WordPress.org

Make WordPress Themes

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#7852 closed theme (live)

THEME: Museum Core - 1.1.1

Reported by: jazzs3quence Owned by: kobenland
Priority: Keywords: theme-museum-core
Cc: chris@…

Change History (5)

comment:1 kobenland2 years ago

  • Owner set to kobenland
  • Status changed from new to accepted

comment:2 follow-up: kobenland2 years ago

  • Resolution set to approved
  • Status changed from accepted to closed

Please address in next submisison

  • Themes are required to escape all untrusted data before being output in the Settings form fields


Review Summary

  • Previous version of Theme APPROVED
  • No previous-ticket required issues
  • Diff-review only
  • No apparent issues
  • Ticket being resolved as APPROVED

comment:3 in reply to: ↑ 2 ; follow-up: jazzs3quence2 years ago

Replying to kobenland:

Please address in next submisison

  • Themes are required to escape all untrusted data before being output in the Settings form fields

I plan on working on a minor update to this tomorrow, so can you clarify what untrusted data needs to be escaped in 1.1.1? I thought I had covered all the bases with the validation function in /inc/theme-options.php.

comment:4 in reply to: ↑ 3 kobenland2 years ago

Replying to jazzs3quence:

I plan on working on a minor update to this tomorrow, so can you clarify what untrusted data needs to be escaped in 1.1.1?

Sure. All settings values need to be escaped on output. Everything the user can alter.

See the Codex for reference.
For the difference between validation and sanitization see this post from WordPress VIP.

Konstantin

comment:5 jazzs3quence2 years ago

Perfect. Thanks, Konstantin. That helps.

Note: See TracTickets for help on using tickets.