Update on doing_it_wrong theme

Hi! You may recall some time ago there was a post that mentioned a thing called the doing_it_wrong theme. Yeah. That small tool to help in looking for things when conducting a review. Or perhaps when you are trying to teach a group of people about theme reviews. Yes, that. If you haven’t already, check out the github repo: https://github.com/WPTRT/doingitwrong

I’ll wait a second so you can check it out.

grabs water and takes a sip

Okay, now that you’ve looked over the theme a little let’s talk about what it all entails. A lot of the readme’s documentation was posted some time ago. Earlier today a small commit was made that added a few more things to the theme. Added were:

  • JS error
  • missing validation/sanitation of customizerCustomizer Tool built into WordPress core that hooks into most modern themes. You can use it to preview and modify many of your site’s appearance settings. setting
  • updated readme documentation
  • bypassing theme-check
  • custom comment listing

The bigger hurdle here is education of customizer validation and sanitation. For some examples and ideas you can check out the sample library on githubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/:
https://github.com/WPTRT/code-examples/blob/master/customizer/sanitization-callbacks.php

For even more reading when it comes to creating safe themes read the guide Frank so awesomely wrote out:

  1. Introduction
  2. Validation
  3. Sanitation
  4. Securing Post meta