Victorian Xmas

A graphical, widget-ready, WordPress theme with a Victorian Christmas feel.

Supports threaded comments using a customised accessible threaded comments template. Post thumbnails supported. Collapsing sidebar sub-menus.

Theme features also include:

Auto-generated meta-keywords & meta-descriptions
User-defined meta-keywords & meta-descriptions via custom fields
Toggle collapsible sub-menus on/off
Define post thumbnail size
Customise the post excerpt length
Custom header

Openwork Crochet Scarf

I had a single skein of Wild Fire Fibres Bambino (Purple Lotus) and was looking for something fairly simple that would show this lovely, drapey, yarn off.

After some false starts, I settled on an openwork scarf with borders at each end based on Doris Chan’s All Shawl Strawberry Lace.

Materials
400 yards soft 4ply yarn
5mm crochet hook

Scarf Body
Foundation: Ch 54st.

Row 1: Skip next 8st, sc, * ch5, skip next 4st, sc **; repeat from * to **, turn (9 loops + 1 half loop)

Row 2: Ch5, skip next 2 chains in the loop, sc in the 3rd chain of the loop, *ch5, sc in the 3rd chain of the next loop; repeat from * to last loop, ch5, sc in the 3rd chain of the last loop, turn (58st: 9 loops + 1 half loop).

Repeat row 2 until scarf is the required length. Remember that the lace borders will each add about 3.25 inches to the scarf’s final length.

Next row: Ch 1, sk 1, sc in every st until last loop, sc in sc, sc in next 2 st (56st).

Strawberry Lace Border
Border Detail

Stitches
SH (shell): 2 dc, ch 2, 2 dc all in same space
SH in SH: make shell in ch-2 space of previous shell
Picot: After completing a dc, ch 3, reach back and insert hook from top to bottom into front two strands of dc just made, like going back through the path of the last step of the dc, sl st to close picot.
PF (Picot Fan): (dc, ch 1) 2 times, dc, Picot, (ch 1, dc) 2 times all in same ch-sp

Strawberry Lace
Worked on a multiple of 8sts.

Row 1: Ch 3, (dc, ch 2, 2 dc) in first sc, * ch 3, skip next 2 sc, sc in next sc, ch 3, skip next sc, sc in next sc, ch 3, skip next 2 sc, SH in next sc;** repeat from * to **, turn

Row 2: Ch 2, * SH in SH, ch 1, skip next ch-3 sp, tr, ch 1 5 times in next ch-3 sp, skip next ch-3 sp;** repeat from * to **, SH in last SH, turn

Row 3: Ch 2, * SH in SH, ch 1, skip next ch-1 sp, sc in next ch-1 sp, ch 3, sc in next ch-1 sp 3 times, ch 1, skip next ch-1 sp** repeat from * to **, SH in last SH, turn

Row 4: Ch 2, * SH in SH, ch 2, skip next ch-1 sp, sc in next ch-3 sp, ch 3, sc in next ch-3 sp 2 times, ch 2, skip next ch-1 sp;** repeat from * to **, SH in last SH, turn

Row 5: Ch 2, * SH in SH, ch 3, skip next ch-2 sp, sc in next ch-3 sp, ch 3 2 times, skip next ch-2 sp;** repeat from * to **, SH in last SH, turn

Row 6: Ch 2, * PF in ch-2 sp of next shell, ch 1, sc in next ch-3 sp, ch 1, PF in next ch-3 sp, ch 1, sc in next ch-3 sp, ch 1;** repeat from * to **, PF in ch-2 sp of last shell, fasten off.

Rejoin yarn to the other end of scarf. Working into the backs of the stitches, ch5, skip next 2st, sc, * ch5, skip next 5st, sc; repeat from to , turn (58st)

Next row: Ch 1, sk 1, sc in every st until last loop, sc in sc, sc in next 2 st (56st).

Repeat Rows 1 – 6 of Strawberry Lace.

Using S with Double Quotes in WordPress

I came across a really worrying issue recently when a site running one of my own themes failed a PCI compliance test. The template file concerned was search.php and the offending code was

‘, $my_searchterm, ”);?>
From the test results, it seemed that $my_searchterm was not being escaped and that this was opening up an XSS-scripting hole. Yet $my_searchterm was escaped!

$my_searchterm = trim(get_search_query());

After much head scratching — including some in-depth research into using printf with HTML tags — I’d pretty much given up on finding the root cause and was about to remove the entire line when Otto came to the rescue.

I’d been looking in the wrong place. The isse wasn’t with $my_searchterm — it was with:

“Sorry – I couldn’t find anything on ‘%1$s%2$s%3$s”
The standard type specifier for a string substitution when using printf or sprintf is $s (PHP documentation link).

However, in WordPress, $s has a special meaning — it’s the unescaped search query. By using double quotes in the printf, I had stopped $s from being used as a string substitution and, instead, it was being parsed by WordPress.

The solution? Switch to using single quotes.

‘, $my_searchterm, ”);?>
Now $s isn’t parsed — it’s substituted.

All in all, I was pretty appalled at how easily I had opened up this particular security hole — despite being paranoid about sanitising generated output. I also can’t help thinking that the WP core devs weren’t having a good day when they decided to use $s for the search query — especially since printf and sprintf string substitutions are commonplace if you are trying to make a theme translation-ready. Something like $wp_s might have been far safer.

In the meantime, check your scripts for double-quote enclosed string substitutions or you might end up making the same mistake I did.

Purple Pastels

Purple Pastels
A flexible WordPress theme with subtle sticky post icon-highlighting and featured image support

Purple Pastels incorporates a dropdow horizontal menu; a vertical sidebar with collapsible sub-menus; 8 widget-ready areas and a login form widget.

Custom templates include image & attachments, page without comments, single column page template and widget-capable page. Image attachment pages are thickbox enabled. and the theme is translation-ready.

Multiple theme customisation options including:

Custom header
Custom menus
Custom background
Toggle collapsible sub-menus on/off
Define post thumbnail size
Customise the post excerpt length
Toggle sub-page listing on Pages on/off
Toggle the display of allowed comment markup on/off
Display/hide “x – y of n entries” on home or main posts page

Zenlite

A minimalistic, single column, WordPress theme with a widget-ready horizontal navigation menu for listing Pages, Categories or a custom menu. Includes additional templates for archives, categories, author lists, pages without comments, images and search results. Translation ready.

Additional features include:

Custom “Page without comments” template.
Thickbox enabled image template.
Customisable header & background images.
Toggle the default menu to display Pages or Categories
Custom menu support
Toggle post author display
Full post format support