[theme-reviewers] Embedded theme options frameworks and/or resources
Justin Tadlock
justin at justintadlock.com
Wed Oct 22 16:56:35 UTC 2014
Just an update. Devin is working on fixing this issue in version 1.9 of
the Options Framework here:
https://github.com/devinsays/options-framework-theme/issues/179
If any of you are using it, it'd be great if you could help with testing
because it does have the potential to break things when updating.
On Mon, Oct 20, 2014 at 3:03 PM, Srikanth Koneru <tskk79 at gmail.com> wrote:
> Awesome, Thanks :)
>
> On Tue, Oct 21, 2014 at 1:32 AM, Justin Tadlock <justin at justintadlock.com>
> wrote:
>
>> Yes. There's no need to worry about that. We don't need to talk
>> suspensions since this is not a security, spam, or copyright issue. I just
>> wanted to bring this up so that we can deal with it going forward.
>>
>> On Mon, Oct 20, 2014 at 2:49 PM, Srikanth Koneru <tskk79 at gmail.com>
>> wrote:
>>
>>> Current themes already live in directory will get time till Devin issues
>>> a fix correct?
>>>
>>> On Tue, Oct 21, 2014 at 1:05 AM, Edward Caissie <
>>> edward.caissie at gmail.com> wrote:
>>>
>>>> Nice catch, Justin!
>>>>
>>>> Edward Caissie
>>>> aka Cais.
>>>>
>>>> On Mon, Oct 20, 2014 at 1:54 PM, Justin Tadlock <
>>>> justin at justintadlock.com> wrote:
>>>>
>>>>> I've just been helping with a review of a theme and taking a closer
>>>>> look at the Options Framework. It appears that it saves an option to the
>>>>> database instead of using defaults. Here's the relevant code, which is run
>>>>> on the `admin_init` hook:
>>>>>
>>>>> https://github.com/devinsays/options-framework-plugin/blob/master/includes/class-options-framework.php#L37
>>>>>
>>>>> We've implemented a requirement of sane defaults and not writing
>>>>> default options to the database since WP 3.9:
>>>>>
>>>>> https://make.wordpress.org/themes/2014/07/09/using-sane-defaults-in-themes/
>>>>>
>>>>> This is going to be problematic for any theme in the directory using
>>>>> the Options Framework. I've opened a ticket on GitHub to see if we can get
>>>>> this changed:
>>>>> https://github.com/devinsays/options-framework-plugin/issues/200
>>>>>
>>>>>
>>>>> On Mon, Oct 20, 2014 at 11:15 AM, Edward Caissie <
>>>>> edward.caissie at gmail.com> wrote:
>>>>>
>>>>>> I would have concerns with an "approved framework" list as it implies
>>>>>> it is fully vetted and maintained ... which would be by whom?
>>>>>>
>>>>>> Also, the "approved" part should also include the "approved
>>>>>> implementation" of the framework as well ... again who will be ensuring
>>>>>> that is kept up to date and accurate?
>>>>>>
>>>>>> Granted it is very time-consuming to review a theme *and* any bundled
>>>>>> frameworks but that is simply the nature of reviewing. Themes are to stand
>>>>>> on their own merits, which means every time a theme is submitted for review
>>>>>> it should technically be reviewed in its entirety (although exceptions are
>>>>>> made for previously approved themes to allow for "diff" reviews even those
>>>>>> should be fully checked from time to time to ensure "old" code is still
>>>>>> correct and up to current standards).
>>>>>>
>>>>>> Edward Caissie
>>>>>> aka Cais.
>>>>>>
>>>>>> On Mon, Oct 20, 2014 at 11:39 AM, Ulrich Pogson <
>>>>>> grapplerulrich at gmail.com> wrote:
>>>>>>
>>>>>>> The plugin review is normally done just once when you submit a
>>>>>>> plugin. The themes are reviewed for each update to make sure the guildlines
>>>>>>> are followed.
>>>>>>>
>>>>>>> If you are having trouble with a review you can always ask for a
>>>>>>> mentor. The current place to ask for a mentor is here
>>>>>>> https://make.wordpress.org/themes/2014/10/09/hey-mentors-and-mentees-how-are-things-weve/
>>>>>>>
>>>>>>> I think it might be an idea to have a list of approved framework
>>>>>>> versions.
>>>>>>> On 20 Oct 2014 17:22, "Venkat Raj" <venkat at webulous.in> wrote:
>>>>>>>
>>>>>>>> It is options framework, but it doesn't matter. I meant to say any
>>>>>>>> "bundled resource"
>>>>>>>> Checking everything makes sense and we should.
>>>>>>>>
>>>>>>>> My concern is that, say we have 2 embedded resource then 1 theme
>>>>>>>> review = 1 theme code + 2 plug-in code review?
>>>>>>>> I think admins can make a rule for this, because
>>>>>>>> 1) We're already atleast 6 week behind
>>>>>>>> 2) New comers like me, don't have much experience in reviewing
>>>>>>>> plugin code and security issues.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Monday 20 October 2014 08:34 PM, Emil Uzelac wrote:
>>>>>>>>
>>>>>>>> If you are referring to
>>>>>>>> http://wptheming.com/options-framework-plugin/ I don't think that
>>>>>>>> phoning home is involved.
>>>>>>>>
>>>>>>>> Now, it does not matter if the code was integrated as-is, or has
>>>>>>>> been modified, we still need to check everything :)
>>>>>>>>
>>>>>>>> On Mon, Oct 20, 2014 at 8:59 AM, Jasin S. <jasins at wphoot.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> ^ what tskk said.
>>>>>>>>>
>>>>>>>>> A good starting point would be using diff to check if the Options
>>>>>>>>> framework has been inserted "as-is" in the theme, or if its a modified
>>>>>>>>> version (maybe even malicious code)
>>>>>>>>>
>>>>>>>>> I find Sublimerge to be an awesome tool for this (available on
>>>>>>>>> Sublime Text editor)
>>>>>>>>>
>>>>>>>>> cheers,
>>>>>>>>> Jasin S.
>>>>>>>>>
>>>>>>>>> Is that framework included in the theme zip? If it is then you
>>>>>>>>>> have to review it.
>>>>>>>>>> Sent from BlackBerry® on Airtel
>>>>>>>>>>
>>>>>>>>>> -----Original Message-----
>>>>>>>>>> From: Venkat Raj <venkat at webulous.in>
>>>>>>>>>> Sender: "theme-reviewers" <
>>>>>>>>>> theme-reviewers-bounces at lists.wordpress.org>Date: Mon, 20 Oct
>>>>>>>>>> 2014 11:55:24
>>>>>>>>>> To: theme >> Discussion list for WordPress theme reviewers.<
>>>>>>>>>> theme-reviewers at lists.wordpress.org>
>>>>>>>>>> Reply-To: "Discussion list for WordPress theme reviewers."
>>>>>>>>>> <theme-reviewers at lists.wordpress.org>
>>>>>>>>>> Subject: [theme-reviewers] Embedded theme options frameworks
>>>>>>>>>> and/or resources
>>>>>>>>>>
>>>>>>>>>> I'm reviewing a theme which embeds options framework.
>>>>>>>>>> My question is, since it is bundled resource, I don't need to go
>>>>>>>>>> through
>>>>>>>>>> it line by line, right?
>>>>>>>>>> Plugin reviewer can take care of that. But how can I make sure,
>>>>>>>>>> it is
>>>>>>>>>> not modified version of original
>>>>>>>>>> and/or not containing any malicious code such as dialling home
>>>>>>>>>> which we
>>>>>>>>>> encountered few days back!
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> theme-reviewers mailing list
>>>>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>>>> _______________________________________________
>>>>>>>>>> theme-reviewers mailing list
>>>>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> theme-reviewers mailing list
>>>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> theme-reviewers mailing listtheme-reviewers at lists.wordpress.orghttp://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> theme-reviewers mailing list
>>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>>
>>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> theme-reviewers mailing list
>>>>>>> theme-reviewers at lists.wordpress.org
>>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> theme-reviewers mailing list
>>>>>> theme-reviewers at lists.wordpress.org
>>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> theme-reviewers mailing list
>>>>> theme-reviewers at lists.wordpress.org
>>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> theme-reviewers mailing list
>>>> theme-reviewers at lists.wordpress.org
>>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>>
>>>>
>>>
>>> _______________________________________________
>>> theme-reviewers mailing list
>>> theme-reviewers at lists.wordpress.org
>>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>>
>>>
>>
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20141022/8398f4b3/attachment-0001.html>
More information about the theme-reviewers
mailing list