The Sandbox is dead; long live the Sandbox.

January 22, 2010 – 1:20 pm

After receiving a number of emails, I’d like to answer a question. Yes, the Sandbox is no longer being developed. And that’s just fine. Let me explain.

The three functions that were the heart and soul of the Sandbox are now in the WordPress core. These functions, sandbox_body_class(), sandbox_post_class(), and sandbox_comment_class(), can now be convinently found in your recent WordPress download, artfully renamed as body_class(), post_class(), and comment_class(), respectively. Mission accomplished.

Now you might believe that this does not render the Sandbox useless as there are no equal starting point themes for users and developers. You still need a blank slate. Fair enough. But the Sandbox does live on in ‘frameworks’ inspired by and based on the Sandbox, such as Thematic and Carrington (to name a couple).

I would also suggest that the prospect of a new default theme for WordPress in 2010 further diminishes the usefulness of yet another ’standard’ starting point theme. Instead, the new theoretical default theme should satisfy the need for a clean, accessible, and well organized ‘base’ theme for aspiring designers and seasoned developers.

Like it or not, Kubric was this base theme for years and years. Users didn’t know where else to turn for starting point in creating their own theme, and since Kubric just came with the software, that’s what it was. And after said years, the need for an updated theme that could be the default ‘blank slate’ theme grew. The Sandbox was successful simply because it filled that need. It would not have been as popular as it was if the default WordPress theme hadn’t been old.

Because the core functions once exclusive to the Sandbox can be found in the WordPress core and further enhanced in theme frameworks (see above), there is no need to update the Sandbox. Considering the possible new default theme, there may still be a need for a new blank slate theme, but it won’t be the Sandbox. Just as the Sandbox was a new answer to an old question, simply repackaging the Sandbox is just an old answer to an old question.

Everything in the Sandbox is GNU GPL. It’s there for you to use. If you want to create a new theme with it, there’s no need to ask. Go for it. Your project will not be the ‘new’ Sandbox, but it will be yours and (hopefully) it will be new. Innovate.

And so you are left with an old Sandbox theme that did what it did very well: clean files that easily resembled a recognizable XHTML structure, semantic markup enriched with Microformats standards, a lot of knowledgeable users within the community to share experiences, and its major organs transplanted to WordPress. The Sandbox is dead; long live the Sandbox.

By Scott | Posted in News | Tagged , , , , , , | Comments (6)

WordCamp NYC 2009

November 3, 2009 – 8:00 pm

After some deliberation, I thought, might as well show up. I’m getting more interested in Web education, so I’m all about the academic track.

WordCampNYC – Nov 14-15

By Scott | Posted in News | Tagged , | Comments (0)

Vulnerability in Sandbox fixed

June 19, 2009 – 9:27 pm

Thanks to WordPress user anoncobard, a cross-site scripting vulnerability in prior Sandbox versions has been fixed. I ask all Sandbox users to download Sandbox 1.6.1 and upgrade.

In the Sandbox functions.php, the pagination variable in the sandbox_body_class() passed an unsanitized variable that could be exploited using XSS.

See line 128 in the file:

if ( ( ( $page = $wp_query->get('paged') ) || ( $page = $wp_query->get('page') ) ) && $page > 1 ) {

The variable $page is never validated before it is passed to the function and then to the page. By simply adding $page = intval($page); (thanks to Andy), we make sure what is passed is only a number (see the diff of the changes).

This has also been fixed for the Sandbox theme for WordPress.com accounts. Please note that there have been no reports the Sandbox theme being exploited, so we are glad that we were able to correct this weakness before it was announced.

Now get back to playing in your Sandbox.

By Scott | Posted in Development | Tagged , , , , , | Comments (8)

An ideal WordPress user

April 29, 2008 – 10:47 pm

What I really engaged me when I first started using WordPress was the sense of community. Relatively large, but close knit. Most people know who the big players are, who the new comers are, etc. Who’s making the hot themes and who made the themes that are starting to get a bit tired.

Enter Kirk. Kirk is exactly the person who I want downloading my themes. After downloading and playing with one of my themes (blog.txt to be specific), Kirk e-mails me requesting some support for some specific but discreet task. I help. I’m happy to.

Kirk files tickets on my theme project pages for things that are broken or could be enhanced. Some I accept, some I don’t. He takes both well. I hear from him now and again. A happy user.

Here’s what separates Kirk from most users. Kirk e-mails me wanting to know how to disable the generator link. For security, he says. Regardless of whether or not I think this improves the security of his blog, I help. I describe the problem and set him off in the right direction.

For this, I make him a simple plugin he can upload based directly on what Peter Westwood documented on his blog. Easy as pie. Took me ten minutes. I slap it into a PHP file and send it along to Kirk knowing he’ll take it from there.

But what Kirk does is, instead of being satisfied after his problem was solved, he shares his experience and provides the solution for others.

Community. Here, here.

By Scott | Posted in News | Tagged , , , | Comments (9)

Post-release theme fixes

April 2, 2008 – 12:09 pm

Once again, this is just another post letting everyone know that my themes, including Sandbox, have been updated. I hadn’t properly tested the new gallery short code in WordPress 2.5 and therefore my themes didn’t work too well with it, since the default gallery short code inserts a style element (as compared to attributes) within the body. Not good. The gallery short code is now handled properly by each theme.

There was another significant change. For single posts that are actually attachments, WordPress looks for a template file in the theme directory that makes the abbreviated mime-type. For JPEG image (image/jpeg), WordPress will look for a template file named image.php in the current theme directory.

If that file isn’t present, it then looks for attachment.php and then falls back on single.php. So each theme includes a new file, image.php. The general attachment file remains and was modified accordingly.

For Sandboxers, the relevant changesets from version 1.5 to the just-released version 1.5.2 are 247, 248, 249, 250, 251, 252, and 253. So now go on and enjoy new themes.

By Scott | Posted in Development | Tagged , , , , | Comments (5)