THEME: Museum Core - 1.1.1

[jazzs3quence]

Museum Core - 1.1.1

A simple WordPress? theme/framework with support for post formats, thumbnails, background, header, menus and more...

Theme URL - ​http://www.museumthemes.com
Author URL - ​http://www.arcanepalette.com

SVN - ​http://themes.svn.wordpress.org/museum-core/1.1.1
ZIP - ​http://wordpress.org/extend/themes/download/museum-core.1.1.1.zip?nostats=1

Diff with previous version: http://themes.trac.wordpress.org/changeset?old_path=/museum-core/1.1&new_path=/museum-core/1.1.1

All previous tickets for this theme: http://themes.trac.wordpress.org/query?col=id&col=summary&col=keywords&col=owner&col=status&col=resolution&keywords=~theme-museum-core&order=id

[kobenland]

Please address in next submisison

• Themes are required to escape all untrusted data before being output in the Settings form fields

Review Summary

• Previous version of Theme APPROVED
• No previous-ticket required issues
• Diff-review only
• No apparent issues
• Ticket being resolved as APPROVED

[jazzs3quence]

Replying to kobenland:

Please address in next submisison

• Themes are required to escape all untrusted data before being output in the Settings form fields

I plan on working on a minor update to this tomorrow, so can you clarify what untrusted data needs to be escaped in 1.1.1? I thought I had covered all the bases with the validation function in /inc/theme-options.php.

[kobenland]

Replying to jazzs3quence:

I plan on working on a minor update to this tomorrow, so can you clarify what untrusted data needs to be escaped in 1.1.1?

Sure. All settings values need to be escaped on output. Everything the user can alter.

See ​the Codex for reference.
For the difference between validation and sanitization see ​this post from WordPress VIP.

Konstantin

[jazzs3quence]

Perfect. Thanks, Konstantin. That helps.