Forum Replies Created
The code to enqueue the stylesheets look perfectly correct. If you look at the error message, it says that it was
wp_register_scriptthat was called incorrectly. Not
I don’t really see a need for a separate action hook when the filter in place works fine. Can you tell me the reason why you don’t want to use the ‘thematic_postheader’ filter?
Thanks for bringing this to my attention.
Could you add this as an issue in the github issue tracker?
I answered your other thread first, but yeah we can’t upload the theme to the directory. It’s really not Ian’s fault, if one could call it that. It’s just the way the theme directory works.
The upload ability is tied to a specific wordpress.org account, the account of the theme author. While I believe it is possible to transfer ownership of a theme to a different account, it is not something Ian have the ability to do – even if he would be willing to. This ability is reserved for the Theme Review Team admins, so it involves a level higher up and a further discussion with everyone involved.
Note that this would mean that he no longer would be listed as the author of the theme in the directory.
Uploading under a different name means forking, which means we need to rename the theme and no automatic updates would work between the new and old version. This might or might not be desirable.
Thanks for your supportive words.
Unfortunately, the update process in the official themes directory is out of our hands.
We do not have upload access to the directory, only the original theme author has that. We have sent the zip file to him, but he has not uploaded it to the repository yet.
There has been a discussion about whether or not the version 2 of the theme should be considered a fork. That question has not been resolved, and that is where things have come to a standstill.
Unfortunately, that means that the theme has grown ‘stale’ at the official repository and now gives the outdated warning.
Sorry for a late reply, but no there have been no reports of Thematic specifically being compromised. Which version of Thematic were you running?
A common scenario if a site is compromised is to use the file editor in the WordPress dashboard and inject code in a file the active theme or an active plugin. My suspicion is that this is what has happened to you. If they insert a payload in one of the theme files, then that is why that theme file would appear in your logs.
It doesn’t even have to be an active plugin. I have seen the hello dolly plugin used in this way.
1) I don’t know when 2.0 will be available from the official repo. As Scott said, we the current developers do not have access to upload new versions ourselves. We have talked with the original developer and sent him the files, but it has now been almost a year since 2.0 was finished and not much has happened on that front.
2) At the moment no, there is no update notification setup.
You just made me think about the possibility to use a github notification library, so new updates can be automatically downloaded from github instead of wordpress.org. That could be a solution if there is a demand for it.
3) Scott already answered that. Yes, if you want to do all styling yourself, go ahead and remove that.April 22, 2015 at 4:40 pm in reply to: Including stylesheets: difference between 2.0 and previous #4406
If I would separate the sections into different files, I would do it while converting them to sass partials. Then you could use a sass build tool to build your css and only include the parts you need.
I disagree with you on development overhead trumping server overhead. Development happens before launch but the poor performance sticks with the site on each and every page load.
Slow page load is taken in account by search engines which impacts search rankings and thereby traffic and potentially revenue. Slow sites also have a negative effect on user experience and visitor retention which also have a potential revenue impact.
A future goal is to minify the stylesheet that gets enqueued and only bundle the full stylesheet for reference and development purposes.
The legacy folder will still be there for backwards compatibility. Otherwise, all old sites that reference those stylesheets would break. The only thing is that the responsive styles are only in the new stylesheet.
Regarding the WP theme repository, yes that is a possibility. I think that is what the original developer would like. Technically it would be a fork.
I dislike it because it would break the update possibility of all existing installations. Everyone would have to edit their child theme to change to a new parent. And there is no way to notify the existing installs that there is an updated theme under a different name.
To some degree people will have to touch their themes anyway. But I worked hard to create seamless upgrades with backwards compatibility. Forking means some of that work goes to waste.
divwith id of
accessalready spans the full width of the browser.
You can give
#accessa background color, and for the color to show through, set the
.sf-menu liitems to be transparent.April 22, 2015 at 11:32 am in reply to: Including stylesheets: difference between 2.0 and previous #4403
You are correct, all stylesheets have been consolidated into one. That is, all the reset, images, typography etc styles that were previously in separate files are now sections in one big file. They have simply been moved together.
This is for performance reasons. Several files means several HTTP requests from the browser and that slows your site down.
This is the table of contents of the new file:
/** * Table of Contents: * * 1.0 - Reset * 2.0 - Repeatable Patterns * 3.0 - Basic Structure * 4.0 - Header * 4.1 - Site Header * 4.2 - Navigation * 5.0 - Content * 5.1 - Entry Header * 5.2 - Entry Meta * 5.3 - Entry Content * 5.4 - Entry Utility * 5.5 - Galleries * 5.6 - Attachments * 5.7 - Post/Paging Navigation * 5.8 - Author Bio * 5.9 - Comments * 6.0 - Sidebar * 6.1 - Widgets * 7.0 - Footer * 8.0 - Media Queries * 9.0 - Print * 10.0 - Legacy compatibility styles * ---------------------------------------------------------------------------- */
While I realize that the sections doesn’t match the previous file structure, hopefully the new structure makes it easier to follow and find what you need. It was mainly adapted from the twentythirteen theme, but using Thematic styles.
The reset at the top is a version of normalize.css and due to it’s nature includes a bit of typographical structure.
You don’t need to add a reset if you use Thematic’s stylesheet. But unfortunately having the styles in one file means you need to copy-paste any sections you want to use into your own stylesheet if you only want some of the styles.
Regarding the release of 2.0, as far as I’m concerned it was finished in September 2014. Unfortunately due to things beyond my control, it has not been uploaded to WordPress.org for theme review and subsequent distribution. And I have no timeline of when that will happen either. That is up to Thematic’s original developer.
I will keep it updated on github since that is where I have access. There is not much more I can do.
The short answer: No, Thematic is not subject to this vulnerability.
The long answer:
The XSS vulnerability comes from when the
add_query_arg()function is called without the optional third parameter. The function then defaults to use
$_SERVER['REQUEST_URI']which is something that needs to be escaped before output.
Since we are sending a known safe URL to the function, we are not technically required to escape the output.
That said, I will probably add url escaping anyway. Just because it’s a good thing to do.
Thank you for bringing the issue up for everyone’s attention. It’s great that you are paying attention to security matters.April 10, 2015 at 3:56 am in reply to: Amazon referral widget no longer shows after re-adding bottom navigation #4397
You can post your home.php in pastebin or similiar service and link it here. But the best thing is to include a link to a site where I can see the problem in action.
You can have a look at http://thematicdev.invistruct.com/ where the latest development version is running.
Yes, the stylesheet in 2.0 is responsive, including a basic menu for mobile screens. You will need to include the stylesheet manually after upgrading, you can copy the code from the included sample child theme to do that.
I would strongly recommend you to use a child theme.
There is already a sample child theme included in Thematic. You can just copy or move the folder “thematicsamplechildtheme” to the wp-content/themes directory. Change the name and info in style.css to what you want and then add the theme support call into functions.php.
Tecnichally, there is a theme option for html5 but the UI is hidden. If you know how to access the database, like with phpMyadmin, you could set it manually. But I really think a child theme is the best way to go.March 8, 2015 at 4:45 pm in reply to: How to move the #access nav above #branding and make it fixed? #4387
I am glad you got it working. As you can see, that code is doing the same thing as what I wrote: removing the access action and adding it somewhere else.
I looks like the formatting of my code got mangled by the forum and that is why you couldn’t copy-paste it. It should be straight single quotes around all the strings.
The function you posted above has nothing to do with the #access div, it’s only css styling for the custom header.
Again, I’m glad you found your solution.