The plugin review is normally done just once when you submit a plugin.
>>>> The themes are reviewed for each update to make sure the guildlines are
>>>> followed.
>>>>
>>>> If you are having trouble with a review you can always ask for a
>>>> mentor. The current place to ask for a mentor is here
>>>> https://make.wordpress.org/themes/2014/10/09/hey-mentors-and-mentees-how-are-things-weve/
>>>>
>>>> I think it might be an idea to have a list of approved framework
>>>> versions.
>>>> On 20 Oct 2014 17:22, "Venkat Raj" <venkat at webulous.in> wrote:
>>>>
>>>>>  It is options framework, but it doesn't matter. I meant to say any
>>>>> "bundled resource"
>>>>> Checking everything makes sense and we should.
>>>>>
>>>>> My concern is that, say we have 2 embedded resource then 1 theme
>>>>> review = 1 theme code + 2 plug-in code review?
>>>>> I think admins can make a rule for this, because
>>>>> 1) We're already atleast 6 week behind
>>>>> 2) New comers like me, don't have much experience in reviewing plugin
>>>>> code and security issues.
>>>>>
>>>>>
>>>>> On Monday 20 October 2014 08:34 PM, Emil Uzelac wrote:
>>>>>
>>>>>  If you are referring to
>>>>> http://wptheming.com/options-framework-plugin/ I don't think that
>>>>> phoning home is involved.
>>>>>
>>>>>  Now, it does not matter if the code was integrated as-is, or has
>>>>> been modified, we still need to check everything :)
>>>>>
>>>>> On Mon, Oct 20, 2014 at 8:59 AM, Jasin S. <jasins at wphoot.com> wrote:
>>>>>
>>>>>>  ^ what tskk said.
>>>>>>
>>>>>>  A good starting point would be using diff to check if the Options
>>>>>> framework has been inserted "as-is" in the theme, or if its a modified
>>>>>> version (maybe even malicious code)
>>>>>>
>>>>>>  I find Sublimerge to be an awesome tool for this (available on
>>>>>> Sublime Text editor)
>>>>>>
>>>>>>  cheers,
>>>>>>  Jasin S.
>>>>>>
>>>>>>  Is that framework included in the theme zip? If it is then you have
>>>>>>> to review it.
>>>>>>> Sent from BlackBerry® on Airtel
>>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: Venkat Raj <venkat at webulous.in>
>>>>>>> Sender: "theme-reviewers" <
>>>>>>> theme-reviewers-bounces at lists.wordpress.org>Date: Mon, 20 Oct 2014
>>>>>>> 11:55:24
>>>>>>> To: theme >> Discussion list for WordPress theme reviewers.<
>>>>>>> theme-reviewers at lists.wordpress.org>
>>>>>>> Reply-To: "Discussion list for WordPress theme reviewers."
>>>>>>>  <theme-reviewers at lists.wordpress.org>
>>>>>>> Subject: [theme-reviewers] Embedded theme options frameworks and/or
>>>>>>> resources
>>>>>>>
>>>>>>> I'm reviewing a theme which embeds options framework.
>>>>>>> My question is, since it is bundled resource, I don't need to go
>>>>>>> through
>>>>>>> it line by line, right?
>>>>>>> Plugin reviewer can take care of that. But how can I make sure, it is
>>>>>>> not modified version of original
>>>>>>> and/or not containing any malicious code such as dialling home which
>>>>>>> we
>>>>>>> encountered few days back!
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> theme-reviewers mailing list
>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>> _______________________________________________
>>>>>>> theme-reviewers mailing list
>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> theme-reviewers mailing list
>>>>>> theme-reviewers at lists.wordpress.org
>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> theme-reviewers mailing listtheme-reviewers at lists.wordpress.orghttp://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> theme-reviewers mailing list
>>>>> theme-reviewers at lists.wordpress.org
>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>
>>>>>
>>>> _______________________________________________
>>>> theme-reviewers mailing list
>>>> theme-reviewers at lists.wordpress.org
>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>
>>>>
>>>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20141021/d1f20df8/attachment.html>


More information about the theme-reviewers mailing list