[theme-reviewers] Embedded theme options frameworks and/or resources

Srikanth Koneru tskk79 at gmail.com
Mon Oct 20 20:03:20 UTC 2014 

Awesome, Thanks :)

On Tue, Oct 21, 2014 at 1:32 AM, Justin Tadlock <justin at justintadlock.com>
wrote:

> Yes.  There's no need to worry about that.  We don't need to talk
> suspensions since this is not a security, spam, or copyright issue.  I just
> wanted to bring this up so that we can deal with it going forward.
>
> On Mon, Oct 20, 2014 at 2:49 PM, Srikanth Koneru <tskk79 at gmail.com> wrote:
>
>> Current themes already live in directory will get time till Devin issues
>> a fix correct?
>>
>> On Tue, Oct 21, 2014 at 1:05 AM, Edward Caissie <edward.caissie at gmail.com
>> > wrote:
>>
>>> Nice catch, Justin!
>>>
>>> Edward Caissie
>>> aka Cais.
>>>
>>> On Mon, Oct 20, 2014 at 1:54 PM, Justin Tadlock <
>>> justin at justintadlock.com> wrote:
>>>
>>>> I've just been helping with a review of a theme and taking a closer
>>>> look at the Options Framework.  It appears that it saves an option to the
>>>> database instead of using defaults.  Here's the relevant code, which is run
>>>> on the `admin_init` hook:
>>>>
>>>> https://github.com/devinsays/options-framework-plugin/blob/master/includes/class-options-framework.php#L37
>>>>
>>>> We've implemented a requirement of sane defaults and not writing
>>>> default options to the database since WP 3.9:
>>>>
>>>> https://make.wordpress.org/themes/2014/07/09/using-sane-defaults-in-themes/
>>>>
>>>> This is going to be problematic for any theme in the directory using
>>>> the Options Framework.  I've opened a ticket on GitHub to see if we can get
>>>> this changed:
>>>> https://github.com/devinsays/options-framework-plugin/issues/200
>>>>
>>>>
>>>> On Mon, Oct 20, 2014 at 11:15 AM, Edward Caissie <
>>>> edward.caissie at gmail.com> wrote:
>>>>
>>>>> I would have concerns with an "approved framework" list as it implies
>>>>> it is fully vetted and maintained ... which would be by whom?
>>>>>
>>>>> Also, the "approved" part should also include the "approved
>>>>> implementation" of the framework as well ... again who will be ensuring
>>>>> that is kept up to date and accurate?
>>>>>
>>>>> Granted it is very time-consuming to review a theme *and* any bundled
>>>>> frameworks but that is simply the nature of reviewing. Themes are to stand
>>>>> on their own merits, which means every time a theme is submitted for review
>>>>> it should technically be reviewed in its entirety (although exceptions are
>>>>> made for previously approved themes to allow for "diff" reviews even those
>>>>> should be fully checked from time to time to ensure "old" code is still
>>>>> correct and up to current standards).
>>>>>
>>>>> Edward Caissie
>>>>> aka Cais.
>>>>>
>>>>> On Mon, Oct 20, 2014 at 11:39 AM, Ulrich Pogson <
>>>>> grapplerulrich at gmail.com> wrote:
>>>>>
>>>>>> The plugin review is normally done just once when you submit a
>>>>>> plugin. The themes are reviewed for each update to make sure the guildlines
>>>>>> are followed.
>>>>>>
>>>>>> If you are having trouble with a review you can always ask for a
>>>>>> mentor. The current place to ask for a mentor is here
>>>>>> https://make.wordpress.org/themes/2014/10/09/hey-mentors-and-mentees-how-are-things-weve/
>>>>>>
>>>>>> I think it might be an idea to have a list of approved framework
>>>>>> versions.
>>>>>> On 20 Oct 2014 17:22, "Venkat Raj" <venkat at webulous.in> wrote:
>>>>>>
>>>>>>>  It is options framework, but it doesn't matter. I meant to say any
>>>>>>> "bundled resource"
>>>>>>> Checking everything makes sense and we should.
>>>>>>>
>>>>>>> My concern is that, say we have 2 embedded resource then 1 theme
>>>>>>> review = 1 theme code + 2 plug-in code review?
>>>>>>> I think admins can make a rule for this, because
>>>>>>> 1) We're already atleast 6 week behind
>>>>>>> 2) New comers like me, don't have much experience in reviewing
>>>>>>> plugin code and security issues.
>>>>>>>
>>>>>>>
>>>>>>> On Monday 20 October 2014 08:34 PM, Emil Uzelac wrote:
>>>>>>>
>>>>>>>  If you are referring to
>>>>>>> http://wptheming.com/options-framework-plugin/ I don't think that
>>>>>>> phoning home is involved.
>>>>>>>
>>>>>>>  Now, it does not matter if the code was integrated as-is, or has
>>>>>>> been modified, we still need to check everything :)
>>>>>>>
>>>>>>> On Mon, Oct 20, 2014 at 8:59 AM, Jasin S. <jasins at wphoot.com> wrote:
>>>>>>>
>>>>>>>>  ^ what tskk said.
>>>>>>>>
>>>>>>>>  A good starting point would be using diff to check if the Options
>>>>>>>> framework has been inserted "as-is" in the theme, or if its a modified
>>>>>>>> version (maybe even malicious code)
>>>>>>>>
>>>>>>>>  I find Sublimerge to be an awesome tool for this (available on
>>>>>>>> Sublime Text editor)
>>>>>>>>
>>>>>>>>  cheers,
>>>>>>>>  Jasin S.
>>>>>>>>
>>>>>>>>  Is that framework included in the theme zip? If it is then you
>>>>>>>>> have to review it.
>>>>>>>>> Sent from BlackBerry® on Airtel
>>>>>>>>>
>>>>>>>>> -----Original Message-----
>>>>>>>>> From: Venkat Raj <venkat at webulous.in>
>>>>>>>>> Sender: "theme-reviewers" <
>>>>>>>>> theme-reviewers-bounces at lists.wordpress.org>Date: Mon, 20 Oct
>>>>>>>>> 2014 11:55:24
>>>>>>>>> To: theme >> Discussion list for WordPress theme reviewers.<
>>>>>>>>> theme-reviewers at lists.wordpress.org>
>>>>>>>>> Reply-To: "Discussion list for WordPress theme reviewers."
>>>>>>>>>  <theme-reviewers at lists.wordpress.org>
>>>>>>>>> Subject: [theme-reviewers] Embedded theme options frameworks
>>>>>>>>> and/or resources
>>>>>>>>>
>>>>>>>>> I'm reviewing a theme which embeds options framework.
>>>>>>>>> My question is, since it is bundled resource, I don't need to go
>>>>>>>>> through
>>>>>>>>> it line by line, right?
>>>>>>>>> Plugin reviewer can take care of that. But how can I make sure, it
>>>>>>>>> is
>>>>>>>>> not modified version of original
>>>>>>>>> and/or not containing any malicious code such as dialling home
>>>>>>>>> which we
>>>>>>>>> encountered few days back!
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> theme-reviewers mailing list
>>>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>>> _______________________________________________
>>>>>>>>> theme-reviewers mailing list
>>>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> theme-reviewers mailing list
>>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> theme-reviewers mailing listtheme-reviewers at lists.wordpress.orghttp://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> theme-reviewers mailing list
>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> theme-reviewers mailing list
>>>>>> theme-reviewers at lists.wordpress.org
>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> theme-reviewers mailing list
>>>>> theme-reviewers at lists.wordpress.org
>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> theme-reviewers mailing list
>>>> theme-reviewers at lists.wordpress.org
>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>
>>>>
>>>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20141021/14fa230e/attachment.html>

More information about the theme-reviewers mailing list