Theme Review Team

Welcome to the Theme Review team.

We are a group of volunteers who review and approve themes submitted to be included in the official WordPress Theme directory.

The Theme Review team maintains the official Theme Review Requirements, the Theme Unit Test Data, and the Theme Check Plugin.

We also engage and educate the WordPress Theme community regarding best practices for themes.

Interested in joining the Theme Reviewers team?

Great! The team is open to anyone who wants to help out, and the process is simple. To find out more just visit the Join The Team page.

Want to know more? There is a more information in the Theme Review Team’s Handbook and the Review itself.

Once you get a theme to review, you will also get a mentor to help you on the road to becoming a theme reviewer.

Weekly meetings

We use Slack for real-time communication. As contributors live all over the world, there are discussions happening at all hours of the day.

We have a project meeting every Tuesday at 18:00 UTC in the #themereview channel on Slack. The next one will be at Tuesday at 18:00 UTC.

Recent Updates Toggle Comment Threads | Keyboard Shortcuts

  • Ulrich 3:27 pm on October 26, 2016 Permalink |  

    Automation Meeting October 27 

    In the last meeting on October 14 not everyone was able to attend who are contributing. Here are the belated meeting notes from the last meeting.

    • There was an issue in WPCS that was causing the travis tests to fail when we used PHPCS master branch, This has been fixed and we have merged the latest into the TRT/WPCS develop branch. All travis tests should be passing again.
    • I have made progress with the pull request to modularise the restricted functions upstream in WPCS. Hopefully it will get merged till the next meeting in two weeks.
    • I have started rebasing Kevin’s pull requests and making updates to the inline docs and making changes from the code reviews.
    • We had a few questions but no major discussions.

    Channel: #themereview | Time: Thursday at 14:00 UTC 14:00 UTC

    The goal of the bi-weekly meeting is keep other informed on the progress of the project and discuss any issues.

    The agenda for the 27th October will be

    • Short update from the contributors what they have worked on.
    • Define goals for the next meeting.
    • Discuss any open issues and/or pull requests that need attention.

    Pinging @poena, @frankklein, @pross, @jrf, @shinichin, @miyauchi

    If I have missed any usernames, it’s not on purpose and do consider yourself invited to the meeting.

    The next meeting is on Thursday, November 10.

  • Jon (Kenshino) 1:54 pm on October 18, 2016 Permalink |

    Agenda for Theme Developer Handbook Meeting 20 October 

    Hello Theme Reviewers,

    Since we have switched from ‘coaching’ theme makers via reviews, I thought we could make sure to document good theme development practices and so on in the Theme Developer Handbook.

    We would love to have the expertise of great theme reviewers.

    Time/date: Thursday, October 20, 2016, 03:00 UTC in #docs

    1. Attendance
    2. Introduction
    3. Project Status
    4. To-do list
    5. Open Floor

    See more details at the doc post -> Theme Developer Handbook, please read this post and join us for the meeting.

    Any questions before that can be made in the comments!

  • Ulrich 12:47 am on October 12, 2016 Permalink |  

    Automation Meeting October 14 

    This will be our second automation meeting. The meeting notes from the last meeting.

    So to be able to discuss the open issues and pull requests we will start with bi-weekly meeting on Thursday.

    Channel: #themereview | Time: Thursday at 14:00 UTC 14:00 UTC

    The agenda for the 13th October will be

    • Short update from the contributors what they have worked on.
    • Define goals for the next meeting.

    Pinging @kevinhaig, @poena, @frankklein, @pross, @jrf, @shinichin, @miyauchi

    If I have missed any usernames, it’s not on purpose and do consider yourself invited to the meeting

  • Jose Castaneda 7:44 pm on October 11, 2016 Permalink |  

    Meeting Summary: October 11, 2016 

    Slack Link

    Items Discussed

  • Justin Tadlock 7:58 pm on October 4, 2016 Permalink |  

    October 4th Team Meeting Notes 

    We had a pretty solid meeting and covered a good bit of ground. Thanks to everyone who participated!

    Prefixing third-party scripts

    The team discussed and voted on “officially” recommending dropping the prefix on script/style handles when it is a third-party script. Note that this is a recommendation, not a requirement at this point. There were 8 votes in favor of this recommendation and 0 against.

    jquery-fitvids, for example, is preferable to themeslug-jquery-fitvids.

    However, any custom scripts/styles that are specific to the theme, should still be prefixed.

    Whitelisting framework textdomains

    If your theme framework handles its own textdomain, you need to add it to the list of exceptions. Otherwise, the newer theme check will block any theme that has more than one textdomain.

    Escaping sniffs

    There were two points discussed on escaping. This deals directly with a proposed sniff for the new theme check.

    1) The escaping sniff requires that all theme translations be escaped before being echoed. There were 0 votes in favor of this and 11 votes against.

    2) The escaping sniff requires that all variables be escaped on output. However, this creates many false positives. The way around this is to add an inline comment of // xss ok. There were 0 votes in favor of this and 9 votes against.

    Based on the discussion and tallied votes, it seems the team prefers that the tools work for theme authors rather than having theme authors changing their code to “work around” or follow some rules to accommodate automation. Our tools should not be dictating how people code. If the sniffs aren’t up to the task, they need more time to be developed into better sniffs.

    • Ulrich 12:13 am on October 5, 2016 Permalink | Log in to Reply

    • Frank Klein 2:28 pm on October 6, 2016 Permalink | Log in to Reply

      Concerning the decision not to escape translations, one should clarify this quote:

      Translations are inherently trusted. The __() family of functions are used thousands of times and they don’t escape output. If we’re not trusting translations then we have a big problem.

      This quote refers only to the translations used by WordPress Core. There is a software (GlotPress) and a process (translation validators), which are designed to avoid security risks. So unless theme authors use the same process, and review and approve every single translation, then this quote does not apply.

      Concerning this snippet:

      $url = esc_url( $something );
      printf( '', $url );

      You should always escape as late as possible, so:

      printf( '', esc_url( $url ) );

      The should be a best practice to follow with or without a sniffing tool.

      The problem I have with voting against using the pre-existing sniff is that it’s a no against a working solution, without proposing a different one.

      I do think we still need to watch out for unescaped variables, so if escaping every occurrence is not the way to go, what is?

      • Justin Tadlock 4:13 pm on October 6, 2016 Permalink | Log in to Reply

        It’s not a “no” against a working solution. It’s a “no” against making an untested solution on .ORG required until testing shows that the sniff is good enough to be set to required.

        We’re not dropping the sniff altogether. We’re going to use it but not block submission based on it just yet. Big difference.

      • Ulrich 1:32 am on October 9, 2016 Permalink | Log in to Reply

        I just realized something from the conversation. So if translations can be trusted because they go through validation process they are secure but that we would mean we cannot allow themes to include their own translations as they have not gone through the same process.

        This would have a negative effect of frameworks that include their own translations.

compose new post
next post/next comment
previous post/previous comment
show/hide comments
go to top
go to login
show/hide help
shift + esc
Skip to toolbar