[theme-reviewers] Embedded theme options frameworks and/or resources
Justin Tadlock
justin at justintadlock.com
Mon Oct 20 20:02:13 UTC 2014
Yes. There's no need to worry about that. We don't need to talk
suspensions since this is not a security, spam, or copyright issue. I just
wanted to bring this up so that we can deal with it going forward.
On Mon, Oct 20, 2014 at 2:49 PM, Srikanth Koneru <tskk79 at gmail.com> wrote:
> Current themes already live in directory will get time till Devin issues a
> fix correct?
>
> On Tue, Oct 21, 2014 at 1:05 AM, Edward Caissie <edward.caissie at gmail.com>
> wrote:
>
>> Nice catch, Justin!
>>
>> Edward Caissie
>> aka Cais.
>>
>> On Mon, Oct 20, 2014 at 1:54 PM, Justin Tadlock <justin at justintadlock.com
>> > wrote:
>>
>>> I've just been helping with a review of a theme and taking a closer look
>>> at the Options Framework. It appears that it saves an option to the
>>> database instead of using defaults. Here's the relevant code, which is run
>>> on the `admin_init` hook:
>>>
>>> https://github.com/devinsays/options-framework-plugin/blob/master/includes/class-options-framework.php#L37
>>>
>>> We've implemented a requirement of sane defaults and not writing default
>>> options to the database since WP 3.9:
>>>
>>> https://make.wordpress.org/themes/2014/07/09/using-sane-defaults-in-themes/
>>>
>>> This is going to be problematic for any theme in the directory using the
>>> Options Framework. I've opened a ticket on GitHub to see if we can get
>>> this changed:
>>> https://github.com/devinsays/options-framework-plugin/issues/200
>>>
>>>
>>> On Mon, Oct 20, 2014 at 11:15 AM, Edward Caissie <
>>> edward.caissie at gmail.com> wrote:
>>>
>>>> I would have concerns with an "approved framework" list as it implies
>>>> it is fully vetted and maintained ... which would be by whom?
>>>>
>>>> Also, the "approved" part should also include the "approved
>>>> implementation" of the framework as well ... again who will be ensuring
>>>> that is kept up to date and accurate?
>>>>
>>>> Granted it is very time-consuming to review a theme *and* any bundled
>>>> frameworks but that is simply the nature of reviewing. Themes are to stand
>>>> on their own merits, which means every time a theme is submitted for review
>>>> it should technically be reviewed in its entirety (although exceptions are
>>>> made for previously approved themes to allow for "diff" reviews even those
>>>> should be fully checked from time to time to ensure "old" code is still
>>>> correct and up to current standards).
>>>>
>>>> Edward Caissie
>>>> aka Cais.
>>>>
>>>> On Mon, Oct 20, 2014 at 11:39 AM, Ulrich Pogson <
>>>> grapplerulrich at gmail.com> wrote:
>>>>
>>>>> The plugin review is normally done just once when you submit a plugin.
>>>>> The themes are reviewed for each update to make sure the guildlines are
>>>>> followed.
>>>>>
>>>>> If you are having trouble with a review you can always ask for a
>>>>> mentor. The current place to ask for a mentor is here
>>>>> https://make.wordpress.org/themes/2014/10/09/hey-mentors-and-mentees-how-are-things-weve/
>>>>>
>>>>> I think it might be an idea to have a list of approved framework
>>>>> versions.
>>>>> On 20 Oct 2014 17:22, "Venkat Raj" <venkat at webulous.in> wrote:
>>>>>
>>>>>> It is options framework, but it doesn't matter. I meant to say any
>>>>>> "bundled resource"
>>>>>> Checking everything makes sense and we should.
>>>>>>
>>>>>> My concern is that, say we have 2 embedded resource then 1 theme
>>>>>> review = 1 theme code + 2 plug-in code review?
>>>>>> I think admins can make a rule for this, because
>>>>>> 1) We're already atleast 6 week behind
>>>>>> 2) New comers like me, don't have much experience in reviewing plugin
>>>>>> code and security issues.
>>>>>>
>>>>>>
>>>>>> On Monday 20 October 2014 08:34 PM, Emil Uzelac wrote:
>>>>>>
>>>>>> If you are referring to
>>>>>> http://wptheming.com/options-framework-plugin/ I don't think that
>>>>>> phoning home is involved.
>>>>>>
>>>>>> Now, it does not matter if the code was integrated as-is, or has
>>>>>> been modified, we still need to check everything :)
>>>>>>
>>>>>> On Mon, Oct 20, 2014 at 8:59 AM, Jasin S. <jasins at wphoot.com> wrote:
>>>>>>
>>>>>>> ^ what tskk said.
>>>>>>>
>>>>>>> A good starting point would be using diff to check if the Options
>>>>>>> framework has been inserted "as-is" in the theme, or if its a modified
>>>>>>> version (maybe even malicious code)
>>>>>>>
>>>>>>> I find Sublimerge to be an awesome tool for this (available on
>>>>>>> Sublime Text editor)
>>>>>>>
>>>>>>> cheers,
>>>>>>> Jasin S.
>>>>>>>
>>>>>>> Is that framework included in the theme zip? If it is then you
>>>>>>>> have to review it.
>>>>>>>> Sent from BlackBerry® on Airtel
>>>>>>>>
>>>>>>>> -----Original Message-----
>>>>>>>> From: Venkat Raj <venkat at webulous.in>
>>>>>>>> Sender: "theme-reviewers" <
>>>>>>>> theme-reviewers-bounces at lists.wordpress.org>Date: Mon, 20 Oct 2014
>>>>>>>> 11:55:24
>>>>>>>> To: theme >> Discussion list for WordPress theme reviewers.<
>>>>>>>> theme-reviewers at lists.wordpress.org>
>>>>>>>> Reply-To: "Discussion list for WordPress theme reviewers."
>>>>>>>> <theme-reviewers at lists.wordpress.org>
>>>>>>>> Subject: [theme-reviewers] Embedded theme options frameworks and/or
>>>>>>>> resources
>>>>>>>>
>>>>>>>> I'm reviewing a theme which embeds options framework.
>>>>>>>> My question is, since it is bundled resource, I don't need to go
>>>>>>>> through
>>>>>>>> it line by line, right?
>>>>>>>> Plugin reviewer can take care of that. But how can I make sure, it
>>>>>>>> is
>>>>>>>> not modified version of original
>>>>>>>> and/or not containing any malicious code such as dialling home
>>>>>>>> which we
>>>>>>>> encountered few days back!
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> theme-reviewers mailing list
>>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>> _______________________________________________
>>>>>>>> theme-reviewers mailing list
>>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> theme-reviewers mailing list
>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> theme-reviewers mailing listtheme-reviewers at lists.wordpress.orghttp://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> theme-reviewers mailing list
>>>>>> theme-reviewers at lists.wordpress.org
>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> theme-reviewers mailing list
>>>>> theme-reviewers at lists.wordpress.org
>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> theme-reviewers mailing list
>>>> theme-reviewers at lists.wordpress.org
>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>
>>>>
>>>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20141020/84281112/attachment-0001.html>
More information about the theme-reviewers
mailing list