4th time getting Code needs improvement Rejection

Hello guys,
Can you please help me , i really need your help
for the 4th time getting rejection code needs improvement and this is the reasons

  1. Remove all commented code from ALL files. https://snipboard.io/hwzBcW.jpg

  2. Don’t load assets via CDN, bundle with project. https://snipboard.io/BJ87yd.jpg https://snipboard.io/rSm9F8.jpg

  3. No inline CSS. All CSS must be separated in an external stylesheet. https://snipboard.io/qpLz5Z.jpg

  4. Data Validation issues have been found. Do a global search for “echo $”.

All dynamic data must be correctly escaped for the context where it is rendered.

  1. All JavaScript must be separated in an external file. No tags. https://snipboard.io/1hLjns.jpg

  2. All JavaScript should be written with “use strict” mode on; For example, you can do this with jQuery:
    (function($){
    “use strict”;
    //Code here
    })(jQuery);

  3. Use on(); rather than .click(), .bind(), .hover(), .submit(), etc.

All the above issues has been resolved carefully and after submission it got rejected for the same reason again and this is the following error outlined

  1. You’re still not addressing all issues. For example, and there’s more.

Unsafe data: https://envato.d.pr/WolKLE https://envato.d.pr/hsgaPn

Pointless code: https://envato.d.pr/q8hItE

Old libraries: https://envato.d.pr/1JwnBn

Use .on() rather than .click(), .bind(), .hover(), .submit() etc… https://envato.d.pr/ZqnlhB

I have took a whole lot of time to address all the following issues and code quality but I am surprised the code got rejected again and now I am given a last chance to re-upload again.

With the following message

Sorry, but we cannot continue here.

There are STILL issues outstanding from previous reviews.

I’ll give you one last chance.

I don’t know where the error is left but I am rest assured I have address all the issues. Please I need help

For $_POST variables (I’m not sure from where they come in your code, most probably from a text field?) I think you should use something like this:

if (isset($_POST['wallet'])) {
    // Sanitize it
    $wallet = sanitize_text_field($_POST['wallet']);
}

You can find many issues in a PHP code if you use an automatic tool like PHP CodeSniffer: https://github.com/squizlabs/PHP_CodeSniffer maybe this can help you…

For post variables and echo i have create a function to sanitize the value before it was rendered _POST https://prnt.sc/rledfj anf for the echo https://prnt.sc/rlee5g

The $_POST is a value sent from database by AJAX not a user input https://prnt.sc/rleh6r

function fomat_output($value, int $strip = 0)
{

$value = trim($value);
$value = cleanString($value);
$value = htmlspecialchars($value, ENT_QUOTES);

if ($strip == 1) {
    $string = stripslashes($value);
}
$value = str_replace('&#', '&#', $value);
return $value;

}

you have to properly sanitize your input (POST variable data)

esc_html( sanitize_text_field( $_POST["subject"] ) ) 

for more information you can search google about how to sanitize data.

Thanks

Ok i will check a better way to sanitize user input rather than the previous code used but my application doesn’t accept user input in anyway only have two AJAX POST data on the entire application.

What did you have to say about the JavaScript ? i have follow all their guideline to improve the code quality.

And the second Javascript file

jQuery(document).ready(function($) {
‘use strict’;

$('#staticTime').hide();
$('#timer').startTimer();

});

js code seems to me fine. If reviewer get any issues in js then they must focused.

Ok. thanks for your time and effort

According to the reviewer. this is what he outline about echo on the script.

Data Validation issues have been found. Do a global search for “echo $”.
All dynamic data must be correctly escaped for the context where it is rendered

Whats the best way to sanitize echo data before it was rendered because i have seen many code on codecanyon without sanitizing the echo output.

Just bit surprise

it is about php. search in google you will get much help there.

I checked and i have make use of all the solution found but still getting rejected here is the demo of the script kindly check maybe you can make some suggestion . https://maylancer.xyz/multi-coin-gateway/

esc_html() only work with WordPress

oh! yes. I didn’t follow it is about core php.
you can use this for string:
filter_var($_POST[‘subject’], FILTER_SANITIZE_STRING)

you can search in google about php data sanitization.

Ok i already using sanitize_text_field() https://prnt.sc/rllsew what about that ?

personally for core php I use: FILTER_SANITIZE_STRING

More help here:
https://www.php.net/manual/en/filter.filters.sanitize.php

sanitize_text_field used in wordpress to Sanitizes a string from user input or from the database.

Ok gotcha https://prnt.sc/rllvjl

I still havent got any useful information about this on google since the rejection of my own escaping function.

  1. Data Validation issues have been found. Do a global search for “echo $”.

All dynamic data must be correctly escaped for the context where it is rendered

Any idea from you is welcome here is my previous code.


Also have this for escaping https://prnt.sc/rllwq2

And here is what i conclude on using https://prnt.sc/rllxgf

function escape($value)
{
return trim(htmlentities($value, ENT_QUOTES, ‘UTF-8’));
}

you are going to the right track. just check the php menaul I have given url and add data sanitization.

I submitted again and i got a soft rejection with the following issues outline.

Can you please check the screenshot and the no2 option

  1. STILL. Outdated libraries: https://envato.d.pr/8iYwze

  2. Your escape() function isn’t very good for escaping data. PHP has better ways of making data safe.

My escapge function is.

function escape($value)
{
return trim(htmlentities($value, ENT_QUOTES, ‘UTF-8’));
}

  1. jQuery latest version 3.4.1, you have to use that
  2. you can use:
return trim(htmlspecialchars($value, ENT_QUOTES));

you can omit encoding and it will be by default depending on the PHP version in use.

1 Like