Let’s be more specific in our reviews

Hi, all. I’ve been away for a couple of weeks because of sickness and some personal life stuff. I wanted to catch up with things, so I started looking through our review queues.

One of the troubling things I noticed is that we’re not specific enough in our advice. This doesn’t go for all reviewers. Some of you are doing a great job, but it never hurts to look at your reviews to make sure you’re helping theme authors the best you can. What I see happening in a few reviews is copying/pasting the guidelines. That’s an awesome thing, but if you don’t put it into context for the theme author, they might not know where to look to fix the issue.

Here’s an example quote I pulled from a couple of reviews:

Validate and sanitize untrusted data before entering into the database. All untrusted data should be escaped before output.

Yes, the theme author needs to follow that guideline, so it’s good to let them know about it. However, it doesn’t point out the actual issue with their code. We need to add something more helpful. For example:

On line 333 of /inc/theme-options.php, the $setting['front_posts_number'] option isn’t sanitized before it’s saved to the database. absint() would be a good fit.

Notice how one is specific and gives actionable advice while the other doesn’t? Our reviews should lean toward the specific as much as possible.

Sometimes, there may be a number of issues that are the same, so being too specific would take too much time. Using the above example, let’s assume the theme author has multiple sanitizing issues to correct. Here’s how I’d write it:

In the /inc/theme-options.php file, you have multiple options that need to be sanitized before saving to the database. If you need more specific help with this, don’t hesitate to ask me.